Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 31363 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Real' Shell Access to modify config-Files (edit Dyndns-Settings)

MarkusArndt

I must quickly migrate from UTM 9 to XG because my private network (3 families) exceeds the limit of 50 devices (handys for the Kids ... :-)
To reach my homenet from the outside is (unfortunately ;-) a core-requirement of my family and we can't get a static IP from my provider.

The new firewall has no DynDNS-Support for my (free) DynDNS provider selfhost.eu, but the Protocoll is DynDNS.org-kompatible, which is directly supported in the dropdownbox.

I thought it must be possible to change the service-url for the ip-update in a config-file. So I found an old post, which adresses this problem and someone wrote (for UTM9): "Modify /var/confd/res/dyndns/features.ph to change URI from DynDNS directly"

But in the console of the new XG I can only choose predefined commands and can't edit and navigate the underlying filesystem (except using a hard-disk editor and change the bits directly).

Can somebody give me a tip, how I can solve this problem? (e.g. free console-acess or another workaround to modify the right config file in the new UTM version)

(Loosing support / warranty for the whole system after file-modification is no big problem for me, because it's a private license at home and nobody dies when something goes wrong ... :-)



This thread was automatically locked due to age.
  • 0
    Markus,
    to gain access to shell, connect to XG using ssh then when the menu appears, select 5 then 3.

    Luk
  • 0 in reply to lferrara
    Luk,
    thank a lot for your reply. To start the shell seem to be the easy part ... when you know how to do ... ;-)

    But I don't find the file for the Dyndns-Definitions in the filesystem. The only File containing the dyndns-URL contains DB-Insert commands like this:

    INSERT INTO tblddnsserviceprovider (serviceproviderid, displayname, protocol,serverstring) VALUES (1, 'DynDns', 'dyndns2', 'members.dyndns.org');

    Now I want to change the URL from the insert statement above in the local postgres database like this (hoping this helps to update the IP at the other provider):

    UPDATE tblddnsserviceprovider set serverstring = 'url from my provider' where serviceproviderid=1;

    Next Problem: how can I connect to this database to submit my update-statement?
    (psql is installed, but I have no Database-Name and no User/Password. root/admin etc. doesn't work)

    Can you give me another hint? ;-)
  • 0 in reply to MarkusArndt
    Hi Markus,
    I do not know how can you achieve your goal. Sorry about that.

    Luk
  • +1
    I solved the Problem myself and it works with selfhost.eu now:

    - Logon to Sophos XG via Putty
    - Select 5 and 3 for Console (Thanks to lferrara!)
    - List all Dyndns-Provider with command
    psql -U nobody -d corporate -c "select * from tblddnsserviceprovider"
    - The Entry with ID 1 is Provider 'Dyndns' with Protokoll 'dyndns2' and the korrekt Provider-URL
    - My free Dyndns-Provider, selfhost.eu, offers the same Protocoll dyndns2 with his own Update-URL (= carol.selfhost.de)
    - I upgraded the URL with the folowing command:
    psql -U nobody -d corporate -c "update tblddnsserviceprovider set serverstring = 'carol.selfhost.de' where serviceproviderid=1"
    - I restarted the XG but I don't know, if it's really necressary.
    - I added Dyndns-Config for Provider "Dyndns" in the WebConsole with HostName and Credetials from selfhost.eu.

    After Reconnecting the WAN-Interface (DSL/PPPoE) the Sophos sucessully upgrades the Public IP at selfhost!! :-)

    (
    At first I try to insert an own entry in the table tblddnsserviceprovider but this was a bad idea. The Dyndns-client-Service from XG-OS went "red" and doesn't start anymore!?? To get it working again I and dropped my new entry.
    Unfortunally I can't update or delete Dyndns-Lines in WebConsole after this try. After deleting the Account via database
    psql -U nobody -d corporate -c "delete from tblddnsaccountdetail"
    the client-process starts without problems, when I restarted the XG.
    So - no warranty for not destroying your Database ... :-)
    )

    But when you only upgrade the URL from an existing Provider-Entry the risik is very small I think.

    This hack will surly work with many other Dyndns-Providers, when they offer the dyndns2-Protokoll to update the IP.
  • 0 in reply to MarkusArndt

    Thanks for doing the legwork. I'm thinking about migrating to Google Domains as they offer dynamic DNS, but also need a different URL.

    Before I implement this, do you know if this will persist post firmware updates?

  • 0 in reply to froader

    I had no Problems after Firmware-Updates. For a long time Updates doesn't overwrite my changed line in the Database. I think it could be a Problem, wenn Astaro decides to Support new Dyndns-Providers. But it shoud be possible to change the URL again after such an update.

  • 0 in reply to MarkusArndt

    This post is from 2016 and this feature is still not working out of the box.

    A pity

  • 0 in reply to Mr.Roboto

    Hey  

    Unfortunately some manual config-file changes are reset or overwritten during regular operation.

    We do have a KB article for integrating Sophos XG Firewall with third party Dynamic DNS service providers through the GUI.

    Best,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to MarkusArndt

    Thanks!

    I've started the domain transfer process with a few of my domains and will have to see how this works.

  • 0 in reply to FloSupport

    Hi Flo,

    I know this document, but several Sophos partners share the same problem -> they want to migrate UTM customers to SFOS but there is a simple lack in the available options of DynDNS providers in relation to the UTM. Who wants to pay this extra amount of time it takes to migrate a bunch of DynDNS accounts??

Unfiltered HTML