Linux/BSD VPN software for net-to-net with DynDNS at both ends?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux/BSD VPN software for net-to-net with DynDNS at both ends?
Hi,
I'm currently living in an apartment away from 'home', but most of my machines are at home. Both ends have residential high-bandwidth connections (Verizon FiOS and OptOnline, respectively) with dynamic IPs. I have IPcop running at both ends at the moment, but have had no success with either the builtin IPsec or the Zerina (OpenVPN) add-on.
I was wondering whether anyone can suggest any router/firewall software (or hardware, though I'd prefer software, since I already have the two boxes) that they *know* will work with dynamic IPs and dynDNS at both ends?
The IP for OptOnline changes quite often, so hard-coding it isn't an option.
Have you personally used m0n0wall in this scenario?
The reason why I ask is that I'm currently using IPcop, and while many people have said that it will work fine, the connection works fine with current IPs specified manually, but won't work with DynDNS FQDNs.
If the FQDN is spoofed, and they managed to get a copy of the certificate that lets them masquerade as that end-point... then I guess I've been compromised.
I'm on dynamic IP, so I can't rely on an IP either. The only real way to provide security against spoofing, and maybe handle the whole IP/DNS issue, is to have each end-point run a script, triggered by a WAN IP change, that SSH's into the other end-point and calls a script with the new IP, which in turn stops the VPN, updates the IP in the config file, and then restarts the VPN. Sounds like a lot of logic for something if there may already be a solution out there.
I don't know if you saw that "M0n0wall IPSEC VPN Auto Updater
can let you setup an IPSEC tunnel between a static-dynamic or dynamic-dynamic ip address."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.