Newbie to pfsense, got typo in WAN host name How to fix?
-
@stephenw10 said in Newbie to pfsense, got typo in WAN host name How to fix?:
Never really dug too deep into that but is it not possible dhclient sent that to the provider?
No... I don't think so - never seen a provider update their PTR records with hostname via dhcp client.. Not saying it not possible.. And not really a good idea to be honest.. Since its quite possible you wouldn't want the PTR to reflect host name of the router, but the forward name of say a smtp server you have behind that public IP, etc.
If his ISP is allowing him have a PTR of his choice - then a simple call to them should get it fixed up. You could also just have your dns look like it owns the netspace.. So for example just created record in unbound for my pfsense for my public IP.. And now it shows this in the arp table.
But that has zero to do with how anyone else on the planet would resolve it... Just makes anyone using my unbound as their dns resolve that PTR. Simple local-data-ptr in the custom box easiest way to do it ;)
And as discussed this would have nothing to do with any sort of cert not complaining about a common or san name in a cert.
-
If it's what you see in the ARP page, that should be what is resolved locally, so either the hostname under System > General or maybe a host override.
If it's the GUI cert that has an unexpected hostname, then you can make a new cert manually, or use
pfSsh.php playback generateguicertafter correcting the hostname, or (Even better) use ACME to get a real trusted cert.If it's a VPN cert, make a new server cert.
If you can't find where else the wrong hostname is present, download a config.xml backup and then open it in a text editor. Do a search inside for the incorrect name.
-
Hmmmm; My WAN link is static IP and config that's why I thought it was my typo. I just got off the phone with TWC took an about to get to the Level III that knew what I was talking about. This is the 4 th TWC problem that I've had in 7 days.
-
Looks like they BROKE it to me.. now all you get back is SOA when you query the SOA for that PTR ;)
So vs them fixing it to the actual fqdn you wanted to be returned, they just removed the record completely ;)
-
Nice.
Though still not clear to me why that should be an issue. If this is just VPN clients refusing the cert just regenerate it.
Steve
-
Its not an issue what his PTR reports or doesn't report has ZERO to do with his overall problem.. I believe what he saw in his arp table just confused him..
-
After TWC deleted PTR records.
-
yup that is what I show for those IPs PTR ;)
I don't see any vpn one though? the forward points to .242 but the PTR is just gone.
-
So it looks like the General setup generates the LAN hostname but nowhere is the WAN hostname entered. How do I get the WAN hostname in there?
-
That is the WAN hostname. Or at least that is the name send by dhclient to an upstream server.
Steve
-
Get it in where?? Not sure why you think you need a WAN IP to resolve to something in your arp table for vpn clients to connect to you?
I am thinking you still don't quite grasp what a PTR or reverse is...
Your vpn.domain.tld resolves to IP.242 address.
