On Wed, 2006-03-08 at 21:49 -0700, Eric "Shubes" wrote: > I'm trying to set up a VPN between two IPCop boxen. Fairly trivial, > usually. Both IPCops are connected to DSL (one home, one office), and > have dynamic IP addresses. No problem, DynDNS to the rescue. > > DynDNS works fine on the home side, as the 'DSL gateway' gives the IPCop > box the public address. Not so at work. There, DSL is provided by an > ActionTec modem/router that does NAT to the (IPCop) local network. As > such, IPCop updates DynDNS with its private, non-routable address. > Little good that does me. :( > > (FWIW, I already had a CIPE tunnel working before I had IPCops at each > end. Dynamic IPs was a problem though. Now that there is IPCop on both > ends, I'd like to use the DDNS and VPN capabilities of IPCop.) > > Question is: what's the best way to get a VPN working in this situation? > Some answers that come to mind: > > A1) a plain vanilla DSL modem that will give the (dynamic) public > address to IPCop's red interface. > KevinB, are you there? Are using the Cisco 67x I sold you? ;) > > A2) a way to configure the ActionTec to do the same. > I'm not sure about the capabilities of this puppy. It has a bridging > mode. Can I use that with PPPoA and a dynamic WAN address? > > A3) install a DynDNS client on a machine inside the LAN (or on the > IPCop) which will update DynDNS with the appropriate external IP > address, and configure ActionTec to be an end of the VPN tunnel (not > sure how that'd play w/ IPCop on the other end). > > Any thoughts are (as always) greatly appreciated. ---- Where I have run into that (and I think I have only run into it once), I have had the customer pay Qwest the $15 per month for the fixed ip addresses and use the ActionTec in bridging mode and then I can deal with IPSEC VPN no sweat. If I am going to take the time to set up a VPN, I really don't want to futz with DHCP/DynDNS ends and pull my hair out. That's me - if I can buy peace of mind for a few bucks each month, then I am happy. My understanding is that a lot of the companies that provide DSL like Deru, will give you fixed ip addresses at no extra charge. But to answer your question about the ActionTec and bridging mode...as I recall, that wasn't a 'wizard' option but the web interface has all sorts of options and yes, I used bridging and PPPoA, though as I recall, Qwest tech support is kind of iffy in terms of helping with that type of a setup. Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss