IPSEC multiple dynamic IP remote clients
We are actually running version 2.3.2 using mainly pfsense as a IPSEC VPN server for multiple remote locations.
Remote locations have only dynamic IP.
In order to identify remote IPSEC clients, we have to specify (VPN/IPSEC/TUNNELS/GENERAL INFO) the Remote Gateway (IP or host name).
Until now, we were using DDNS service, but remote clients are complaining because some time it takes lot of time to update (mainly when pfsense update info from ddns server after a reboot of wan access on remote site).
So we tried to specify in Remote Gateway 0.0.0.0 which gives a great result… but only for 1 tunnel ! FYI, we don’t need to authenticate IPSEC client with there IP.
And from what we saw, if we have sevral tunnels, 0.0.0.0 can be specified for only one of them, otherwise it gives an error saying this IP is already used.
We bypassed this error message by using different hostnames pointing to 0.0.0.0, but even if we don't have this error message anymore, only one tunnel is establishing well, others are failing in phase 1.
So my question is could you please provide solution for allowing more than 1 tunnel using 0.0.0.0 as Remote Gateway, enabling pfsense to handle sevral (dynamic remote ip) tunnels using 0.0.0.0 as remote Gateway, and by doing this accepting requests from ANY remote IP.
From what i found, this issue as already been mentioned sevral times on forums, like this post: https://forum.pfsense.org/index.php?topic=98956.0