How to disable DDNS registration of Tunnel clients
03/26/2020
2 People found this article helpful
195,127 Views
Description
How to disable DDNS registration of Tunnel clients
Resolution
Feature/Application:
In order to disable DDNS registration of Tunnel clients, you must be running 10.0.2 or later with clt-hotfix-10_0_2-002 and pform-hotfix-10_0_2-004 or newer.
Procedure:
Enabling filtering of DDNS requests for Tunnel Agents
Step 1: Install clt-hotfix-10_0_2-002 and pform-hotfix-10_0_2-004 or newer.
Step 2: Create the file /root/extensions.conf, put the following contents in it:
# Disable DDNS in Tunnel Agents (ODT/CT) -- 10/7/2009
EVPN_Disable_DDNS=1
Step 3: Restart EVPN (this will force users to go through a tunnel resumption) with the following command:
/etc/init.d/evpn restart
Verifying DDNS filtering is enabled at the client
Step 1: Ensure your tunnel client is upgraded to the newest version from the client hotfix (version number should be 10.0.2-046 or later).
Step 2: Start up a debug ngutil command prompt window on the client PC:
ngutil -reset -poll -severity=debug > ngutil.txt
Step 3: Launch tunnel, and connect to the appliance.
Step 4: Go back to the ngutil window and press ctrl+c.
Step 5: Open the ngutil.txt in notepad, and search for the string 'ddns'. You should see a log entry like this if filtering DDNS is enabled:
15:35:24.354 I ClientConfig: DisableDDNS 1 And one that looks like this if filtering DDNS is disabled:
15:35:24.354 I ClientConfig: DisableDDNS 0
Disabling filtering of DDNS requests for Tunnel Agents
Step 1: Comment out the line 'EVPN_Disable_DDNS=1' in /root/extensions.conf so it looks like this:
# Disable DDNS in Tunnel Agents (ODT/CT) -- 10/7/2009
#EVPN_Disable_DDNS=1
Step 2: Restart EVPN (this will force users to go through a tunnel resumption):
/etc/init.d/evpn restart
Behaviour with future versions and migration
- All future versions > 10.0.2 will have the ability to automatically migrate this config file and associated settings forward. You should only have to modify /root/extensions.conf once, in which case it will be enabled on future upgrades (10.0.3, 10.5.0, etc.).
- Upcoming releases (10.5.0) will also include the ability to modify the extensions.conf file via AMC.
Tracking ID: 83678
Related Articles
Categories