Dynamic DNS not working - fixed IP works



  • I have setup the dynamic DNS client and the IP is updated and that works (service type: All-Inkl.com).

    In Client Export i select that host name from that dynDNS client.

    On my Android device in OpenVPN in server list the server address is the same like the one from the dynDNS client.
    If i try to connect i get: read UDP [ECONNREFUSED] Connection refused (code=111).

    If i put my IP in the server list it works.

    I also see: UDP link remote [AF_INET]xx.xx.xxx.xx:1195
    Where xxxxxx is the IP from my web hosting provider (where i also have the dynDNS service).

    I have the feeling thats not correct that OpenVPN is trying to connect via UDP to get my home IP?



  • Hm even if i can connect if i directly enter my public IP, i cant access my cam or workstation.
    It was working when my modem was a router and my WAN was static.
    Now the pfSense WAN is DHCP and directly gets the public IP.

    Modem: 192.168.100.1
    pfSense LAN: 10.1.0.1/24
    DHCP Pool: 10.1.0.201 - 10.1.0.254
    Tunnel Network: 10.1.100.0/24

    OpenVPN.gif

    Export.gif

    wan.gif

    lan.gif

    vpnfirewall.gif



  • Have you checked Dynamic DNS status under services ?



  • @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    I also see: UDP link remote [AF_INET]xx.xx.xxx.xx:1195
    Where xxxxxx is the IP from my web hosting provider (where i also have the dynDNS service).

    The "dyndns host name" should resolve to your WAN IP ( xxxxxxxx ).

    @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    I have the feeling thats not correct that OpenVPN is trying to connect via UDP to get my home IP?

    Here is your OpenVPN server ? At home, right, so it should connect to the IP WAN at home, using UDP, port 1195 (if that's what you have set up in the OpenVPN server).

    @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    Modem: 192.168.100.1

    That's impossible.
    A modem is - normally - not a router.
    The modem should expose on it's "LAN" side the WAN IP to pfSense.
    The advantage of using a modem : no need to NAT before pfSense.
    Actually, there is no need at all to NAT no where : just ab firewall rule on pfSEnse (WAN interface) that let's in UDP, port 1195 from any(where). You have that rule and it's being used as shown :

    49cbccf6-8335-4fb3-8531-6a02246a2b9d-image.png

    If the WAN interface of pfSense has some RFC 1918 IP, well, yes, that's not good at all.



  • @feerab said in Dynamic DNS not working - fixed IP works:

    Have you checked Dynamic DNS status under services ?

    There is no DDNS in services?

    services.gif

    But updating the IP works:

    ddns1.gif

    ddns2.gif

    @Gertjan said in Dynamic DNS not working - fixed IP works:

    @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    The "dyndns host name" should resolve to your WAN IP ( xxxxxxxx ).

    But i see the IP from the webserver from my web hosting provider on my phone in the OpenVPN log.
    Well that's the first thing OpenVPN needs to do: Connecting to the DDNS Server to fetch the public IP that the DDNS service in pfSense is updating. First thing OpenVPN needs to know is to what IP it needs to connect to.

    But i wonder that its trying to connect with port 1195.
    I guess that DDNS server is port 80?

    @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    Modem: 192.168.100.1

    That's impossible.
    A modem is - normally - not a router.
    The modem should expose on it's "LAN" side the WAN IP to pfSense.

    Why is it impossible? The modem/router needs a IP. How would you go to its settings without an IP?
    And WAN in pfSense is set to DHCP and is getting the public IP from the modem.



  • @MrGlasspoole You have 2 choices :
    1- Port forwarding on your router for UDP 1195.
    2- Set your pfsense As DMZ on your router page.
    I see no other problems.



  • @feerab said in Dynamic DNS not working - fixed IP works:

    @MrGlasspoole You have 2 choices :
    1- Port forwarding on your router for UDP 1195.
    2- Set your pfsense As DMZ on your router page.
    I see no other problems.

    Its modem operation. There is no port forwarding or DMZ.
    pfSense has the public IP on WAN.



  • @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    There is no DDNS in services?

    Noop.
    Not a service as 'unbound' and others - as you listed.
    It's a task - a bunch of PHP script files that executes one a day :

    2464acd5-643c-48d3-8e06-f4cef282e847-image.png

    ( Install the cron package to see these cron entries. )

    and, when an WAN interface changes state, the same DYNDNS script will get called also. If the WAN IP changed, an update will occur.

    Making a DYNDNS work : take a (very) known one, with good documentation.
    Make it work - see how it works.
    Always use

    23783c44-30e1-4d4d-a35c-d76710a9e9e0-image.png

    in the beginning. When things don't works, the logs tell you why, and you know how correct your settings.
    This option is not some kind of optional one. When the system doesn't do what you want it to do, you use logging - and you check these logs. That is, if you want to know what's going on ....

    Wheh all is ok, take a less known DYNDNS supplier (but why should you ?).
    Be ware : the procedure of updating an A record for an URL using a DYNDNS supplier is always different. Every DYNDNS supplier can use different procedures. Some use close to standard procedures, some use very special rules.

    @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    Well that's the first thing OpenVPN needs to do: Connecting to the DDNS Server to fetch the public IP that the DDNS service in pfSense is updating. First thing OpenVPN needs to know is to what IP it needs to connect to.

    ?

    The OpenVPN doesn't care at all if a client uses an URL to connect to it.
    URL exists only for humans.
    OpenVPN, as any server, uses IP addresses. Nothing else. No exception.
    When you set up OpenVPN 'server', you select :

    2b79501f-0dfb-47e3-88e8-1088422e67ba-image.png

    and done.
    It listens on the WAN interface - on port :

    c8fce635-a870-4cfa-9e47-9c7efcd3ecd5-image.png

    Nothings else is needed.

    OpenVPN clients work with an IP address - URL are not really needed. If they are used, they have to be resolved first to an IP address.

    It's you, that want to use URL's because your WAN IP can change (all the time).
    It easier to type ones :
    athome.dyndns.org (that always points to my WAN IPv4)
    as
    185.202.365.25 (that can change all the time)

    So : make your DYNDNS work, and you'll be fine.
    If problems, post the logs ^^

    @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    Why is it impossible? The modem/router needs a IP. How would you go to its settings without an IP

    Correct, a modem can also expose a LAN type IP, so you can access it's GUI.
    But that's just for you, for maintenance tasks ...
    Your pfSense WAN interface should use the real 'WAN' IP ....



  • @Gertjan said in Dynamic DNS not working - fixed IP works:

    Wheh all is ok, take a less known DYNDNS supplier (but why should you ?).
    Be ware : the procedure of updating an A record for an URL using a DYNDNS supplier is always different. Every DYNDNS supplier can use different procedures. Some use close to standard procedures, some use very special rules.

    What do you mean?
    My web hoster is a well known company in Germany.
    And you can select it in the pfSense DDNS settings.

    And as i wrote. The IP updating to the DDNS server is working.
    If i go to the administration site from my web hoster my public IP is there.

    Its on the Android phone where i see:
    UDP link remote [AF_INET]xx.xx.xxx.xx:1195
    read UDP [ECONNREFUSED] Connection refused (code=111)

    And that xx.xx.xxx.xx is not my public IP.
    Its the IP from the server where my website is hosted.

    BUT i just realized something and made a ping to the hostname of the DDNS server.
    And i get back the IP from my website.

    So i guess i need to make an entry for that DDNS hostname (subdomain) at the provider where i have my domains.
    All other subdomains work with just this setting:
    nameserver.jpg



  • @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    What do you mean?
    My web hoster is a well known company in Germany.
    And you can select it in the pfSense DDNS settings.

    Hummm.
    What has the web host to do with this ?
    They - the web host - have a static IP - ....

    @MrGlasspoole said in Dynamic DNS not working - fixed IP works:

    And as i wrote. The IP updating to the DDNS server is working.
    ....
    And i get back the IP from my website.

    So, it's not working - it shouldn't not return the IP of this web host / web site - it should return the IP of your WAN at that moment.

    Example : I have a dedicated server on the Internet - and a hand full of domain names.
    One is "test-domaine.fr".
    Check out :

    root@ns311465:~# dig test-domaine.fr A +short
    5.196.43.182
    

    So, 5.196.43.182 is an IP4v of this dedicated server.
    "www" is the same :

    root@ns311465:~# dig www.test-domaine.fr A +short
    5.196.43.182
    

    But I have also an "URL" that points to my pfSense / WAN IP :

    root@ns311465:~# dig br*t.test-domaine.fr A +short
    82.127.*4.254
    

    and that's correct, that IP is my WAN IP right now.
    So, I can use "br*t.test-domaine.fr" as an URL that conenctes me to my .... OpenVPN running on my pfSense.

    When my WAN IP changes, pfSense will take care of updating the A record for br*t.test-domaine.fr using DYNDNS (actually, its RFC2136 based, using my own 'bind' master domain server, running on that server).

    Again : show us your logs ...


Log in to reply