[1.950] VPN with dynamic Endpoint [FEATURE]

[quasar3c279]

Hi,

i downloaded the Beta yesterday, after updating my first two Firewalls to 7.400 i tried to create a VPN Connection via the ACC. It worked very well! At the moment only RSA is available, will it be possible to use Certs in future?

The problem(maybe not a bug, but a feature) i found is:
One of the devices has an dynamic IP and the other one is static. I created both VPN Endpoints with "initiate connection". On my static gateway i have a definition for the remote gateway with the IP, but this will change in about 24 hours and the vpn will not work.

I just tried it with a "respond only" connection, that works, because it has no IP for the Remote gateway.

Maybe it is possible to determine if the remote gateway is an dynamic ip, or the acc manages the definition of the remote gateway an updates it with the new ip if it changes?

Until now i can say everything alright with this BETA, well done. Creating VPNs is a very nice fetaure!

Now i will go hunting bugs!

regards, mario

[megaposer]

Hi,

thanks for your feature request and your positive feedback on the VPN stuff - we will come back to you soon regarding feasibility.

About the available authentication method types: Currently there are no plans when other schemes like X.509 CERTS or PSK will be supported - definitely not in the final ACC V2 release. My own preference would be to support X.509 in a non-PKI fashion first (just simple re-use of the Certificates which are already there).

One thing: if you set both endpoints to initiate the connection although you have one dynamic endpoint with changing IP, the ACC will know about the changing IP address and propagate this information to the other device which then can readjust its tunnel configuration. So the VPN will work after you get a new IP assigned.

Cheers