On 2022-06-05, open...@007sascha.de <open...@007sascha.de> wrote: > Hi, > I would like to build a dynamic gif tunnel and search the "best" and secured > concept for that. > Szenario: HomeRouter with dynamic IP; OpenBSD as Gateway with static IP. > 6in4 gif tunnel. > On IP change at HomeRouter, i have to adjust the tunnel Endpoint on the > Gateway. > Concepts: > 1. To change pf, i can use authpf, but how can i change the tunnel parameter? > Second ssh session and doas? > > 2. Build a web-API to change tunnel and pf? How, httpd is in chroot. > > 3. use a external dyndns Service and work with a cronjob to check for changes > on DNS > > Any suggestions/recommendation?
Any of those would work. If you want to use a web API you can either run the cgi/php/whatever script unchrooted, or write to a file under /var/www which is read by a daemon/cronjob. You will probably be happier with wg(4) though, for this scenario with a static IP at one side you don't need to do anything special to maintain the tunnel, it "just works".and automatically follows changes of client IP. (I use it to route a /27 from colo to home which can be used across whatever connectivity I have so it works over mobile/landline/radio link/whatever). -- Please keep replies on the mailing list.
