Dynamic public IP and OpenVPN



  • If a site uses a dynamic public ip and the openvpn clients are already created and being used, what happens if the public ip changes? Will the clients still be able to connect?



  • @axiomcs No, they won't connect by IP. You can avoid that problem by creating a dynamic DNS account at any of the several providers available
    (ex. https://www.noip.com) then configure pfSense (Services/Dynamic DNS) to upload the new IP address when it changes. You can use a free account if you wish, but you need to manually access it each month to maintain its service or get a paid account that is set/forget. Then you can code the dynamic DNS host name in the OpenVPN client config file, replacing the IP.



  • If a Services/Dynamic DNS is setup, how should the Interface/WAN be setup? Just leave the WAN interface page blank?



  • @axiomcs
    Leave it blank is never a good idea.

    So you have a dynamic WAN IP. Now, is your WAN connected to pfSense or do you have a router in front of it?
    If it is on pfSense you have to configure the interface for DHCP or a sort of PPP, depending on what your ISP provides to you.
    If you have a router it's the first choice to do dyn DNS updates on the router itself if possible.



  • WAN is directly connected to pfSense. The only setting needed on the WAN page is to set the IPv4 Config Type to DHCP?

    And then if I setup Dynamic DNS and the public IP changes, pfSense will always look to the Dynamic DNS hostname along with the dyndns provider login info?



  • As already mentioned, how to configure WAN interface, depends on your ISP. However, as you stated above, your WAN is already working. So there is nothing to change for DynDNS.

    Get an account from a dynamic DNS provider. Then you can choce a hostname in given domains like yourhost.dyndns.com.
    Configure the Dynamic DNS service in pfSense (Services > Dynamic DNS > Dynamic DNS Clients). If it is set up properly it will update the dynamic DNS at provider every time your WAN IP changes.
    So you can configure you openVPN clients to connect to yourhost.dyndns.com. The hostname is ever the same, the IP behind may change.


Log in to reply