Hi,
I'm using a similar configuration to establish an IPSec-Tunnel between two sites, both with dynamic IP's. These IP's are changing every day. I have not observed any problems, after changing the configuration as follows:
I have tried pfsense as well, but this requires at minimum one static IP per tunnel.
This is my configuration: <tunnel> <dpddelay>60</dpddelay> <interface>wan</interface> <local-subnet> <address>10.0.0.0/28</address> </local-subnet> <remote-subnet>10.0.1.0/24</remote-subnet> <remote-gateway>xxxx.dyndns.org</remote-gateway> <p1> <mode>aggressive</mode> <myident> <fqdn>m0n0wall.xxxxxxxx</fqdn> </myident> <encryption-algorithm>blowfish</encryption-algorithm> <hash-algorithm>md5</hash-algorithm> <dhgroup>2</dhgroup> <lifetime>28800</lifetime> <pre-shared-key>xxxxx</pre-shared-key> <private-key/> <cert/> <peercert/> <authentication_method>pre_shared_key</authentication_method> </p1> <p2> <protocol>esp</protocol> <encryption-algorithm-option>blowfish</encryption-algorithm-option> <hash-algorithm-option>hmac_md5</hash-algorithm-option> <pfsgroup>0</pfsgroup> <lifetime>86400</lifetime> </p2> <descr>xxx</descr> </tunnel>
|