LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Linux/BSD VPN software for net-to-net with DynDNS at both ends? (http://www.linuxquestions.org/questions/linux-security-4/linux-bsd-vpn-software-for-net-to-net-with-dyndns-at-both-ends-626656/)

jantman 03-08-2008 03:31 PM

Linux/BSD VPN software for net-to-net with DynDNS at both ends?
 
Hi,

I'm currently living in an apartment away from 'home', but most of my machines are at home. Both ends have residential high-bandwidth connections (Verizon FiOS and OptOnline, respectively) with dynamic IPs. I have IPcop running at both ends at the moment, but have had no success with either the builtin IPsec or the Zerina (OpenVPN) add-on.

I was wondering whether anyone can suggest any router/firewall software (or hardware, though I'd prefer software, since I already have the two boxes) that they *know* will work with dynamic IPs and dynDNS at both ends?

The IP for OptOnline changes quite often, so hard-coding it isn't an option.

Thanks,
Jason

internetSurfer 03-09-2008 12:25 PM

m0n0wall
m0n0wall Dynamic DNS
8.3. Configuring the VPN Tunnel
Chapter 10. OpenVPN
Linux and BSD-based Firewalls and Broadband Routers

jantman 03-09-2008 03:16 PM

Have you personally used m0n0wall in this scenario?

The reason why I ask is that I'm currently using IPcop, and while many people have said that it will work fine, the connection works fine with current IPs specified manually, but won't work with DynDNS FQDNs.

internetSurfer 03-09-2008 08:28 PM

Quote:

Originally Posted by jantman (Post 3083272)
while many people have said that it will work fine

Quote:

Most VPN routers don't allow entry of a FQDN for the VPN endpoints. :study:
Maybe somone else can explain if this is possible?

Here is some other info for a possbile solution in m0n0wall:

M0n0wall IPSEC VPN Auto Updater + Download

What happens if the DNS for the FQDN is spoofed?

_

jantman 03-10-2008 11:38 AM

Quote:

Originally Posted by internetSurfer (Post 3083514)
What happens if the DNS for the FQDN is spoofed?

If the FQDN is spoofed, and they managed to get a copy of the certificate that lets them masquerade as that end-point... then I guess I've been compromised.

I'm on dynamic IP, so I can't rely on an IP either. The only real way to provide security against spoofing, and maybe handle the whole IP/DNS issue, is to have each end-point run a script, triggered by a WAN IP change, that SSH's into the other end-point and calls a script with the new IP, which in turn stops the VPN, updates the IP in the config file, and then restarts the VPN. Sounds like a lot of logic for something if there may already be a solution out there.

internetSurfer 03-10-2008 12:20 PM

I don't know if you saw that "M0n0wall IPSEC VPN Auto Updater
can let you setup an IPSEC tunnel between a static-dynamic or
dynamic-dynamic ip address."

Another tool relevant to the topic: ddclient

_


All times are GMT -5. The time now is 09:40 AM.