IPCop and DynDNS behind NATing DSL modem
Craig White
craigwhite at azapple.com
Wed Mar 8 22:13:36 MST 2006
On Wed, 2006-03-08 at 21:49 -0700, Eric "Shubes" wrote:
> I'm trying to set up a VPN between two IPCop boxen. Fairly trivial,
> usually. Both IPCops are connected to DSL (one home, one office), and
> have dynamic IP addresses. No problem, DynDNS to the rescue.
>
> DynDNS works fine on the home side, as the 'DSL gateway' gives the IPCop
> box the public address. Not so at work. There, DSL is provided by an
> ActionTec modem/router that does NAT to the (IPCop) local network. As
> such, IPCop updates DynDNS with its private, non-routable address.
> Little good that does me. :(
>
> (FWIW, I already had a CIPE tunnel working before I had IPCops at each
> end. Dynamic IPs was a problem though. Now that there is IPCop on both
> ends, I'd like to use the DDNS and VPN capabilities of IPCop.)
>
> Question is: what's the best way to get a VPN working in this situation?
> Some answers that come to mind:
>
> A1) a plain vanilla DSL modem that will give the (dynamic) public
> address to IPCop's red interface.
> KevinB, are you there? Are using the Cisco 67x I sold you? ;)
>
> A2) a way to configure the ActionTec to do the same.
> I'm not sure about the capabilities of this puppy. It has a bridging
> mode. Can I use that with PPPoA and a dynamic WAN address?
>
> A3) install a DynDNS client on a machine inside the LAN (or on the
> IPCop) which will update DynDNS with the appropriate external IP
> address, and configure ActionTec to be an end of the VPN tunnel (not
> sure how that'd play w/ IPCop on the other end).
>
> Any thoughts are (as always) greatly appreciated.
----
Where I have run into that (and I think I have only run into it once), I
have had the customer pay Qwest the $15 per month for the fixed ip
addresses and use the ActionTec in bridging mode and then I can deal
with IPSEC VPN no sweat. If I am going to take the time to set up a VPN,
I really don't want to futz with DHCP/DynDNS ends and pull my hair out.
That's me - if I can buy peace of mind for a few bucks each month, then
I am happy. My understanding is that a lot of the companies that provide
DSL like Deru, will give you fixed ip addresses at no extra charge.
But to answer your question about the ActionTec and bridging mode...as I
recall, that wasn't a 'wizard' option but the web interface has all
sorts of options and yes, I used bridging and PPPoA, though as I recall,
Qwest tech support is kind of iffy in terms of helping with that type of
a setup.
Craig
More information about the PLUG-discuss
mailing list