Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-08-2008, 03:31 PM
|
#1
|
Member
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492
Rep:
|
Linux/BSD VPN software for net-to-net with DynDNS at both ends?
Hi,
I'm currently living in an apartment away from 'home', but most of my machines are at home. Both ends have residential high-bandwidth connections (Verizon FiOS and OptOnline, respectively) with dynamic IPs. I have IPcop running at both ends at the moment, but have had no success with either the builtin IPsec or the Zerina (OpenVPN) add-on.
I was wondering whether anyone can suggest any router/firewall software (or hardware, though I'd prefer software, since I already have the two boxes) that they *know* will work with dynamic IPs and dynDNS at both ends?
The IP for OptOnline changes quite often, so hard-coding it isn't an option.
Thanks,
Jason
|
|
|
03-09-2008, 12:25 PM
|
#2
|
Member
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71
Rep:
|
Last edited by internetSurfer; 03-09-2008 at 12:27 PM.
|
|
|
03-09-2008, 03:16 PM
|
#3
|
Member
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492
Original Poster
Rep:
|
Have you personally used m0n0wall in this scenario?
The reason why I ask is that I'm currently using IPcop, and while many people have said that it will work fine, the connection works fine with current IPs specified manually, but won't work with DynDNS FQDNs.
|
|
|
03-09-2008, 08:28 PM
|
#4
|
Member
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71
Rep:
|
Quote:
Originally Posted by jantman
while many people have said that it will work fine
|
Quote:
Most VPN routers don't allow entry of a FQDN for the VPN endpoints.
|
Maybe somone else can explain if this is possible?
Here is some other info for a possbile solution in m0n0wall:
M0n0wall IPSEC VPN Auto Updater + Download
What happens if the DNS for the FQDN is spoofed?
_
Last edited by internetSurfer; 03-11-2008 at 09:21 PM.
|
|
|
03-10-2008, 11:38 AM
|
#5
|
Member
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492
Original Poster
Rep:
|
Quote:
Originally Posted by internetSurfer
What happens if the DNS for the FQDN is spoofed?
|
If the FQDN is spoofed, and they managed to get a copy of the certificate that lets them masquerade as that end-point... then I guess I've been compromised.
I'm on dynamic IP, so I can't rely on an IP either. The only real way to provide security against spoofing, and maybe handle the whole IP/DNS issue, is to have each end-point run a script, triggered by a WAN IP change, that SSH's into the other end-point and calls a script with the new IP, which in turn stops the VPN, updates the IP in the config file, and then restarts the VPN. Sounds like a lot of logic for something if there may already be a solution out there.
|
|
|
03-10-2008, 12:20 PM
|
#6
|
Member
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71
Rep:
|
I don't know if you saw that "M0n0wall IPSEC VPN Auto Updater
can let you setup an IPSEC tunnel between a static-dynamic or
dynamic-dynamic ip address."
Another tool relevant to the topic: ddclient
_
|
|
|
All times are GMT -5. The time now is 01:31 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|