Feature #7410

IPSEC multiple dynamic IP remote clients

Added by Sebastien WILD over 3 years ago. Updated 23 days ago.

Very Low
Target version:
Start date:
Due date:
% Done:


Estimated time:


We are actually running version 2.3.2 using mainly pfsense as a IPSEC VPN server for multiple remote locations.
Remote locations have only dynamic IP.
In order to identify remote IPSEC clients, we have to specify (VPN/IPSEC/TUNNELS/GENERAL INFO) the Remote Gateway (IP or host name).
Until now, we were using DDNS service, but remote clients are complaining because some time it takes lot of time to update (mainly when pfsense update info from ddns server after a reboot of wan access on remote site).
So we tried to specify in Remote Gateway which gives a great result… but only for 1 tunnel ! FYI, we don’t need to authenticate IPSEC client with there IP.
And from what we saw, if we have sevral tunnels, can be specified for only one of them, otherwise it gives an error saying this IP is already used.
We bypassed this error message by using different hostnames pointing to, but even if we don't have this error message anymore, only one tunnel is establishing well, others are failing in phase 1.
So my question is could you please provide solution for allowing more than 1 tunnel using as Remote Gateway, enabling pfsense to handle sevral (dynamic remote ip) tunnels using as remote Gateway, and by doing this accepting requests from ANY remote IP.
From what i found, this issue as already been mentioned sevral times on forums, like this post:


#1 Updated by Jim Pingle over 3 years ago

  • Tracker changed from Bug to Feature
  • Assignee deleted (Steve Beaver)
  • Priority changed from Urgent to Very Low
  • Target version changed from 2.3.4 to Future

If it's possible, it will take some time/thought about how best to handle.

#2 Updated by Viktor Gurov 23 days ago

  • Status changed from New to Closed

Implemented in #7095 and #10214

Also available in: Atom PDF