Thank you for reading! I’m a Network Engineering student and I’m working on my capstone and need help with a concept. My instructors are also stumped so I’m coming here. I’m working on creating a site-to-site ipsec tunnel over the internet and both endpoints have dhcp-assigned addresses. I’m using this ( IPsec — VyOS 1.4.x (sagitta) documentation ) documentation to create my tunnels, but don’t see an option for 2 dhcp assigned addresses. Which method would work best for creating that tunnel? Thanks in advance for any help!
Can you diagram up what you’re trying to achieve?
Sorry for the vague question. Here is a picture of my network from GNS3. I am trying to route between Workstations on Office_Net VLAN (192.168.0.64/28) and the simulated SaaS Platform on 10.0.0.0/24 via an IPsec tunnel between the LAN Router and SaaS Router whose external interfaces both use DHCP.
How would you imagine it would work if the remote end you’re targeting can change it’s address at any time? I assume that’s what you’re saying, the “DHCP” address isn’t always going to be the same, it changes on a regular basis?
The answer anyway is to do dynamic DNS and then use a hostname.
set vpn ipsec site-to-site peer test remote-address <hostname>
You then have to use VyOS “Dynamic DNS update service” to push updates to whoever you’re using for your Dynamic DNS:
set service dns dynamic
That’s how I’d approach it anyway - I haven’t actually done IPSEC in anger on VyOS before.
But yes if IPs are going to move around, DDNS is really the only solution I’m aware of.
Does that answer the question?