Hi,
This might help: ipsec with DHCP
Watchguard side:
BOVPN Virtual interface
auth method: preshared key or cert
Gateway Endpoint
LOCAL INTERFACE |
LOCAL TYPE |
LOCAL ID |
REMOTE IP |
REMOTE TYPE |
REMOTE ID |
External |
Domain Name |
dns.name.com |
Any |
Domain Name |
whatever.name.com |
VPN Routes
remote subnet(s) 192.168.25.0/24
(you might need/want Virtual IP adressing, i don't know).
proposals you just match on both sides.
Teltonika Side
Remote endpoint dns.name.com
Authentication method preshared key (or cert)
Pre shared key/(or cert)******
Local identifier whatever.name.com
Remote identifier dns.name.com
Routing
local subnet 192.168.25.0/24
remote subnet 172.0.0.0/24
Under advanced routing you can set up Peer IP (Virtual IP adress) if needed.
You do not need DDNS for this setup with (the teltonika on) a DHCP WAN connection. As long as the remote ID's match
You can reach remote networks like this. The only thing I have a problem with is the firewall zoning, IPsec does not auto
-matically create a zone like an OpenVPN connection does.
You can reach everything on the remote network accept the teltonika itself unless you allow https/ssh from WAN, because it sees the
traffic src as a WAN address. If you use Peer IP addresses you can map it as an internal network and you do not have to open anything on the WAN side.