LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 03-08-2008, 03:31 PM   #1
jantman
Member
 
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492

Rep: Reputation: 31
Linux/BSD VPN software for net-to-net with DynDNS at both ends?


Hi,

I'm currently living in an apartment away from 'home', but most of my machines are at home. Both ends have residential high-bandwidth connections (Verizon FiOS and OptOnline, respectively) with dynamic IPs. I have IPcop running at both ends at the moment, but have had no success with either the builtin IPsec or the Zerina (OpenVPN) add-on.

I was wondering whether anyone can suggest any router/firewall software (or hardware, though I'd prefer software, since I already have the two boxes) that they *know* will work with dynamic IPs and dynDNS at both ends?

The IP for OptOnline changes quite often, so hard-coding it isn't an option.

Thanks,
Jason
 
Old 03-09-2008, 12:25 PM   #2
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
m0n0wall
m0n0wall Dynamic DNS
8.3. Configuring the VPN Tunnel
Chapter 10. OpenVPN
Linux and BSD-based Firewalls and Broadband Routers

Last edited by internetSurfer; 03-09-2008 at 12:27 PM.
 
Old 03-09-2008, 03:16 PM   #3
jantman
Member
 
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492

Original Poster
Rep: Reputation: 31
Have you personally used m0n0wall in this scenario?

The reason why I ask is that I'm currently using IPcop, and while many people have said that it will work fine, the connection works fine with current IPs specified manually, but won't work with DynDNS FQDNs.
 
Old 03-09-2008, 08:28 PM   #4
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
Quote:
Originally Posted by jantman View Post
while many people have said that it will work fine
Quote:
Most VPN routers don't allow entry of a FQDN for the VPN endpoints.
Maybe somone else can explain if this is possible?

Here is some other info for a possbile solution in m0n0wall:

M0n0wall IPSEC VPN Auto Updater + Download

What happens if the DNS for the FQDN is spoofed?

_

Last edited by internetSurfer; 03-11-2008 at 09:21 PM.
 
Old 03-10-2008, 11:38 AM   #5
jantman
Member
 
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by internetSurfer View Post
What happens if the DNS for the FQDN is spoofed?
If the FQDN is spoofed, and they managed to get a copy of the certificate that lets them masquerade as that end-point... then I guess I've been compromised.

I'm on dynamic IP, so I can't rely on an IP either. The only real way to provide security against spoofing, and maybe handle the whole IP/DNS issue, is to have each end-point run a script, triggered by a WAN IP change, that SSH's into the other end-point and calls a script with the new IP, which in turn stops the VPN, updates the IP in the config file, and then restarts the VPN. Sounds like a lot of logic for something if there may already be a solution out there.
 
Old 03-10-2008, 12:20 PM   #6
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
I don't know if you saw that "M0n0wall IPSEC VPN Auto Updater
can let you setup an IPSEC tunnel between a static-dynamic or
dynamic-dynamic ip address."

Another tool relevant to the topic: ddclient

_
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSwan net-to-net VPN (IPCop 1.4.10) millerjord Linux - Networking 1 05-11-2007 06:42 AM
What software do i use to code .net in linux? birddseedd Linux - Software 1 02-10-2007 02:12 PM
samba over the net? VPN? realized Linux - Networking 4 10-11-2004 12:47 PM
Net BSD Download Question. rvijay *BSD 3 09-17-2003 11:43 AM


All times are GMT -5. The time now is 12:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration