Question about pfSense Site to Site VPN
-
hi all
i have 2 remote location: Main and branch office, connected together via Site to Site OpenVPN connection using 2 pfSense Boxes, i have 2 Dynamic changing IPs in both location, one Box play the role of Server and the second Box play the role of client, is it technically possible to make each box to play both roles so that: if one Box's IP change the connection will not drop because each box is server and client in the same time or i should keep my currrent setup (client_Server) only,
knowing that i have set up a Dynamic DNS, but it take about 15 min to resolve my name with the new IP
-
I don't believe that you can do that. I can't think of how it would work. You'll just need to wait for the DDNS to catch up before the VPN can reestablish.
-
the problem is DDNS take a long time to resolve my dns name to my new ip after each ip change, so i want to backup this connection by making the server be the client in the same time
-
after ip change i logged into my account in freedns.afraid.org to see whether my record get updated pr not, i saw that the record was updated, but when i make nslookup to my dns name it still cach my old ip, after 20 min the snlookup give me the new ip, so the connection drop for a long period of time,
-
Yes. DNS propagation takes time. What DNS server are you resolving against?
-
in that time i find myself obliged to make the new ip manually in the client box, and wait for a period of time till the true update happen, then i change the ip by the name, but this method is nor reliable in business,
-
i'm using openDNS
-
yes this is the problem, the DDNS website get updated but what take time is this propagation between DNS servers
-
is there any fastest DDNS server, that can propagate my new IP to other public DNS so quickly
-
@IT-ADMIN said:
i'm using openDNS
I have no hard evidence to back this up, but I feel that OpenDNS is slow to update compared to Google DNS.
But you will always have this issue with any DDNS solution.
Since you are using pfSense, I would setup OpenVPN instead of IPSEC. OpenVPN can handle a dynamic changing client much better than IPSEC does. If you are already using OpenVPN, then it is simply a matter of reconfiguring one side to be dynamic and not rely on the DDNS.
-
@JaredBusch yes Sir i'm using OpenVPN, and feedns.afraid.org as DDNS, and i'm using the built-in DDNS updater in pfsense,
-
do you mean by not relying on DDNS that i have to change the IP myself in each IP change ????
-
what about having each box a client and server in the same time, Mr Scott don't like this idea,
what about you Sir -
@IT-ADMIN said:
what about having each box a client and server in the same time, Mr Scott don't like this idea,
what about you SirI don't believe that you can.
-
@IT-ADMIN said:
do you mean by not relying on DDNS that i have to change the IP myself in each IP change ????
That's an option but I would prefer the DNS delay.
-
How often does your IP address change?
-
sometimes one week, sometimes 4 days, it depend
-
-
currently i check every time my public ip to make sure that it is still fixed to make sure that the 2 office are connected, i wish to make this happen automatically but unfortunately DDNS despair me
-
@IT-ADMIN said:
currently i check every time my public ip to make sure that it is still fixed to make sure that the 2 office are connected, i wish to make this happen automatically but unfortunately DDNS despair me
I assume that you don't have the ability to get static IPs? Have you looked into Hamachi?
