It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Flush dynamic dns peer entries for IPSEC tunnels

  • Type: Knowledgebase
  • Date changed: one year ago
Solution 00005274 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:

A VPN tunnel is configured and uses a dynamic dns host as peer. If the peer change his address, it takes about 15min until the tunnel re-establish again.


 

Solution:

The IKE cache the resolved IP addresses for dynamic dns peers for about 15 minutes (TTL). After this period a new resolve will be done. In case of a IP change of the peer in the timespan the IKE daemon will not resolve the host again. In the worest case, it takes about 15min until the tunnel may be re-established again.

 

There is no config setting available to set the TTL but its possible to flush the DNS cache of the IKE every x minutes via a cronjob in the "Config" > "Box" > "Advanced Configuration" > "Systen Scheduler" .

Use this comannd to fulsh the cache. All dynamic dns peer IPs will be resolved immediately.


/opt/phion/bin/ipsecctrl isa flushdns &



Link to This Page:
https://campus.barracuda.com/solution/50160000000IKb5AAG