Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Other Astaro Products > Astaro Command Center (ACC)
Reload this Page Feature requests: Dynamic Gateways and Subnets
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-27-2009, 08:01 AM
wk wk is offline
Senior Member
  
Join Date: Oct 2001
Location: Ochsenfurt, Germany
Posts: 339
Default Feature requests: Dynamic Gateways and Subnets
Hi,

on testing the configuration feature in the ACC, I was amazed of the ease of use to create a vpn compared at doing it by hand on two ASGs.

But until now, it's only for basic vpn-setups.

1. The remote gateway is only created static with the ip-address currently valid at the time of creation. If the HQ has static ip you can work with 'respond only', but if both sides are dynamic, I see no solution.

2. It is only possible to choose a nics main net, but no additional subnet on either side. Since 7.402 the vpn should also work with 'Any'. I haven't tried yet, but it's not possible with ACC.

I hope to see this features in future releases.
__________________
cu
Walter
Reply With Quote
  #2 (permalink)  
Old 04-27-2009, 11:58 AM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,390
Default
Walter,

1. If neither person has a phone number, how can either one call the other? It seems like the only solution is at least one fixed IP or DynDNS.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #3 (permalink)  
Old 04-27-2009, 01:19 PM
wk wk is offline
Senior Member
  
Join Date: Oct 2001
Location: Ochsenfurt, Germany
Posts: 339
Default
Right Bob,

the solution is DynDNS, but this is not possible to configure with ACC.
__________________
cu
Walter
Reply With Quote
  #4 (permalink)  
Old 04-27-2009, 01:26 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,390
Default
You mean it works only with numeric IPs instead of FQDNs? That's not good!
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #5 (permalink)  
Old 04-27-2009, 02:24 PM
wk wk is offline
Senior Member
  
Join Date: Oct 2001
Location: Ochsenfurt, Germany
Posts: 339
Default
Yes. It generates a host in 'Definition/Network' with the ip, that is valid at the time of generation.
__________________
cu
Walter
Reply With Quote
  #6 (permalink)  
Old 04-29-2009, 08:52 AM
megaposer's Avatar
Scourge of Humanity
  
Join Date: May 2006
Location: Karlsruhe, Germany
Posts: 593
Default
Hi,

thanks for your excellent feedback on the current state of affairs.

Regarding 1)

You can define fully-dynamic IPSec VPNs via ACC without FQHNs and/or DynDNS. ACC is able to tell the devices in a managed VPN that the tunnel interface IP of the respective peer has changed. So, if you receive a new IP address on either end, ACC will care to rectify the definitions and the VPN will come back online in no time. This of course implies, that the managed devices in the VPN both still have a working connection to the ACC.

Of course, it would be even better to configure the devices to use FQHNs, but for now the IP in the host definition will be adjusted automatically every time it changes. Please give it a try ;-)

Regarding 2)

The Any subnet functionality was not yet available when we released ACC 2.000 (synchronized with 7.400). We have already considered that we need to beef up the choice of local networks for the devices in a VPN and it is good to have it confirmed by our users, that this functionality is really needed.

Will keep you posted about any decisions.

Thanks for using ACC!

Cheers,
Henning
Reply With Quote
  #7 (permalink)  
Old 04-30-2009, 09:01 AM
wk wk is offline
Senior Member
  
Join Date: Oct 2001
Location: Ochsenfurt, Germany
Posts: 339
Default
Thanks Henning for clearing the ip issue. I will give it a try soon.

It is not only the Any-subnet that's needed. It would be great to have accces to all nets which exist in Definition/Networks.
__________________
cu
Walter
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 10:55 PM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.