We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Flush dynamic dns peer entries for IPSEC tunnels

  • Type: Knowledgebase
  • Date changed: 5 months ago
Solution 00005274 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:

A VPN tunnel is configured and uses a dynamic dns host as peer. If the peer change his address, it takes about 15min until the tunnel re-establish again.


 

Solution:

The IKE cache the resolved IP addresses for dynamic dns peers for about 15 minutes (TTL). After this period a new resolve will be done. In case of a IP change of the peer in the timespan the IKE daemon will not resolve the host again. In the worest case, it takes about 15min until the tunnel may be re-established again.

 

There is no config setting available to set the TTL but its possible to flush the DNS cache of the IKE every x minutes via a cronjob in the "Config" > "Box" > "Advanced Configuration" > "Systen Scheduler" .

Use this comannd to fulsh the cache. All dynamic dns peer IPs will be resolved immediately.


/opt/phion/bin/ipsecctrl isa flushdns &



Link to This Page:
https://campus.barracuda.com/solution/50160000000IKb5AAG