Multi-wan Azure Dyndns updates not working when primary WAN is unplugged
-
Hi,
I have 2 wan connections in a Gateway group. They are set up as failover and I'm using Azure DynDNS to update an A record. When I manually set a Gateway as down, in this case, WAN 1, the DynDNS updates automatically to reflect the IP of WAN 2 but the same doesn't work when I manually unplug WAN 1 from the pfSense router.
The Setup
WAN
-
WAN 1 (Direct IP- Gigabit Ethernet service - Directly terminated from Fibre box) - Tier 1
-
WAN 2 (PPPoe - Directly connected from NTU) - Tier 2
-
Both WAN connections are a part of a Gateway group called PreferFiber
DNS
-
2 Internal Windows DNS servers
-
8.8.8.8 - Gateway set as WAN 1
-
8.8.4.4 - Gateway set as WAN 2
Rules
- The default LAN rule has been changed to use the PreferFiber gateway group as its gateway.
DynDNS
- Using Azure DNS to update an A record within our DNS Zone. - Tested ok and is working under WAN 1.
Problem
- The above setup is working normally (through WAN 1) and if I mark WAN 1 as down, the gateway group successfully fails over and the DynDNS update is triggered but if I unplug the WAN 1 cable from the router, my failover kicks in but the DynDNS fails to update.
I have been hitting my head against this problem but no amount of packet captures or logs can help me narrow down the problem.
Please see attached log of both scenarios.
---------------- WAN 1 Gateway marked as down (working ok!) ------------------- May 23 23:59:45 May 24 00:04:27 php-fpm 343 /rc.dyndns.update: phpDynDNS : (Success) IP Address Changed Successfully! May 24 00:04:27 php-fpm 343 /rc.dyndns.update: phpDynDNS: updating cache file /conf/dyndns_PreferFiberazure'<A Record>'0.cache: <WAN 2 IP> May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Dynamic DNS azure : <WAN 2 IP> extracted from local system. May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Dynamic DNS azure : _checkStatus() starting. May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Data: {"id":"<Successful payload from Azure>"type":"Microsoft.Network\/dnszones\/A","etag":"","properties":{"fqdn":"<DNS A RECORD>","TTL":60,"ARecords":[{"ipv4Address":"<WAN 2 IP>"}]}} May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: date: Mon, 24 May 2021 00:04:26 GMT May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: x-ms-routing-request-id: AUSTRALIAEAST:20210524T000427Z:<requestId> May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: x-ms-correlation-request-id: requestId May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: x-powered-by: ASP.NET May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: server: Microsoft-IIS/10.0 May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: x-ms-ratelimit-remaining-subscription-resource-requests: 11999 May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: x-ms-request-id: <request ID> May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: strict-transport-security: max-age=31536000; includeSubDomains May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: x-content-type-options: nosniff May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: etag: <etag> May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: content-type: application/json; charset=utf-8 May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: content-length: 368 May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: cache-control: private May 24 00:04:27 php-fpm 343 /rc.dyndns.update: Response Header: HTTP/2 200 May 24 00:04:23 php-fpm 343 /rc.dyndns.update: Dynamic DNS azure : _update() starting. May 24 00:04:23 php-fpm 343 /rc.dyndns.update: DynDns : Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: <WAN 1 IP> WAN IP: <WAN 2 IP> May 24 00:04:23 php-fpm 343 /rc.dyndns.update: Dynamic Dns : Current WAN IP: <WAN 2 IP> Cached IP: <WAN 1 IP> May 24 00:04:23 php-fpm 343 /rc.dyndns.update: Dynamic DNS azure : <WAN 2 IP> extracted from local system. May 24 00:04:23 php-fpm 343 /rc.dyndns.update: Dynamic DNS : running get_failover_interface for wan. found igb0 May 24 00:04:23 php-fpm 343 /rc.dyndns.update: Dynamic DNS azure : <WAN 2 IP> extracted from local system. May 24 00:04:23 php-fpm 343 /rc.dyndns.update: Dynamic DNS: updatedns() starting May 24 00:04:22 check_reload_status 381 Updating all dyndns May 24 00:04:22 check_reload_status 381 Reloading filter May 24 00:04:21 php-fpm 342 /system_gateways.php: Gateway, none 'available' for inet6, use the first one configured. '' May 24 00:04:21 php-fpm 342 /system_gateways.php: Default gateway setting Interface WAN 2 Gateway as default. May 24 00:04:21 php-fpm 342 /system_gateways.php: Gateway, switch to:WAN 2 May 24 00:04:21 php-fpm 342 <WAN 1 GW>|<WAN 1 IP>|WANGW|7.904ms|3.494ms|0.0%|down|force_down May 24 00:04:21 php-fpm 342 /system_gateways.php: MONITOR: WAN 1 GW is down, omitting from routing group PreferFiber ---------------- WAN 1 cable manually unplugged (not working!) -------------------------- May 24 00:13:41 php-fpm 19319 /rc.dyndns.update: Tenant ID not found May 24 00:12:26 php-fpm 19319 /rc.dyndns.update: Dynamic DNS azure : _update() starting. May 24 00:12:26 php-fpm 19319 /rc.dyndns.update: DynDns : Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: <WAN 1 IP> WAN IP: <WAN 2 IP> May 24 00:12:26 php-fpm 19319 /rc.dyndns.update: Dynamic Dns : Current WAN IP: 1<WAN 2 IP> Cached IP: <WAN 1 IP> May 24 00:12:26 php-fpm 19319 /rc.dyndns.update: Dynamic DNS azure : <WAN 2 IP> extracted from local system. May 24 00:12:26 php-fpm 19319 /rc.dyndns.update: Dynamic DNS : running get_failover_interface for wan. found igb0 May 24 00:12:26 php-fpm 19319 /rc.dyndns.update: Dynamic DNS azure : <WAN 2 IP> extracted from local system. May 24 00:12:25 php-fpm 19319 /rc.dyndns.update: Dynamic DNS: updatedns() starting May 24 00:12:24 php-fpm 19319 /rc.dyndns.update: Tenant ID not found May 24 00:11:09 php-fpm 19319 /rc.dyndns.update: Dynamic DNS azure : _update() starting. May 24 00:11:09 php-fpm 19319 /rc.dyndns.update: DynDns : Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: <WAN 1 IP> WAN IP: <WAN 2 IP> May 24 00:11:09 php-fpm 19319 /rc.dyndns.update: Dynamic Dns : Current WAN IP: <WAN 2 IP> Cached IP: <WAN 1 IP> May 24 00:11:09 php-fpm 19319 /rc.dyndns.update: Dynamic DNS azure : <WAN 2 IP> extracted from local system. May 24 00:11:09 php-fpm 19319 /rc.dyndns.update: Dynamic DNS : running get_failover_interface for wan. found igb0 May 24 00:11:09 php-fpm 19319 /rc.dyndns.update: Dynamic DNS azure : <WAN 2 IP> extracted from local system. May 24 00:11:09 php-fpm 19319 /rc.dyndns.update: Dynamic DNS: updatedns() starting May 24 00:11:09 php-fpm 97379 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. '' May 24 00:11:09 php-fpm 343 /rc.filter_configure_sync: Gateway, switch to: WAN 2 May 24 00:11:09 php-fpm 19319 /rc.dyndns.update: Gateway, switch to: WAN 2 May 24 00:11:09 php-fpm 97379 /rc.openvpn: Default gateway setting Interface WAN 2 Gateway as default. May 24 00:11:09 php-fpm 97379 /rc.openvpn: Gateway, switch to: WAN 2 May 24 00:11:09 php-fpm 97379 <WAN 1 GW>|<WAN 1 IP>|WANGW|7.405ms|3.321ms|23%|down|highloss May 24 00:11:09 php-fpm 97379 /rc.openvpn: MONITOR: WANGW has packet loss, omitting from routing group PreferFiber May 24 00:11:08 check_reload_status 381 Reloading filter May 24 00:11:08 check_reload_status 381 Restarting OpenVPN tunnels/interfaces May 24 00:11:08 check_reload_status 381 Restarting ipsec tunnels May 24 00:11:08 check_reload_status 381 updating dyndns WANGW May 24 10:11:08 rc.gateway_alarm 3046 >>> Gateway alarm: WANGW (Addr:<WAN 1 GW> Alarm:1 RTT:7.385ms RTTsd:3.287ms Loss:21%) May 24 00:10:53 check_reload_status 381 Reloading filter May 24 00:10:53 php-fpm 343 /rc.linkup: Hotplug event detected for WAN 1 (wan) static IP (<WAN 1 IP> ) May 24 10:10:52 kernel igb0: link state changed to DOWN May 24 00:10:52 check_reload_status 381 Linkup starting igb0 -
-
I seem to have resolved this issue by reinstalling an older version of pfSense v2.4.5. With that in mind, I believe this to be a bug with v2.5.1.