HE.net tunnelbroker DynDNS not updating WAN IP



  • Hi all,

    I have a HE.net tunnel set up and running. Also, I have configured two DynDNS services. The correct WAN ip can only be determind by pulling an external service.

    My no-ip (free) account works flawlessly and gets my correct WAN ip.

    HE.net tunnelbroker does not work, though. My login/update credentials are fine - I checked those.

    In the logfile it says:

    /services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (339194): IP address could not be extracted from checkip.dyndns.org
    

    This does not pose an issue for the no ip service though.

    Is this an actual bug?

    Update:

    Since configuring he.net tunnelbroker dyndns the user interface of my pfsense gui has become very slow when accessing the Services -> DynDNS page. Maybe another hint, that there is something wrong with this dyndns service implementation?

    I found a workaround for the update to work:
    Creating a custom dyndns service and using this URL to do the udpate: https://ipv4.tunnelbroker.net/nic/update?username=<username>&password=<password>&hostname=</password></username>



  • @omnidan:

    …..
    Is this an actual bug?

    I'm using he.net and the needed dyndns update works for some years now for me.
    My pfSense has the IP-WAN on one of it's NIC's so extracting it using checkip.dyndns.org isn't needed.

    Question : your WAN port (== the end point for he.net tunnel) is the IP that should be used.
    If this one is any different as the IP your are using on the net, that I guess you have a conflictual situation. (A solution might be : put your pfSense in a DMZ zone)

    What is your WAN IP ? Do you have more details ?

    @omnidan:

    Update:
    Since configuring he.net tunnelbroker dyndns the user interface of my pfsense gui has become very slow when accessing the Services -> DynDNS page. Maybe another hint, that there is something wrong with this dyndns service implementation?

    Looks to me that your pfSense box can't access checkip.dyndns.org …. the 'task' is waiting ....
    Remember : the code involved here is the same for you and me ...

    Access your pfSense using SSH, goto option 8 and use this commande :
    curl checkip.dyndns.org
    It should give you back right away this line :

    <title>Current IP Check</title>Current IP Address: 90.38.145.4
    
    

    from which the IP is 'extracted'.

    @omnidan:

    I found a workaround for the update to work:
    Creating a custom dyndns service and using this URL to do the udpate: https://ipv4.tunnelbroker.net/nic/update?username=<username>&password=<password>&hostname=</password></username>

    Did you activate the  verbose logging (dyndns "he.net" entry) : you'll should have :
    May 24 15:36:29 php-fpm 62739 /services_dyndns_edit.php: phpDynDNS (245809): (Success) No Change In IP Address.
    May 24 15:36:29 php-fpm 62739 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wanhe-net-tunnelbroker'245809'0.cache: 90.38.145.4
    May 24 15:36:29 php-fpm 62739 /services_dyndns_edit.php: Message sent to to@me.tld OK
    May 24 15:36:28 php-fpm 62739 /services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): 90.38.145.4 extracted from local system.
    May 24 15:36:28 php-fpm 62739 /services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): _checkStatus() starting.
    May 24 15:36:27 php-fpm 62739 /services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): _update() starting.
    May 24 15:36:27 php-fpm 62739 /services_dyndns_edit.php: Dynamic DNS (245809): running get_failover_interface for wan. found pppoe0
    May 24 15:36:27 php-fpm 62739 /services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): 90.38.145.4 extracted from local system.
    May 24 15:36:27 php-fpm 62739 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
    (remember : read it the other way around).

    Btw (not related) : the IP is retrieved twice :
    15:36:27 : he-net-tunnelbroker (245809): 90.38.145.4 extracted from local system.
    and
    15:36:28 : he-net-tunnelbroker (245809): 90.38.145.4 extracted from local system.
    Never understood why ….



  • What is your WAN IP ? Do you have more details ?

    My pfsense is in the DMZ of the modem/router I got from my ISP. The connection between this modem and pfsense is static so the wan-interface of pfsense has 192.168.254.254

    Access your pfSense using SSH, goto option 8 and use this commande :
    curl checkip.dyndns.org

    This works, I'm getting the correct IP, that my ISP is assigning to my modem/router. As said, the no-ip(free)-Service on pfsense gets it correctly as well.

    Even after turning on verbose logging I don't get any more than this:

    Time	Process	PID	Message
    May 24 20:09:42	php-fpm	94999	/services_dyndns_edit.php: Dynamic DNS (339194) There was an error trying to determine the public IP for interface - wan (re0 ).
    May 24 20:09:42	php-fpm	94999	/services_dyndns_edit.php: Dynamic DNS (339194): running get_failover_interface for wan. found re0
    May 24 20:09:42	php-fpm	94999	/services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (339194): IP address could not be extracted from checkip.dyndns.org
    May 24 20:09:12	php-fpm	94999	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting
    


  • Hummm.

    I changed my "HE.net Tunnelbroker" dyndns WAN interface to a NON WAN - internal LAN interface : (internally : OPT3).
    pfSense detects that it is an internal IP, and starts to use "checkip.dyndns.org".
    This does took some time, a couple of seconds more, indeed, but came back with "90.38.145.4 extracted from checkip.dyndns.org" (90.38.145. is my WAN IP).

    My log : (in reversed order) :

    May 25 00:32:16 	php-fpm 	1429 	/services_dyndns_edit.php: phpDynDNS (245809): (Success) No Change In IP Address.
    May 25 00:32:16 	php-fpm 	1429 	/services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_opt3he-net-tunnelbroker'245809'0.cache: 90.38.145.4
    May 25 00:32:16 	php-fpm 	1429 	/services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): 90.38.145.4 extracted from checkip.dyndns.org
    May 25 00:32:15 	php-fpm 	1429 	/services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): _checkStatus() starting.
    May 25 00:32:14 	php-fpm 	1429 	/services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): _update() starting.
    May 25 00:32:14 	php-fpm 	1429 	/services_dyndns_edit.php: DynDns (245809): Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: 0.0.0.0 WAN IP: 90.38.145.4 Initial update.
    May 25 00:32:14 	php-fpm 	1429 	/services_dyndns_edit.php: Dynamic Dns (245809): Current WAN IP: 90.38.145.4 No Cached IP found.
    May 25 00:32:14 	php-fpm 	1429 	/services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): 90.38.145.4 extracted from checkip.dyndns.org
    May 25 00:31:13 	php-fpm 	1429 	/services_dyndns_edit.php: Dynamic DNS (245809): running get_failover_interface for opt3\. found rl0
    May 25 00:31:13 	php-fpm 	1429 	/services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (245809): 90.38.145.4 extracted from checkip.dyndns.org
    May 25 00:31:10 	php-fpm 	1429 	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting 
    

    According to /etc/inc/globals.inc (and info found in /etc/inc/dynclss.inc) )I created a file called
    /etc/inc/globals_override.inc

    	$g['debug'] = true;
    ?>
    

    to obtain a detailed debug message in /var/etc/dyndns_wanhe-net-tunnelbroker'245809'0.debug ….
    But all I got was a logic :

    05-25-16 01:31:12 - (4928208) - [he-net-tunnelbroker] - -ERROR: This tunnel is already associated with this IP address.  Please try to limit your updates to IP changes.
    

    Btw : the IPv4 you hand over to he.net (the tunnel-end point)  should be pingable !



  • It's weird that on my setup apparently the extraction of the ip for the HE-account does not work, but it does for no-ip :-(