|
Home > Archive > VPN > November 2004 > site-to-site VPN using a dynamic IP on both ends with DDNS service
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
site-to-site VPN using a dynamic IP on both ends with DDNS service
|
|
| Ned Hart 2004-11-27, 5:45 pm |
| Hello group
I purchased two Watchguard SOHO 6TC's to create a site-to-site VPN
between two sites after I was told each office had 5 static IP's.
Turns out that both sites use Verizon PPPoE and have dynamic IP's. I
called Watchguard and they say at least one site needs a static IP,
yet their documentation simply says the issue of creating a VPN with
dynamic IP's can be overcome by using a DDNS service like dyndns.org
which is supported by the Watchguard SOHO. So, has anyone successfully
configure a VPN with dymanic IP's at both ends? What happens when the
IP changes? Is there anything else I should look out for?
Thanks
NH
| |
| Mike Schumann 2004-11-27, 5:45 pm |
| I am using Linksys BEFVP41 routers using dynamic DNS addresses from
no-ip.com.
I have one computer at each site that is running a small program from
no-ip.com, which checks the ip address of the site every 5 minutes and
updates the DNS server if the address has changed.
The Linksys routers are configured with the DNS names of the remote
endpoints. When the ip address changes, which luckily is very infrequent,
sometimes the Linksys routers need to be powered down to connect correctly.
I suspect, but have never been able to prove, that the Linksys routers
resolve the IP address when the router is rebooted, not when a connection is
created. But, at least when I have a problem, it's a relatively easy fix to
get things running again.
I have other problems with the Linksys router, so I wouldn't necessarily
give them a rousing endorsement. At the time I deployed these routers
(about 2 years ago), they were the only low cost router available that would
permit the configuration of the remote router using a FQDN instead of an ip
address. I would be very interested in getting feedback on other routers
that have similar capability.
Thanks,
Mike Schumann
"Ned Hart" <nedhart@hotmail.com> wrote in message
news:4a251bdf.0411270757.6e28f5aa@posting.google.com...
> Hello group
>
> I purchased two Watchguard SOHO 6TC's to create a site-to-site VPN
> between two sites after I was told each office had 5 static IP's.
> Turns out that both sites use Verizon PPPoE and have dynamic IP's. I
> called Watchguard and they say at least one site needs a static IP,
> yet their documentation simply says the issue of creating a VPN with
> dynamic IP's can be overcome by using a DDNS service like dyndns.org
> which is supported by the Watchguard SOHO. So, has anyone successfully
> configure a VPN with dymanic IP's at both ends? What happens when the
> IP changes? Is there anything else I should look out for?
>
> Thanks
> NH
| |
| ppointer@nospamindspring.com 2004-11-28, 8:45 pm |
| Mike Schumann wrote:
> I am using Linksys BEFVP41 routers using dynamic DNS addresses from
> no-ip.com.
>
Can no-ip.com also be used to provide a static IP for a web site? My
ISP wants about $50 or so per month to upgrade to a different service
that will provide a static IP address.
| |
| Mike Schumann 2004-11-28, 8:45 pm |
| Static IPs are always provided by your ISP. In the real world, on broadband
connections, dynamic IP addresses rarely change. However, if you are not
paying your ISP for a static IP address, they have the right to change your
address without telling you.
No-ip.com is just a way for you to associate a FQDN with the IP address that
is assigned to you by your ISP. No-IP.com's program runs on a computer on
your network and automatically checks the ip address however often you
specify (5 minute maximum refresh rate), and updates your FQDN address if
the ip address has changed.
Mike Schumann
<ppointer@nospamindspring.com> wrote in message
news:tQvqd.61309$T13.45384@fe2.columbus.rr.com...
> Mike Schumann wrote:
> Can no-ip.com also be used to provide a static IP for a web site? My ISP
> wants about $50 or so per month to upgrade to a different service that
> will provide a static IP address.
| |
| ppointer@nospamindspring.com 2004-11-30, 2:45 am |
| Mike Schumann wrote:
> Static IPs are always provided by your ISP. In the real world, on broadband
> connections, dynamic IP addresses rarely change. However, if you are not
> paying your ISP for a static IP address, they have the right to change your
> address without telling you.
>
Thanks. I'll start paying attention to how often my home IP gets changed.
| |
| Ned Hart 2004-11-30, 5:45 pm |
| Hi Mike
Thanks for responding. I'm happy to hear that you've had success with
this kind of configuration. The watchguard 6tc has built in support
for ddns, so I don't have to run the program on a PC. I plan to
configure them later in the week, I'll post my experience here when
I'm done.
Thank You
NH
"Mike Schumann" <mike-nospam@traditions-nospam.com> wrote in message news:<sD6qd.1896$6K5.132@newsread2.news.atl.earthlink.net>...[vbcol=seagreen]
> I am using Linksys BEFVP41 routers using dynamic DNS addresses from
> no-ip.com.
>
> I have one computer at each site that is running a small program from
> no-ip.com, which checks the ip address of the site every 5 minutes and
> updates the DNS server if the address has changed.
>
> The Linksys routers are configured with the DNS names of the remote
> endpoints. When the ip address changes, which luckily is very infrequent,
> sometimes the Linksys routers need to be powered down to connect correctly.
> I suspect, but have never been able to prove, that the Linksys routers
> resolve the IP address when the router is rebooted, not when a connection is
> created. But, at least when I have a problem, it's a relatively easy fix to
> get things running again.
>
> I have other problems with the Linksys router, so I wouldn't necessarily
> give them a rousing endorsement. At the time I deployed these routers
> (about 2 years ago), they were the only low cost router available that would
> permit the configuration of the remote router using a FQDN instead of an ip
> address. I would be very interested in getting feedback on other routers
> that have similar capability.
>
> Thanks,
> Mike Schumann
>
> "Ned Hart" <nedhart@hotmail.com> wrote in message
> news:4a251bdf.0411270757.6e28f5aa@posting.google.com...
|
|
|
|
|