mirror of
https://github.com/opnsense/docs
synced 2024-10-30 21:20:20 +00:00
VPN: IPsec - VTI, add a warning about dynamic ip addresses. We currently don't exepect them as input, nor should we probably due to the validations in if_ipsec
This commit is contained in:
parent
4aee329fa8
commit
4f62577488
@ -168,6 +168,13 @@ The advantage of this type of setup is one can use standard or advanced routing
|
||||
|
||||
Currently it does not seem to be possible to add NAT rules for :code:`if_ipsec(4)` devices.
|
||||
|
||||
.. Warning::
|
||||
|
||||
In order to reliably setup a VTI tunnel, both ends should use static ip addresses. Although in the legacy configuration it
|
||||
was possible to resolve hostnames, this will never lead to a stable configuration as the :code:`if_ipsec(4)` device
|
||||
matches both source and destination `[#] <https://github.com/freebsd/freebsd-src/blob/c8ee75f2315e8267ad814dc5b4645ef205f0e0e1/sys/net/if_ipsec.c#L479>`__
|
||||
before accepting the traffic and has no knowledge about any external changes.
|
||||
|
||||
.................................
|
||||
Road Warriors / Mobile users
|
||||
.................................
|
||||
|
Loading…
Reference in New Issue
Block a user