i'm trying to figure out VPNs, which isn't really on topic, but there are a lot of clever folks here, so I thought I'd give it a shot. Pointers to more relevant newsgroups gratefully appreciated...
Every time I get interested in setting up a VPN, I run across the "enter the IP address of the endpoint" in the setup instructions. While many corporate VPNs might have a static IP address, none of my IPs are really very static. Is there a way around this, or do I have to determine the IP address of "home" every time and set up a new VPN?
Nothing to it. The most common screwup is to use the same non-routeable Class C network IP block on both ends. That doesn't (usually) work. If one end is 192.168.1.xxx, the other end should be
192.168.2.xxx or some such. Actually, some VPN routers (i.e. Sonicwall) do sorta work with identical Class C IP blocks, but you have to be careful not to duplicate IP addresses.
Dynamic DNS service. I'm up to about 14 entries on dyndns.com for some of my customers. There are lots of other dynamic DNS services. The VPN routers I've tinkered with do NOT require a numeric IP address and will accept a FQDN (fully qualified domain name).
Incidentally, some of my customers dynamic IP address only changes on router upgrades or major network reconfigurations. Others, such as SBC PPPoE DSL, changes every time you connect and often intentionally drops the connection just so that it change the IP address on the user. I was monitoring one users system that would go through about one IP address per hour day after day. I guess they don't like servers.
Every time I have ever setup dynamic DNS with them they disable it within a few months. This is using their client. I get an email that the account is about to expire and then they turn it off.
What sort of results do you see? Do you have some sort of paid account that was previously offered? I see now they only offer the free service.
The first 5 dynamic DNS names were free. I now pay something like $10/year for the rest of the name.
I accidentally mistyped an account name which of course never got updated by the client. After about 2 weeks, I get a notice that it's about to expire. Apparently if the updates are no sufficiently often, it assume the account is comatose and it expired. I've let one account expire and it literally disappeared from the settings page. That was with the free service.
I just checked my list of names under My Services and found that one client hasn't been updated since April 2005. That's when I changed the router and probably screwed up the DDNS setup. (Oops). It's still on the setup page and still active. Another hasn't been updated since Nov 2005, when the customer punched the reset button on their router, and that's still there. I guess they don't expire if you pay for the service. Most of the others are less than a month old.
I use a mixture of their client software and the built in dyndns.com client in some routers. I've had good luck with current Netgear and Linksys routers. I've had miserable luck with older routers (i.e. DI-514, RT-314). Basically, some built in clients are broken. What I've noticed is that those that report success or failure to a log file seem to work. Those without logging seem to screw up, probably because the client doesn't check for success or failure and just broadcasts an update.
On the client software, I've had some entertainment value caused by ZoneAlarm and Norton Internet Security. These check for permission for an outgoing program to send a packet to the internet. The dyndns client is suppose to be automatically configured in these personal firewalls when first run. For some unknown reason, it seems to either delay the setup or do it all wrong. I've had to delete the dyndns record from both ZoneAlarm and NIS, re-authorize the client, and then it works. Other than a few versions of the client that were apparently buggy (would die every few days), the software client works just fine for me on about 6 machines.
If you're really paranoid, put the dyndns client on two computers and have them both do updates to either the same account or to different accounts. One or the other should work. I have two names for some of my critical servers (weather stations on mountain tops) that I can't afford to have fail. The catch is do NOT pound on the dyndns servers with updates too often. They treat that as abuse and somehow block the source IP.
If you login to your account on dyndns.com and check the "last updates" column on the setup page, it might give a clue as to what's happening.
FWIW I use dyndns.com who expire the accounts unless you update the IP mapping fairly regularly (but not too regularly). Its not too much of a chore to refresh the IP every couple of months.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.