Dynamic DNS not working reliably
-
@Bob-Dig said in Dynamic DNS not working reliably:
Btw. my WAN-addresses always begins with 100.65
Which means you are behind a CGN, I see.
But I don't see even one mention in the logs concerning the WAN IP (100.x). Are there any? There should have been at least one about getting a new WAN IP if your WAN IP changed. I'm missing a "newwanip" event on WAN, not on OVPNx.
Also no rc.dyndns.update? At all? There should be one forced daily so that should pop up at least? -
@JeGr Probably the wrong filter.
At Jul 22 08:37:41, it was me doing it manually.
-
Sorry can't download it, the site switches from https to http and back and in the end there's a 404.
-
@JeGr You have to wait 15 seconds, then the download link appears. At least, working here.
-
Some Hosts of that "filehoster" have bad/invalid TLS certs and broken chains. Wouldn't trust such a setup but anyways seems I got one that actually works now that could serve the file.
I see multiple events popping up in that log that could be related to the error, but those are the ones sticking out:
Jul 22 01:01:16 pfSense php-cgi: rc.dyndns.update: phpDynDNS (xxxxxx): PAYLOAD: -ERROR: IP is not ICMP pingable. Please make sure ICMP is not blocked. If you are blocking ICMP, please allow <ip> through your firewall.
That one is IMHO related to HE.NET and as it is followed by "unknown response" isn't a good sign. It seems you're not allowing ICMP or they can't reach you because you're behind CGN - I'm not sure in that case. As it's working manually later on it could be that your IP change / CGN is related to that.
The Cloudflare ones were updated to a public IP 86.x.y.z successfully. Still could not find any mention about an IP change upstream (100.xy IP as you said), so pfSense itself saw/sees NO change in WAN IP that I can find in the logs.
Your manual update later changed the IP to a 82.x.y.z IP (from the 86 it detected at 1am), so in the meantime it seems your public IP changed (again).
For me that seems like your connection is stable but your provider just changes your externally mapped 1:1 IP to something they like when they like without actually terminating your connection? If that's the case, that's no way pfSense could ever "see" that problem as it is not aware that anything changed upstream and only the 1am cron job of "manually" running the dyndns script does the check but as they seem to change to IP again after a few hours it's nothing it can do.
I'd ask my provider about that and how (the hell) they actually map a public IP to you as it seems pretty random to me. That's the "beauty" of CGN at work as it seems.
Perhaps you'd be better of OpenVPN'ing a small VPS in the cloud with a static IP4&IP6/64 and use that as your static IP-set as it would be far more reliable than a DynDNS IP from an ISP doing CGN, IPFT and other means to ease the use of IP4s. -
@JeGr I love my dynamic IP, so no way I would go with a static one, although I get your professional opinion on that.
HE is allowed to ping me.
But also, the cron job at 6 AM (?) didn't do anything it seems. At least I can't see it in the logs.
If everything works as planed, I will get internet from the pink T next month.
Then I will have cable and dsl at the same time, but going on, I will get rid of cable. -
@Bob-Dig said in Dynamic DNS not working reliably:
But also, the cron job at 6 AM (?) didn't do anything it seems. At least I can't see it in the logs.
Default one is at 1am. I reconfigured mine to 6am to be nearer to my "activity time".
So that's the default daily cron you see in your logs working as intended.I love my dynamic IP, so no way I would go with a static one
Nothing to say to that. They serve no purpose at all as to only make tech life harder and make ISPs think up fucked up solutions to a problem of their own making. If I could I'd get one in a heartbeat as there's no real reason not to have one. If I don't want to show it? VPNs are everywhere. Privacy? No real reason. And with self-hosted services like yours stupid to work around.
But hey to each its own. You can have mine, too if I get a static one instead!
-
@JeGr Which file to edit to get that cron job at 6:00 am?
-
Simply download the cron package and edit it there ;)
-
@JeGr Done, thanks!
Changed it to every other hour. Let's see if it helps.
-
Today, I had this problem again. I rebooted my modem and pfSense manually... Everything was shown in red. Also all vpn-clients where shown as disconnected... This time I decided to reboot pfSense again, hoping it would solve the problem but it didn't. I manually had to force and update every ddns-client and had to restart all the OVPN-clients.
This looks like a bug to me. A reboot should always check DDNS and stuff I think.