Sophos DDNS unable to determine IP address behind NAT

Hello Ally,

Thank you for reaching out to the community, from the advance shell can you execute the following command and provide the output here: 
>  nslookup checkip.cyberoam.com
> telnet checkip.cyberoam.com 443

Hello Vivek,

The commands output are below. Thanks.

 # nslookup checkip.cyberoam.com
Domain Name Server#  127.0.0.1                                                    
 Domain Name       #  checkip.cyberoam.com                                         
 Resolved Address 1#  103.219.21.208                                               
 Resolved Address 2#  103.219.21.212;
 Resolved Address 3#  103.219.21.211;
 Resolved Address 4#  103.219.21.210                                               
 Total query time  #  1062.83 msec                                                 
 can't resolve 'checkip.cyberoam.com'     

                                         
  # telnet checkip.cyberoam.com 443                 
 Trying 103.219.21.208...                                                          
 Connected to checkip.cyberoam.com.                                                
 Escape character is '^]'.   

Bharat J said:

Can you share the configuration you have done to forwarded all the ports on your upstream router for Sophos XG IP on WAN Zone ?

Hi Bharat, All the forwarded ports on the upstream router for Sophos IP are: TCP (8443), and UDP (500, 1701, 4500, 8443)

Regards,

Hi Ally 

Thanks for the update, it seems you have forwarded only TCP (8443), and UDP (500, 1701, 4500, 8443) ports, it would be great if you forward all the ports not only specific ones.

Regards

Hi Bharat, we already tried to put the Sophos IP in the DMZ on our upstream router, but it is not working.

My question is, what ports are needed to be opened for this purpose? Thanks.

Hi Ally 

Just to make sure you are not using any other DNS Provider previously attached to the same Interface?

This is to troubleshoot the issue and to verify if your upstream router is not blocking any service port if you forward all the ports and check if it is working or not. If works we have to make sure proper ports are forwarded like 443.

To check the issue from the upstream router is the above step need to check as well as from your DDNS service provider 

I would like to suggest you try to configure the DDNS service from https://www.noip.com/ it will give you 30 days of a free trial. This is just to verify that DDNS is working on Sophos XG or that the issue is from your DDNS service provider or upstream router.

Some snapshots from my lab : 

You may conduct also the steps below.

1. Open Console > option 5>3  for advance Shell

2. run the command tail -f /log/WINGc.log

3. Goto DDNS and select edit and save it

to restart WINGc service run below command : 

service WINGc:restart -ds nosync

Regards

Hi Bharat, we already checked with three different service providers: DynDNS, Google and Cloudflare. None of them work. Thanks.

Hi Ally 

Ally said:

we already checked with three different service providers: DynDNS, Google and Cloudflare. None of them work.

 that would be the reason from 

Can you release the configuration from all DDNS services providers and try again attached to the same Interface?

Also try to get the logs status as guided and share the output 

Regards

Bharat J said:

2. run the command tail -f /log/WINGc.log

Hi Bharat, Here are the output results of the command: tail -f /log/WINGc.log

checking if my firewall is enabled ?
checking if my firewall is enabled ?
checking if my firewall is enabled ?
 ... 

Bharat J said:

to restart WINGc service run below command : 

service WINGc:restart -ds nosync

200 OK

As requested, we released the configuration from the DDNS services providers and attached again to the same Interface. Still DDNS status updates shows failed.



Hi Ally 

Take a look at the following logs as well, to see if you find more information on what might be causing the issue.

applog.log, csc.log, ddc.log, tomcat.log 

Regards

Hi Bharat, we checked the other logs, but it is not clear what could be causing the issue. Thanks.

Here is the output result from applog.log

Aug 02 16:21:11Z Request type = 1 
Aug 02 16:21:11Z apiInterface:versionsupported: true. 
Aug 02 16:21:11Z apiInterface:request mode -> 352. 
Aug 02 16:21:11Z apiInterface:Current ver :::'1900.1' 
Aug 02 16:21:11Z apiInterface:entityjson::::::::network::dynamicdns=HASH(0xa9aeef0) 
Aug 02 16:21:11Z Info:: Transaction will not be rolled back for opcode ddc:update_account. If any operation fails, request is part of multiple request : 
Aug 02 16:21:12Z DDC Client updated successfully. 

output from ddc.log:

cache{***.net}{mx}             :                                          
cache{***.net}{static}         : 0                                        
cache{***.net}{status}         :                                          
cache{***.net}{warned-min-error-interval} : 0                             
cache{***.net}{warned-min-interval} : 0                                   
cache{***.net}{wildcard}       : 0                                        
cache{***.net}{wtime}          : 30                                       
[2022-08-02 16:26:33Z] DEBUG:    get_ip: using cmd, curl --capath /conf/certific
ate/cacerts/ checkip.cyberoam.com/ --silent -m 30 --interface Port2 repo
rts <undefined>                                                                 
[2022-08-02 16:26:33Z] WARNING:  unable to determine IP address                 
[2022-08-02 16:26:33Z] DEBUG:    sleep 300                                      
[2022-08-02 16:30:17Z] MSG:      child exited, status=0 pid=10698               
[2022-08-02 16:30:17Z] MSG:      Child exited, Creating new ddclient process    
[2022-08-02 16:30:17Z] MSG:      ddclient process started: '12822'              
[2022-08-02 16:30:21Z] DEBUG:    file /cfs/ddclient/ddclient.conf: file /cfs/ddc
lient/ddclient.conf must be accessible only by its owner.
...
[2022-08-02 16:30:29Z] DEBUG:    get_ip: using cmd, curl --capath /conf/certific
ate/cacerts/ checkip.cyberoam.com/ --silent -m 30 --interface Port2 repo
rts <undefined>                                                                 
[2022-08-02 16:30:29Z] WARNING:  unable to determine IP address                 
[2022-08-02 16:30:29Z] DEBUG:    sleep 300               

output from tomcat.log:

2022-08-02 12:34:18,384:INFO:CSC - EventBean: { opCode: ddc:update_account, mode
: 352, waitForeResponse: true, requestType: 0, opcodetype: 1, entityId: 14, bean
Name: cyberoam.network.helpers.DDNSAccountHelper, syncalbe: true, comProtocol: u
 }                                                                              
2022-08-02 12:34:18,388:INFO:HFHelper - X-FROWARDED-FOR: 10.0.***.10            
2022-08-02 12:34:18,388:INFO:CSC - UserId: 3, ___username: admin, __currentlylog
gedinuserip: , ___component: GUI                                                
2022-08-02 12:34:18,388:INFO:CSC - Event Bean:{ opCode: ddc:update_account, mode
: 352, waitForeResponse: true, requestType: 0, opcodetype: 1, entityId: 14, bean
Name: cyberoam.network.helpers.DDNSAccountHelper, syncalbe: true, comProtocol: u
 }                                                                              
2022-08-02 12:34:18,388:INFO:CSC - Keys in json: ["ipaddress", "___serverport", 
"___component", "loginname", "extiface", "transactionid", "serviceproviderid", "
accountid", "hostname", "currentlyloggedinuserid", "___serverprotocol", "___user
name", "___meta", "___serverip", "currentlyloggedinuserip"]                     
2022-08-02 12:34:18,391:INFO:CSC - final opcode:                                
opcode apiInterface csc/1.0                                                     
content-type:json                                                               
content-length:424                                                                           

output from csc.log:

 PAckage ::::network::dynamicdnsMESSAGE   Aug 02 16:32:29Z  [worker:13423]: {"re
quest":{"method":"opcode","name":"apiInterface","version":"1.2","type":"json","l
ength":244,"data":{"mode":2516,"___serverport":4444,"___component":"GUI","APIVer
sion":"1900.1","___serverprotocol":"http","___username":"admin","___initialsetup
":"1","___meta":{"sessionType":1},"___serverip":"192.168.1.0","currentlyloggedin
userip":"10.0.***.10"}}}                                                        
MESSAGE   Aug 02 16:32:30Z  [worker:13365]: {"request":{"method":"opcode","name"
:"get_wizard_flags","version":"1.6","type":"json","length":336,"data":{ "___init
ialsetup": "1", "APIVersion": "1900.1", "___serverport": 4444, "___serverprotoco
l": "http", "___component": "GUI", "___username": "admin", "___cmrequest": 0, "_
__serverip": "192.168.1.0", "mode": 2516, "currentlyloggedinuserip": "10.0.***.1
0", "currentlyloggedinuserid": 3, "___meta": { "sessionType": 1 }, "___cmenabled
": 0 }}}                                      a                                  
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.mandatory): 
failed with -16                                                                 
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.offline): fa
iled with -16                                                                   
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.up2dateoff):
 failed with -16                                                                
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.state): fail
ed with -16                                                                     
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.popup): fail
ed with -16                                                                     
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
                                                                                
                                         

Hey Ally, you are using the cloudflare as a service provider, right ?
Can you perform a tcpdump packet capture with the provider's hostname or server IP?
Create and download a packet capture : https://support.sophos.com/support/s/article/KB-000037007?language=en_US

Hey Ally, you are using the cloudflare as a service provider, right ?
Can you perform a tcpdump packet capture with the provider's hostname or server IP?
Create and download a packet capture : https://support.sophos.com/support/s/article/KB-000037007?language=en_US