- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x
A VPN tunnel is configured and uses a dynamic dns host as peer. If the peer change his address, it takes about 15min until the tunnel re-establish again.
The IKE cache the resolved IP addresses for dynamic dns peers for about 15 minutes (TTL). After this period a new resolve will be done. In case of a IP change of the peer in the timespan the IKE daemon will not resolve the host again. In the worest case, it takes about 15min until the tunnel may be re-established again.
There is no config setting available to set the TTL but its possible to flush the DNS cache of the IKE every x minutes via a cronjob in the "Config" > "Box" > "Advanced Configuration" > "Systen Scheduler" .
Use this comannd to fulsh the cache. All dynamic dns peer IPs will be resolved immediately.
/opt/phion/bin/ipsecctrl isa flushdns &