Create BOVPN tunnel between locally managed firebox with DDNS and cloud-managed FB

LeonidLeonid
in Firebox - VPN Branch Office

Hello,

I'm having trouble creating a BOVPN tunnel between a locally-managed Firebox (FB) and a cloud-managed device.

On the locally-managed side, I'm using afraid.org DDNS. I created an A record: myname.chickenkiller.com.

Here comes the first confusion. Afraid.org states on their router setup page:

Select 'freedns.afraid.org' in the drop-down menu, then enter:

Username: guest
Password: guest
Hostname: dns_name,update_key
However, in the WatchGuard documentation, it says: "Type the Password you used to set up your dynamic DNS account."

So, I tried both ways without any change.

The cloud-managed Firebox's BOVPN Endpoint B is set to myname.chickenkiller.com. This hostname correctly resolves to my external IP.

Currently, I am getting the following error in the logs:
2025-10-12 21:23:31 iked (192.168.8.68<->XX.XX.XX.XX) IKEv2 IKE_AUTH exchange from 192.168.8.68:4500 to XX.XX.XX.XX:4500 failed. Tunnel='tunnel.1'. Reason=Received N(AUTHENTICATION_FAILED) message.

I get the same message even if I put a wrong endpoint name (like mname.chickenkiller.com) in the cloud-managed FB. This leads me to believe something is wrong with the DDNS configuration.

I have the option "Allow the dynamic DNS provider to determine the IP address" enabled on both sides.

Have anybody had any luck with afraid.org?

Many thanks

Comments

  • Bruce_BriggsBruce_Briggs

    Is the message from the cloud Firebox?

    re. first confusion:
    From here:
    https://freedns.afraid.org/guide/dd-wrt/
    This write-up is for a Buffalo WZR-600DHP, with DD-WRT firmware and it needs to update the info at afraid.org when the external IP addr changes on the router.
    "The router just ignores the username and password fields, so do not worry about those. The 'dns_name', and 'update key', and its placement after the comma are the most important thing."

    All you should need to enter is the domain name of the locally managed Firebox.

    I have not used that DDNS provider. I use freeddns.org

  • LeonidLeonid

    The 'dns_name', and 'update key', and its placement after the comma are the most important thing." - that I tried as well.
    Does freeddns work with Firebox? It is not in the list

  • Bruce_BriggsBruce_Briggs

    It is a domain name option from dynu.com, along with some other ones
    https://www.dynu.com/ControlPanel/AddDDNS

    The update key should only be needed when trying to change the registered IP addr at the DDNS site, which you are not trying to do here

    You can open a support case and get help from WG with the BOVPN authentication issue if you can't get past it.

Sign In to comment.