Skip to main content
bwill
bwill
Visitor III
June 7, 2018
Question

DDNS updates @ HUB for Site-to-Site VPN using DDNS at the Spoke

  • June 7, 2018
  • 1 reply
  • 4769 views

Hey guys,

 

So I have a site-to-site setup between a 200B and 30E.  The spoke site using a 30E with 5.6.4 is configured with DDNS and the hub site using a 200B with 5.2.8 is configured to receive the DDNS name site.fortiddns.com.  After configuring the 30E in my lab and establishing the tunnel everything works as expected. 

 

When I break down the 30E and ship it out it takes over 20m to establish the tunnel.  I initially saw this as problem running 5.4.6 on the 30E so upgraded to 5.6.4, but it didn't help speed anything up.  What I suspect is happening is that the 30E is sending its updates to fortiddns.com.  The 200B is taking its sweet time to update the name in Phase 1 which I suspect is the issue.

 

I do have a ticket open with Fortinet but it takes forever to get responses back.  Does anyone have experience with this and able to offer suggestions to speed up the 200B side?

 

Thanks in advance!

Bret

1 reply

bwill
bwillAuthor
Visitor III
June 8, 2018

(BUMP)

rwpatterson
rwpatterson
New Member
June 8, 2018

I have been using DynDNS forever and have never had a lag in resolution on my tunnels. Now, I have never moved my device (FWF80CM). Once set up it has been rock solid. If this unit is going to be moved often, I would force a refresh on the hub side by changing the peer name on the tunnel then changing it back. This will force a DNS lookup and alleviate any hesitation establishing the tunnel.

bwill
bwillAuthor
Visitor III
June 8, 2018

  Thanks for the info RW!  I agree DDNS runs rock solid once rolled out.  When your working with remote clients plugging new equipment in and it doesn't come up after a couple minutes I think we all tend to worry if something is wrong.  When we saw a 20 minute LAG to get the tunnel up it showed cause for concern.  In the end it did come up.

 

  That is a good tip changing the peer name to refresh it and it was a thought we considered.  We wanted to make it more automated and were not sure if a configuration change could help automate the DDNS update at the hub.

 

Have a great weekend!

Terms & ConditionsAccessibility statement