Question about pfSense Site to Site VPN
-
I don't believe that you can do that. I can't think of how it would work. You'll just need to wait for the DDNS to catch up before the VPN can reestablish.
-
the problem is DDNS take a long time to resolve my dns name to my new ip after each ip change, so i want to backup this connection by making the server be the client in the same time
-
after ip change i logged into my account in freedns.afraid.org to see whether my record get updated pr not, i saw that the record was updated, but when i make nslookup to my dns name it still cach my old ip, after 20 min the snlookup give me the new ip, so the connection drop for a long period of time,
-
Yes. DNS propagation takes time. What DNS server are you resolving against?
-
in that time i find myself obliged to make the new ip manually in the client box, and wait for a period of time till the true update happen, then i change the ip by the name, but this method is nor reliable in business,
-
i'm using openDNS
-
yes this is the problem, the DDNS website get updated but what take time is this propagation between DNS servers
-
is there any fastest DDNS server, that can propagate my new IP to other public DNS so quickly
-
@IT-ADMIN said:
i'm using openDNS
I have no hard evidence to back this up, but I feel that OpenDNS is slow to update compared to Google DNS.
But you will always have this issue with any DDNS solution.
Since you are using pfSense, I would setup OpenVPN instead of IPSEC. OpenVPN can handle a dynamic changing client much better than IPSEC does. If you are already using OpenVPN, then it is simply a matter of reconfiguring one side to be dynamic and not rely on the DDNS.
-
@JaredBusch yes Sir i'm using OpenVPN, and feedns.afraid.org as DDNS, and i'm using the built-in DDNS updater in pfsense,
-
do you mean by not relying on DDNS that i have to change the IP myself in each IP change ????
-
what about having each box a client and server in the same time, Mr Scott don't like this idea,
what about you Sir -
@IT-ADMIN said:
what about having each box a client and server in the same time, Mr Scott don't like this idea,
what about you SirI don't believe that you can.
-
@IT-ADMIN said:
do you mean by not relying on DDNS that i have to change the IP myself in each IP change ????
That's an option but I would prefer the DNS delay.
-
How often does your IP address change?
-
sometimes one week, sometimes 4 days, it depend
-
-
currently i check every time my public ip to make sure that it is still fixed to make sure that the 2 office are connected, i wish to make this happen automatically but unfortunately DDNS despair me
-
@IT-ADMIN said:
currently i check every time my public ip to make sure that it is still fixed to make sure that the 2 office are connected, i wish to make this happen automatically but unfortunately DDNS despair me
I assume that you don't have the ability to get static IPs? Have you looked into Hamachi?
-
@scottalanmiller yes, and also our ISP makes it difficult to possess static IP, he force you to buy a subnet of 8 static ip, and the price is very expensive, because here in qatar exist only one ISP (landline provider) for this reason they do what they want,
