Thank you for reading! I’m a Network Engineering student and I’m working on my capstone and need help with a concept. My instructors are also stumped so I’m coming here. I’m working on creating a site-to-site ipsec tunnel over the internet and both endpoints have dhcp-assigned addresses. I’m using this ( IPsec — VyOS 1.4.x (sagitta) documentation ) documentation to create my tunnels, but don’t see an option for 2 dhcp assigned addresses. Which method would work best for creating that tunnel? Thanks in advance for any help!
Can you diagram up what you’re trying to achieve?
How would you imagine it would work if the remote end you’re targeting can change it’s address at any time? I assume that’s what you’re saying, the “DHCP” address isn’t always going to be the same, it changes on a regular basis?
The answer anyway is to do dynamic DNS and then use a hostname.
set vpn ipsec site-to-site peer test remote-address <hostname>
You then have to use VyOS “Dynamic DNS update service” to push updates to whoever you’re using for your Dynamic DNS:
set service dns dynamic
That’s how I’d approach it anyway - I haven’t actually done IPSEC in anger on VyOS before.
But yes if IPs are going to move around, DDNS is really the only solution I’m aware of.
Does that answer the question?