Results 1 to 8 of 8
  1. 08-10-2017, 08:02 AM #1
    TreyH
    TreyH is offline
    Newbie
    Join Date
    Dec 2015
    Posts
    3

    Default IPSec Tunnel - Dynamic IP on remote side

    I'm currently running 12.2.1 and have 45 Cradlepoint routers, with dynamic IP addresses, establishing IPSec tunnels to my Untangle box. I'm using "0.0.0.0" as the 'Remote Host' for the tunnel setup on the Untangle box.

    Experimenting with v13, it seems I must use the public IP of the remote host. The tunnel fails if I try to use "0.0.0.0" in the 'Remote Host' field of the tunnel config. Is there a way to setup the IPSec tunnel on the Untangle box for dynamic ip addresses on the remote side (for v13)? The Untangle box itself has a static public IP.
  2. 08-10-2017, 11:39 AM #2
    donhwyo
    donhwyo is online now
    Master Untangler
    Join Date
    May 2008
    Posts
    697

    Default

    I am using 0.0.0.0 in the server listening address. I am on latest 13 and use dyndns.
  3. 08-10-2017, 12:07 PM #3
    mahotz
    mahotz is offline
    Untangler mahotz's Avatar
    Join Date
    Jun 2010
    Posts
    33

    Default

    Instead of 0.0.0.0 try using %any (with the percent sign) in the Remote Host field. That tells IPsec to accept any IP address for the remote side.
  4. 08-10-2017, 12:17 PM #4
    donhwyo
    donhwyo is online now
    Master Untangler
    Join Date
    May 2008
    Posts
    697

    Default

    0.0.0.0 works for me.
  5. 08-10-2017, 12:38 PM #5
    TreyH
    TreyH is offline
    Newbie
    Join Date
    Dec 2015
    Posts
    3

    Default

    Thanks for the replies. Would it matter if my test box is in transparent bridge mode behind an ASA versus my production box is in router mode? The IPsec log has rolled since then but the error we were getting was something like "could not resolve 0.0.0.0". When we plugged in the remote's public ip the tunnel started working. Didn't try "%any"; we'll do some more testing....
  6. 08-10-2017, 12:43 PM #6
    mahotz
    mahotz is offline
    Untangler mahotz's Avatar
    Join Date
    Jun 2010
    Posts
    33

    Default

    I don't think the different modes should make any difference. I'm actually surprised 0.0.0.0 ever worked in the Remote Host field.
  7. 08-10-2017, 01:14 PM #7
    dmorris
    dmorris is online now
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,342

    Default

    Quote Originally Posted by TreyH View Post
    Thanks for the replies. Would it matter if my test box is in transparent bridge mode behind an ASA versus my production box is in router mode? The IPsec log has rolled since then but the error we were getting was something like "could not resolve 0.0.0.0". When we plugged in the remote's public ip the tunnel started working. Didn't try "%any"; we'll do some more testing....
    If its running behind another router doing NAT, yes thats going to add complications.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com
  8. 08-10-2017, 03:23 PM #8
    TreyH
    TreyH is offline
    Newbie
    Join Date
    Dec 2015
    Posts
    3

    Default

    This is the error if we use "%any" for Remote Host:

    Aug 10 16:40:54 untangle charon: 08[IKE] unable to resolve %any, initiate aborted

    If I plug in the public IP of the remote unit then the tunnel works. Will investigate the ASA tomorrow.....
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2