14 Mar
2020
14 Mar
'20
3:41 p.m.
Those with a dynamic address CAN participate as their
public gateway
can now be a FQDN for their dynamic service. I have some within the
New York State subnet (44.68/16).
The issue is that IPIP tunnels have to be validate with their external
address
for at least SOME security, and this means that when the address changes
there
is nothing else we can do than drop their packets until the change comes
through
the portal and RIP system.
With a system that has those dynamic addresses connect only to one or two
VPN routers in a secure manner (e.g. L2TP/IPsec) we would not have that
problem.
Also, those address changes would not be important to other systems on
the network.
Out of the 561 registered gateways, we only ever receive traffic only
from 73 of them.
(the others could be either inactive or not be sending traffic to the
Netherlands)
Their address changes would not be important to us.
Rob