Dynamic DNS is not updated when used with a Multi WAN gateway group
I have recently upgraded my pfSense installation from a custom Supermicro server (old 2.1 version) to a NetGate XG-7100 1U with the latest pfSense available version (2.4.4-p3).
My configuration is:
- a WAN interface with a CARP VIP (xx.xx.188.226)
- a WAN2 interface with a CARP VIP (xx.xx.190.104)
- a WANGW gateway (for WAN interface) with external monitor IP
- a WAN2GW gateway (for WAN2 interface) with external monitor IP
- a WANGWGROUP gateway group with WAN (CARP VIP) as Tier 1 and WAN2 (CARP VIP) as Tier 2, the Trigger Level is Member Down with default settings (>20% packet loss)
- the WANGWGROUP is configured as default gateway
- a No-IP (free) DynDNS with WANGWGROUP as monitored interface
My obtective is to use the DynDNS name to setup a fail-over for OpenVPN and IPsec.
When I set the WAN gateway down manually in the interface, the DynDNS is updated (new IP : WAN2 CARP VIP):
The check_reload_status Updating all dyndns is triggered and the DynDNS is updated.
The log is :
Aug 2 13:16:01 check_reload_status Syncing firewall Aug 2 13:16:01 php-fpm /system_gateways.php: MONITOR: WANGW is down, omitting from routing group WANGWGROUP xx.xx.0.224|xx.xx.188.226|WANGW|1.528ms|0.956ms|0.0%|force_down Aug 2 13:16:02 php-cgi notify_monitor.php: Message sent to email@example.com OK Aug 2 13:16:03 php-fpm /system_gateways.php: Gateway, switch to: WAN2GW Aug 2 13:16:03 php-fpm /system_gateways.php: Default gateway setting Routeur de secours Cisco WAN2 (cpe2) as default. Aug 2 13:16:04 check_reload_status Reloading filter Aug 2 13:16:04 php-fpm /system_gateways.php: Removing static route for monitor xx.xx.0.224 and adding a new route through xx.xx.188.225 Aug 2 13:16:04 php-fpm /system_gateways.php: Removing static route for monitor xx.xx.142.9 and adding a new route through xx.xx.190.97 Aug 2 13:16:05 check_reload_status Updating all dyndns Aug 2 13:16:07 php-fpm /rc.dyndns.update: phpDynDNS: updating cache file /conf/dyndns_WANGWGROUPnoip-free'xxxx.ddns.net'0.cache: xx.xx.190.104 Aug 2 13:16:07 php-fpm /rc.dyndns.update: phpDynDNS (xxxx.ddns.net): (Success) DNS hostname update successful.
When the WAN gateway is naturally down, the DynDNS is not updated (tested by removing the correct VLAN tag on the switch port).
It is displayed as RED in the interface and never updated, it stays on WAN CARP VIP.
The log is :
Aug 2 11:55:56 rc.gateway_alarm 28265 >>> Gateway alarm: WANGW (Addr:xx.xx.0.224 Alarm:1 RTT:1.414ms RTTsd:.134ms Loss:21%) Aug 2 11:55:56 check_reload_status updating dyndns WANGW Aug 2 11:55:56 check_reload_status Restarting ipsec tunnels Aug 2 11:55:56 check_reload_status Restarting OpenVPN tunnels/interfaces Aug 2 11:55:56 check_reload_status Reloading filter Aug 2 11:55:57 php-fpm /rc.openvpn: MONITOR: WANGW is down, omitting from routing group WANGWGROUP xx.xx.0.224|xx.xx.188.226|WANGW|1.414ms|0.135ms|23%|down Aug 2 11:55:57 php-fpm /rc.openvpn: Gateway, switch to: WAN2GW Aug 2 11:55:57 php-fpm /rc.openvpn: Default gateway setting Routeur de secours Cisco WAN2 (cpe2) as default. Aug 2 11:55:57 php-fpm /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WANGW. Aug 2 11:56:12 php-fpm /rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing. Aug 2 11:56:12 check_reload_status Reloading filter
The check_reload_status Updating all dyndns event seems to not be triggered.
Instead, there is a check_reload_status updating dyndns WANGW event which seems to do nothing.
I think my configuration is correct.
Shoud I report a bug ?
There are also 2 similar forum posts for the same problem (Dynamic DNS not updated) :
I noticed the same problem. The other links tell us to modify cron so the script of dynamic dns runs every XX minutes. I do not think its an intelligent way to do that.
As you mentioned, when we mark gateway as down, a trigger is activated. Why pfsense don't do that automatically when a gateway is marked as down for a ISP problem? It would be the intelligent way to do that. IMO.
Could you manage to resolve this problem ?
I tried the other solutions but not worked as I wish.
Thanks in advance.
There were some fixes pushed related to Dynamic DNS and gateway groups recently : https://redmine.pfsense.org/issues/9435
The fixes will come with pfSense 2.5.0.
I don't know if it fixes our problem, I haven't tried it yet.
Related commits :
You can try to manually patch the /etc/rc.dyndns.update file.