IPCop and DynDNS behind NATing DSL modem
Eric "Shubes"
plug at shubes.net
Wed Mar 8 22:51:15 MST 2006
Craig White wrote:
> On Wed, 2006-03-08 at 21:49 -0700, Eric "Shubes" wrote:
>
>>I'm trying to set up a VPN between two IPCop boxen. Fairly trivial,
>>usually. Both IPCops are connected to DSL (one home, one office), and
>>have dynamic IP addresses. No problem, DynDNS to the rescue.
>>
>>DynDNS works fine on the home side, as the 'DSL gateway' gives the IPCop
>>box the public address. Not so at work. There, DSL is provided by an
>>ActionTec modem/router that does NAT to the (IPCop) local network. As
>>such, IPCop updates DynDNS with its private, non-routable address.
>>Little good that does me. :(
>>
>>(FWIW, I already had a CIPE tunnel working before I had IPCops at each
>>end. Dynamic IPs was a problem though. Now that there is IPCop on both
>>ends, I'd like to use the DDNS and VPN capabilities of IPCop.)
>>
>>Question is: what's the best way to get a VPN working in this situation?
>>Some answers that come to mind:
>>
>>A1) a plain vanilla DSL modem that will give the (dynamic) public
>>address to IPCop's red interface.
>>KevinB, are you there? Are using the Cisco 67x I sold you? ;)
>>
>>A2) a way to configure the ActionTec to do the same.
>>I'm not sure about the capabilities of this puppy. It has a bridging
>>mode. Can I use that with PPPoA and a dynamic WAN address?
>>
>>A3) install a DynDNS client on a machine inside the LAN (or on the
>>IPCop) which will update DynDNS with the appropriate external IP
>>address, and configure ActionTec to be an end of the VPN tunnel (not
>>sure how that'd play w/ IPCop on the other end).
>>
>>Any thoughts are (as always) greatly appreciated.
>
> ----
> Where I have run into that (and I think I have only run into it once), I
> have had the customer pay Qwest the $15 per month for the fixed ip
> addresses and use the ActionTec in bridging mode and then I can deal
> with IPSEC VPN no sweat. If I am going to take the time to set up a VPN,
> I really don't want to futz with DHCP/DynDNS ends and pull my hair out.
>
> That's me - if I can buy peace of mind for a few bucks each month, then
> I am happy. My understanding is that a lot of the companies that provide
> DSL like Deru, will give you fixed ip addresses at no extra charge.
>
> But to answer your question about the ActionTec and bridging mode...as I
> recall, that wasn't a 'wizard' option but the web interface has all
> sorts of options and yes, I used bridging and PPPoA, though as I recall,
> Qwest tech support is kind of iffy in terms of helping with that type of
> a setup.
>
> Craig
>
Thanks for your prompt reply, Craig. I was confident you'd have some
valued insight, and I was right.
I may have to end up with fixed ip addresses in the long run (for email
or web server), but am trying to get VPN working beforehand.
As it turns out, you also saved me the embarrasment of replying to my
own post. ;) While you were replying, I searched the IPCop mailing list
and, lo and behold, found this from Kevin Steger on 2/4/06:
The ActionTec from Qwest is by default in PPPoA and I switched it to
PPPoE. It worked, so I put the ActionTec in transparent bridge mode and
moved PPPoE authentication to the IPCop.
Works like a charm, and it was easy to do.
I also found a nice howto at
http://www.mattjamesconsulting.com/docs/Qwest%20Actiontec%20Bridged%20mode%20Notes.pdf
I missed (forgot?) that IPCop has capability for PPPoE. Who'da thunk?
IPCop (dare I say) Rocks!
Can't wait to give it a try tomorrow. Thanks again for your help, Craig.
You're one of the tops on this list (imho).
P.S. Thanks to Alan (subsequent reply), too! I've been subscribed to the
IPCop list since 9/28/05, and have all 2981 messages since then in a
nice folder that I can search. I figured it might come in handy some
day. (Like I have time to actually read them all)
--
-Eric 'shubes'
****************************************************
This message has been scanned using Contraxx
Technology Group mail server v8.0.3 and is virus free.
Message sent from Mail Server 3
****************************************************
More information about the PLUG-discuss
mailing list