During the development of IPSec, it was a prerequisite that no information be sent unencrypted or to unauthorized peers. Unfortunately, this also introduces some limitations associated with dynamic IP addresses:

All information is transmitted in encrypted form, including the identification of a station. Since dynamic IPs cannot decide which key to use for decryption based on the IP address or the identifier, all of these peers must use the same key.

Fortunately, this restriction only applies to the pre-shared key procedure; when using public key procedures, each peer can have its own key. By separating public and private keys, this is possible without endangering data. We therefore recommend that you only use the Public Key method.