Hi All,
I posted this on the USG forum https://community.ubnt.com/t5/UniFi-Routing-Switching/Site-To-Site-VPN-w-Certificate-dynamic-wan-ip/m-p/1591414#U1591414 but since I also need to setup a similar setup with an ERPro I guess I'd post here where I feel the discussions are a bit more "CLI-ish" than on the unifi forums lol...
Anyways, The ER will be at a location that has dynamic WAN IPs. The remote site it connect to (Checkpoint Firewall-1) does not allow dynamic IP VPN tunnels with PSK, it requires certificate authentication (reasons are pretty understood and not up for me to decide)...
Anyways, has anyone done this? I understand that vyatta VPN is/was based on openswan...which should support this... but I havent found a single mention of a ER peer connecting to a site using digital certificates as an auth method... Any ideas if its been done, if there is a guide of sorts, or at least what version of openswan or other software I should be looking at?
I'd also be interested in what happen in a multiwan configuration, if you can have WANs on load balancing for say "outside" traffic and have the VPN failover if a link goes down for "internal-vpn" traffic?
Thanks a lot!
