Shorewall users - Aug 2004 - Site-to-site VPN with dynamic IPs

Hi All,

Is it possible to establish site-to-site VPN using dynamic IP addresss 
assigned by ISP ?
If yes, I would like to request a sample ipsec.conf   for such scenario...

Thanks and warmest regards
aslay




###################################################
# This message has been scanned for viruses and   #
# dangerous content by Pensteel Digital Solutions #
# Open Source Security Server, and is             #
# believed to be clean.                           #
# Pls download www.pds-malaysia.com/doc/Linux.zip #
# for Linux Open Source Solutions                 # 
###################################################

Hello, i have a site to site vpn set up using two linux servers running 
shorewall.  And for the vpn sollution i am running openvpn.  It does not 
use ipsec, but rather PPTP.  Both sides of my vpn use dynamic IPS and 
openvpn can use dns names to keep track of them just fine.  Check it out 
at http://openvpn.sourceforge.net

layahsee wrote:
> Hi All,
>
> Is it possible to establish site-to-site VPN using dynamic IP addresss 
> assigned by ISP ?
> If yes, I would like to request a sample ipsec.conf   for such 
> scenario...
>
> Thanks and warmest regards
> aslay
>
>
>
>
> ###################################################
> # This message has been scanned for viruses and   #
> # dangerous content by Pensteel Digital Solutions #
> # Open Source Security Server, and is             #
> # believed to be clean.                           #
> # Pls download www.pds-malaysia.com/doc/Linux.zip #
> # for Linux Open Source Solutions                 # 
> ###################################################
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe: 
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>

Hi,

How should I configure my shorewall in order to have site-to-site VPN 
 tunnel.
Both sites using dynamic IPs assigned by ISP, that means both sites
have ppp0 interface with dynamic IPs and  gateways.

Thanks whoever can help

regards
Aslay



###################################################
# This message has been scanned for viruses and   #
# dangerous content by Pensteel Digital Solutions #
# Open Source Security Server, and is             #
# believed to be clean.                           #
# Pls download www.pds-malaysia.com/doc/Linux.zip #
# for Linux Open Source Solutions                 # 
###################################################

On 8/20/2004 12:32:47 AM, Mailing List for Shorewall Users 
(shorewall-users@lists.shorewall.net) wrote:
> Hi,
>
> How should I configure my shorewall in order to have site-to-site VPN
> tunnel.
> Both sites using dynamic IPs assigned by ISP, that means both sites
> have ppp0 interface with dynamic IPs and  gateways.
Have a look here if you haven''t already:
http://www.shorewall.net/Documentation_Index.html
But more specifically here:
http://www.shorewall.net/IPSEC.htm
http://www.freeswan.org/
and here:
http://www.shorewall.net/OPENVPN.html
http://openvpn.sourceforge.net/

The fact that both sites ip''s are dynamic is something I''ve
never tried.
Good luck with this.

hi,

I don''t find information regarding the above topic from your suggested 
weblink, pls advise..
I need info on Dynamic IP site-to-site VPN , not road warrior


JBanks wrote:
>
> On 8/20/2004 12:32:47 AM, Mailing List for Shorewall Users 
> (shorewall-users@lists.shorewall.net) wrote:
>
>> Hi,
>>
>> How should I configure my shorewall in order to have site-to-site VPN
>> tunnel.
>> Both sites using dynamic IPs assigned by ISP, that means both sites
>> have ppp0 interface with dynamic IPs and  gateways.
>
>
> Have a look here if you haven''t already:
> http://www.shorewall.net/Documentation_Index.html
> But more specifically here:
> http://www.shorewall.net/IPSEC.htm
> http://www.freeswan.org/
> and here:
> http://www.shorewall.net/OPENVPN.html
> http://openvpn.sourceforge.net/
>
> The fact that both sites ip''s are dynamic is something
I''ve never
> tried. Good luck with this.
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe: 
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>
> ###################################################
> # This message has been scanned for viruses and   #
> # dangerous content by Pensteel Digital Solutions #
> # Open Source Security Server, and is             #
> # believed to be clean.                           #
> # Pls download www.pds-malaysia.com/doc/Linux.zip #
> # for Linux Open Source Solutions                 # 
> ###################################################
>
>


###################################################
# This message has been scanned for viruses and   #
# dangerous content by Pensteel Digital Solutions #
# Open Source Security Server, and is             #
# believed to be clean.                           #
# Pls download www.pds-malaysia.com/doc/Linux.zip #
# for Linux Open Source Solutions                 # 
###################################################

<quote who="layahsee">
>> How should I configure my shorewall in order to have site-to-site VPN
>  tunnel.
> Both sites using dynamic IPs assigned by ISP, that means both sites
> have ppp0 interface with dynamic IPs and  gateways.
>
Hi, you may use a dynamic DNS service such DynDNS in both sites and link
the tunnel using DNS instead of IP addresses.

I think this can help.

/valter


-- 

---..---..---..---..---..---..---..---..---..---..---
Valter Santos

vsantola@devfusion.net                 |||
http://devfusion.net/~vsantola/       (@ @)
----------------------------------oOO--(_)--OOo------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

layahsee wrote:
| Hi,
|
| How should I configure my shorewall in order to have site-to-site VPN
| tunnel.
| Both sites using dynamic IPs assigned by ISP, that means both sites
| have ppp0 interface with dynamic IPs and  gateways.
|

If you are asking how to configure /etc/shorweall/tunnels, just put
0.0.0.0/0 in the GATEWAY column.

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBJgJzO/MAbZfjDLIRAjyyAJ9xtGHbCMFGdK3Z4e7NgBaPriNY2gCgs6WH
l30eeFAQaVf9lcEH4pY++3I=OvJA
-----END PGP SIGNATURE-----

> I
> don''t find information regarding the above topic from your
suggested
> weblink, pls advise..
> I need info on Dynamic IP site-to-site VPN , not road warrior
I apologize. I thought that the examples were all that what you wanted. The 
fact that your using dynamic ip''s suggests that you need or already
have
dyndns. Although I''ve never setup a vpn/ipsec tunnel using a dyndns
name in
Shorewall tunnel file, Shorewall does recognize dnsnames as far as I''ve
read. Maybe Tom or someone else can veryify this. To answer your orginal 
question more specifically, "No", there isn''t any documention
on Shorewalls
site that shows you how to setup an Ipsec or OpenVpn tunnel using dyndns or 
dynamic ip''s specifically. But as long as your ipsec/vpn software
supports
dynamic ips on both ends of the tunnel then just use the examples given and 
replace the ip addresses with a dns names where appropriate. I could be 
wrong, but I believe you should beable to use a dns name in the tunnels 
file. You just need to make sure that your ipsec/vpn software supports 
dnsnames.

Joshua Banks