Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan"
-
The title says it all.
My DDNS provider is Namecheap; I'd like to put all my eggs in the same basket on this and use their IP resolution service to fetch the IP for their DDNS service, rather than relying on the 3rd-party server that is used OOTB. (My pfsense box is double-NATted.)
As you can see from the below screenshot, pfsense is perfectly capable of accessing this service:
However, when it comes to the Dynamic DNS client, I get an uninformative "error" comprising merely the "cached IP" turning red when attempting to use this service.
Entering Status > System Logs reveals that “There was an error trying to determine the public IP for interface - wan”, with no further explanation.
This happens regardless of whether I'm accessing
/getip
over HTTPS or HTTP, and regardless of whether I've set it to "Verify SSL/TLS Peer".How could I begin to debug this?
-
I will note that this thread is essentially a duplicate of #138216, with the primary difference being:
- the other thread was resolved by “I advise you to remove…[other] 'check IP' service” and reverting to the hard-coded Oracle server
- I am explicitly asking after getting the custom IP check server to work.
- 20 days later
-
try setting the option in the advanced config -> firewall to Pure NAT reflection. Not sure what you mean by double natted but my pfsense box is natted behind a modem router and also had trouble getting the actual public IP until I turned on the Pure NAT reflection.
- 5 months later
-
@pppd This did not fix it.
-
This will help you to understand.
Compare the output of http://checkip.dyndns.org/ with the output of https://dynamicdns.park-your-domain.com/getip.
Do you see the difference ?
Now look at this : https://github.com/pfsense/pfsense/blob/de9ba32bd3531ccf74e143391deaacb77e085097/src/etc/inc/services.inc#L2217
Get it ?
The easy solution : call who ever maintains dynamicdns.park-your-domain.com and ask if they can change the format of the returned text.
If they use PHP, this will do just fine :
echo "Current IP Address: ".$_SERVER['REMOTE_ADDR'];
instead of
echo $_SERVER['REMOTE_ADDR'];
Both lines do the same thing, although the latter is more 'cheap' : the check for the presence of "Current IP Address: " makes the test a bit more save.
Or do something about /etc/inc/services.inc, line (2217)
- 11 days later
-
@gertjan It looks like it'll actually take more than that; the regex seems to match against a closing
</body>
, as well.I was debating whether to request Namecheap add in an alternate endpoint, but, on doing some research, I think I'll send a PR to Netgate instead.
Of the well-known checkip providers-
DynDNS- FreeDNS (Afraid.org)
- Google Domains
- Hurricane Electric
- Dullies Internet Exchange
- ipify (Randall Degges)
- MyOnlinePortal
- No-IP
- nsupdate.info (Thomas Waldmann)
- ZoneEdit (easyDNS)
- (*Presumably many/any others not listed, including this thread's Namecheap and the immortal icanhazip)
Just one (struck in this list) returns anything other than the IP. (The sole other provider with an endpoint like DynDNS's was Loopia; that endpoint is now defuct.)
I definitely find it bizarre and slightly inappropriate that Netgate would code their client software specifically around such a blatantly non-standard API, especially given DynDNS's otherwise-rocky history…
- 10 days later
-
So, it's confirmed this was a design flaw.
I've fixed it in Pull #4519, but they can't merge it until all the translations have been updated.
If you're reading this and you know a non-English language not already included, could you post the name of the language and its translation of the following?
The server must return the client IP address as a string.
(Either in this thread or on GitHub)
- 2 months later
-
Hi there,
I am having the same issue, where I can't get the ip to resolve "There was an error trying to determine the public IP for interface - wan (mvneta2 ). "
In my case, wan has a static private ip 10.30.x.x, where i resolve to my isp gateway on the same network and have a virtual ip assigned with the public ip.
If i use any service provider to resolve my ip it just works, even from diagnostics command prompt and curl -s whatever service provider noip etc.. but as stated in the Services/DynamicDNS/Dynamic DNS Clients: "If the interface IP address is private the public IP address will be fetched and used instead." it seems it can't fetch my public ip, I wonder why. I tried to disable and enable the default check ip service, have added 3 additional services which work from the command prompt but not in the gui. Any help? or advise? -
@bartekmao said in Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan":
it seems it can't fetch my public ip
In other words : you can't connect to it.
If you have an Internet connection, you have a WAN IP that can not be a RFC1918.Click on it - and you'll see your WAN IP :
http://checkip.dyndns.org
The IP can't be a RFC1918, as a RFC11918 isn't routable over the Internet.Your pfSense could be placed behind an (ISP) router, which is place behind yet another router (etc). All this little family would communicate between them using RFC1918. But the last one will use your WAN IP.
This is the IP http://checkip.dyndns.org return. http://checkip.dyndns.org will always return an IP.Btw :
http://checkip.dyndns.org is "http". A httpS version isn't offered by checkip.dyndns.org. Ok, true, it retirn a text fragment hat conatins your IP, the same IP that is already in the headers of the IP packet that travels over the net.
I decided to create my own "checkip.dyndns.org" check page (as we all have a web server some where doing close to nothing ^^)This one returns IPv4 or IPv6, as the latter is the default protocol these days.
Also, I ditched 'http' support, it's all 'https' now.This is the content of the "whatismyip.php" file :
<?php echo "<html><head><title>Current IP Check</title></head><body>Current IP Address: ".$_SERVER['REMOTE_ADDR']."</body></html>"; ?>
edit :
When you use RFC2136, don't forget to check this option : -
@gertjan thanks for your reply
I checked with mtr and there are two hops before the internet so yes the isp is doing some nat and routing. Nevertheless surfing to any ip resolving site including dyndns.org resolves perfectly the ip assigned to me by my isp. doing so from the command line with "dig" and from pfsense itself returns the correct ip, so I do mistrust the dynamic dns service on pfsense 21.05.
I am not using RFC2136 since I didn't find any config for that with free account of noip.
. -
@bartekmao said in Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan":
so I do mistrust the dynamic dns service on pfsense 21.05.
It works.
You can test it yourself.This is what the code does - you can use the system command your :
[2.5.2-RELEASE][admin@pfsense.yournetwork.net]/root: curl http://checkip.dyndns.org <html><head><title>Current IP Check</title></head><body>Current IP Address: 82.127.34.254</body></html>
'curl' behaves very much the same way as a web browser.
It retrieves the file, and shows it. A web browser will also interpret the obtained html; culd doesn't, it just shows the file "as is".'curl' will do the usual intermediate steps : it will resolve "dyndns.org" first.
You can do that also yourself :[2.5.2-RELEASE][admin@pfsense.yournetwork.net]/root: dig checkip.dyndns.org +short checkip.dyndns.com. 193.122.130.0 193.122.6.168 132.226.8.169 158.101.44.242 132.226.247.73
I tend to say : if you have issues retrieving checkip.dyndns.org, you have set up issues.
-
-
Hello!
This morning i encountered the same problem: The dyndns-IP at the status-page was showing N/A, after a while it changed to the actual IP, but is shown in red.
So i tried to ping my private dyndns, which resulted good without packet-loss.
so far, so good.
But when i have an IP-change from my ISP, dyndns-update fails. It still shows the old IP.
I did the tests mentioned here via curl, dig, all checks passed, i get shown my public IP.
Only the automatic check doesnt work. When i enter the dyndns-settings and push "save and force check", the IP gets resolved and i see it at the status-page, but still red, not green.
I didnt change any settings for a while, so i am not sure, whats happening.
I am at pfsense 2.5.2, double-natted. In front of pfsense i have a router from ISP, which is set to "exposed host".
Advanced settings in pfsense is set to "pureNAT".
The settings run fine now since april.
Automatic check via cron the logs show:Zeitpunkt Prozess PID Nachricht Jul 30 09:50:00 php 58642 rc.dyndns.update: Dynamic DNS () There was an error trying to determine the public IP for interface - wan (em0 ). Jul 30 09:50:00 php 58642 rc.dyndns.update: Dynamic DNS (): running get_failover_interface for wan. found em0 Jul 30 09:50:00 php 58642 rc.dyndns.update: Dynamic DNS: updatedns() starting
Staus: Current IP in red, which is ok, due to the fail...
With manual check:
Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: phpDynDNS (): (Erfolgreich) IP-Adresse erfolgreich aktualisiert! Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: phpDynDNS: aktualisiere Zwischenspeicher Datei /conf/dyndns_wancustom''0.cache: xxx.xxx.xxx.231 Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Dynamic DNS custom (): xxx.xxx.xxx.231 extracted from Check IP Service Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Dynamic DNS custom (): _checkStatus() gestartet. Jul 30 08:53:33 php-fpm 72709 <title>DDNSS - Kostenloser DynDNS Service : Re-ProutDNS v5.01v</title> Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Data: <head> Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Content-Type: text/html; charset=UTF-8 Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Content-Length: 249 Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: X-Permitted-Cross-Domain-Policies: master-only Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: X-WebKit-CSP: default-src 'self' Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: X-XSS-Protection: 1; mode=block Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: X-Frame-Options: deny Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: X-Content-Type-Options: nosniff Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Vary: Accept-Encoding Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: good: Your hostname has been updated. Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: DDNSS-Message: Your hostname has been updated. Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: DDNSS-Response: good Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Cache-Control: no-cache, must-revalidate Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Last-Modified: Fri, 30 Jul 2021 06:47:15 GMT Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Expires: 0 Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Pragma: no-cache Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Strict-Transport-Security: max-age=15768000 Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Server: Apache Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: Date: Fri, 30 Jul 2021 06:47:15 GMT Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Response Header: HTTP/1.1 200 OK Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Sende Anfrage an: https://ddnss.de/upd.php?key=zzz&host=pxxxxe.ddnss.de Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Dynamic DNS custom (): _update() gestartet. Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Dynamic DNS (): führe get_failover_interface für wan aus. em0 gefunden Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Dynamic DNS custom (): xxx.xxx.xxx.231 extracted from Check IP Service Jul 30 08:53:33 php-fpm 72709 /services_dyndns_edit.php: Dynamisches DNS: updatedns() wird gestartet
Staus: Current IP in red, which is not ok, all went good...
Manual check when IP changed:
I have added another IP-check for debugging.Jul 30 07:20:08 php 97919 rc.dyndns.update: phpDynDNS (): (Success) IP Address Updated Successfully! Jul 30 07:20:08 php 97919 rc.dyndns.update: phpDynDNS: updating cache file /conf/dyndns_wancustom''0.cache: xxx.xxx.xxx.166 Jul 30 07:20:08 php 97919 rc.dyndns.update: Dynamic DNS custom (): xxx.xxx.xxx.166 extracted from Check IP Service Jul 30 07:20:00 php 97919 rc.dyndns.update: Dynamic DNS custom (): _checkStatus() starting. Jul 30 07:20:00 php 97919 <title>DDNSS - Kostenloser DynDNS Service : Re-ProutDNS v5.01v</title> Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Data: <head> Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Content-Type: text/html; charset=UTF-8 Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Content-Length: 249 Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: X-Permitted-Cross-Domain-Policies: master-only Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: X-WebKit-CSP: default-src 'self' Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: X-XSS-Protection: 1; mode=block Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: X-Frame-Options: deny Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: X-Content-Type-Options: nosniff Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Vary: Accept-Encoding Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: good: Your hostname has been updated. Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: DDNSS-Message: Your hostname has been updated. Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: DDNSS-Response: good Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Cache-Control: no-cache, must-revalidate Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Last-Modified: Fri, 30 Jul 2021 05:13:42 GMT Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Expires: 0 Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Pragma: no-cache Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Strict-Transport-Security: max-age=15768000 Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Server: Apache Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: Date: Fri, 30 Jul 2021 05:13:42 GMT Jul 30 07:20:00 php 97919 rc.dyndns.update: Response Header: HTTP/1.1 200 OK Jul 30 07:20:00 php 97919 rc.dyndns.update: Sending request to: https://ddnss.de/upd.php?key=zzz&host=pxxxxxe.ddnss.de Jul 30 07:20:00 php 97919 rc.dyndns.update: Dynamic DNS custom (): _update() starting. Jul 30 07:20:00 php 97919 rc.dyndns.update: DynDns (): Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: xxx.xxx.xxx.39 WAN IP: xxx.xxx.xxx.166 Jul 30 07:20:00 php 97919 rc.dyndns.update: Dynamic Dns (): Current WAN IP: xxx.xxx.xxx.166 Cached IP: xxx.xxx.xxx.39 Jul 30 07:20:00 php 97919 rc.dyndns.update: Dynamic DNS custom (): xxx.xxx.xxx.166 extracted from Check IP Service Jul 30 07:20:00 php 97919 rc.dyndns.update: Dynamic DNS (): running get_failover_interface for wan. found em0 Jul 30 07:20:00 php 97919 rc.dyndns.update: Dynamic DNS custom (): xxx.xxx.xxx.166 extracted from Check IP Service Jul 30 07:20:00 php 97919 rc.dyndns.update: Dynamic DNS: updatedns() starting
Staus: Current IP in red, which is not ok, all went good...
-
@_igor_ said in Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan":
Only the automatic check doesnt work
If you use the default :
this is what is executed :
at line 2277 the 'page' is filtered and the IP is isolated.
I tested the list Services > Dynamic DNS > Dynamic DNS Clients
It's a mess.
IP's marked in red, or just N/A.I switch back to my own checkip service ;)
Keep in mind :
http://checkip.dyndns.org is http only, not https (the code is hardcoded to use no https).
It's a free serveice .... which means 'they' can do whatever they want with it - and repait, if needed, when they see fit.That's why I created my own "checkip.dyndns.org " with some web server I run on the Internet. Just to have a plan A and a plan B.
-
@gertjan said in Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan":
This is the content of the "whatismyip.php" file :
<?php
echo "<html><head><title>Current IP Check</title></head><body>Current IP Address: ".$_SERVER['REMOTE_ADDR']."</body></html>";
?>Thank you too
Have a nice Weekend,
fireodo -
Maybe it would be a great idea/suggestion to add a parameter to the settings of the services/checkip for the corresponding answer from my own IP-check, so from ddnss.de the answer is
curl ddnss.de/meineip.php <html> <head> <title> DDNSS - Wie ist meine IP ? </title> </head><body> Aktuelle IP: <b>xxx.xxx.xxx.xxx</b></body></html>
That would make us use the service without hacking services.inc to meet my own wishes. The actual dyndns.org setting tends to fail too much in my opinion...
I personally changed services.inc, which resulted easy to get it working nicely...Happy Weekend to all!
-
@_igor_ said in Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan":
Maybe it would be a great
Some knowlegde about what is returned will be needed.
Remember : what you see is not what you get.
A browser shows :but it actually receives :
In the past, it would be normal that a persons that administrates a firewall knows all about "html" and that kind of stuff.
These days, that's not the case any more. They say they manage "Internet" without remotely knowing what's going on.And it gets even better : what you're asking for is that the user enters a search string that has to match.
Here it is for the "http://checkip.dyndns.org/" :Current IP Address: (.*)</body>=siU'
If this string matches, it return something that could be an IPv4 (or IPv6).
I guess you've lost most of us right there.
'grep' is understood by those who where there when it was invented - as it was needed.
Learning it from scratch is ... well ... most will abandon.Note : it's not really grep, I over simplify.
Btw : I'm not saying your idea is wrong - on the contrary.
As said, I have some web servers doing close to nothing, so I wrote my own solution, as it is a bit simpler to write a solution on the 'other side' of the equitation. -
@_igor_ I saw the same problem. But as far I have understand it, pfSense is only updating DDNS if the cron job is due anyways.
I also have a double-NAT situation like you. So what I did is scheduling the IP change on my first router (VDSL) and then also scheduling a cron job on pfSense for rebooting and another on after that for DDNS Update.That is much more complicated then it should be but also you are advised to use a modem or bridge and not another router in front of pfSense. So I have no hope that it will change anytime soon.
-
@gertjan said in Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan":
They say they manage "Internet" without remotely knowing what's going on.
Would you mind to give such a person access to your check-ip service?
I am asking for a friend. -
@bob-dig said in Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan":
Would you mind to give such a person access to your check-ip service?
This one
?
It's a public web server. Not something I should hide.Be carefull, teir could be side effects :
@bob-dig said in Custom "Check IP Service" not working: "There was an error trying to determine the public IP for interface - wan":
check-ip service
The PHP page knows about the visitors originating IP address. How could it answering you if it doesn't ;)
All it does is showing it.