Dynamic DNS Show local IP

andreaconfa

Hi all, i'm new in PFSense.
I successfully setted up my PFSense Machine with this configuration:

2 x PPPOE WAN Connections Load Balanced
1 X LTE BACKUP WAN to use as failover when the wired networks goes down.

I'm setting up my Dynamic DNS to have the ability to access my network from my wired wans but also, in case it fails, be able to access trought my mobile lte backup (yes, i have a static and dedicated ip also for the lte connection)

I setted up the Dynamic DNS page to work with the interface "Gateway Load Balance" to let the script retrive always a working ip address.
When using the two PPPOE connectios the IP address is correctly pushed to the ddns domain but when my connection fail back to the LTE one, my ddns update the ip with the LOCAL ip address of the LTE connection, instead of the public one.

How can i troubleshoot this problem?
Thanks
Attacched some screenshots

viragomann

@andreaconfa said in Dynamic DNS Show local IP:

When using the two PPPOE connectios the IP address is correctly pushed to the ddns domain but when my connection fail back to the LTE one, my ddns update the ip with the LOCAL ip address of the LTE connection, instead of the public one.

What do you call "local ip address"?
And what would the public one be in your opinion?

Since the dynamic DNS status is showing the IP colored green, this is the IP the outside/public world sees. So what's wrong?
You can recheck it by going to whatsmyip.com or something like that with an internal browser.

andreaconfa

@viragomann said in Dynamic DNS Show local IP:

is the IP the outsid

Hi, 190.10.3.3 is the local PfSense IP on the wan interface connected to the LTE modem.

See screenhots:

In fact, my LTE ip is:

andreaconfa

The issue is very similar to this: https://forum.netgate.com/topic/138216/dynamic-dns-client-can-t-determine-public-ip-from-behind-nat-router

My log :

Oct 7 20:24:54	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Oct 7 20:24:54	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS ovh-dynhost (my.hostname.ddns): 190.10.3.3 extracted from local system.
Oct 7 20:24:54	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS (my.hostname.ddns): running get_failover_interface for lan. found em0
Oct 7 20:24:54	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS ovh-dynhost (my.hostname.ddns): _update() starting.
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: HTTP/2 200
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: date: Thu, 07 Oct 2021 18:24:54 GMT
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: content-type: text/plain; charset=UTF-8
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: cache-control: max-age=60
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: expires: Thu, 07 Oct 2021 18:25:53 GMT
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: vary: Accept-Encoding
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: content-language: fr
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-iplb-request-id: 0A6EB4C6:8BB8_332611C8:01BB_615F3B75_11C385:2ABE2
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-iplb-request-id: 33440FF6:D89A_C063418B:01BB_615F3B75_BD06:7A78
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-iplb-instance: 42098
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-cdn-pop: rbx
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-cdn-pop-ip: 51.68.XX.XX/27
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-request-id: 1034879603
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-cacheable: Not cacheable: no cache
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: accept-ranges: bytes
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header:
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header:
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Data: good 190.10.3.3
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS ovh-dynhost (my.hostname.ddns): _checkStatus() starting.
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS ovh-dynhost (my.hostname.ddns): 190.10.3.3 extracted from local system.
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_opt2ovh-dynhost'my.hostname.ddns'0.cache: 190.10.3.3
Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: phpDynDNS (my.hostname.ddns): (Success) IP Address Changed Successfully! (190.10.3.3)

stephenw10

I assume it's actually behind CGN, which is common on LTE connections?

You say you have a static IP on LTE though, that is NAT'd to it?

If that was a private IP the client would use IP lookup to find the public IP but that is a public IP. I expect it to be in 100.64.0.0/10 if it is CGN.

Usually you can't forward traffic through CGN so you wouldn't be able to connect inbound anyway.

I also note you have the same gateway IP on both PPPoE connections which might give you routing issues.

Steve

stephenw10

Ooops missed your edit there.

Don't use a public subnet on the LAN side of the LTE router if that's not actually your IP.

Steve

andreaconfa

@stephenw10 my lte connection is not under NAT, in fact with my edgerouter I’m able to connect to the devices hosted on my home.

From the settings i see that if the connection is PPPOE is not possible to change the ip address of the interface, in fact the two shown ip is not even in the subnet of the router's.

So you think that the lte connection is not getting the wan ip because I’m using a public subnet? I have to try using 192.168.x.x ?

If i run the curl command on the pfsense console i get the correct wan ip of the lte connection: curl http://checkip.dyndns.org/

andreaconfa

Good News! I changed the local ip of the LTE router to 192.168.103.1 and now pfsense is updating the DDNS with the correct WAN ip.

Another question if you can help me.
As i said before i have two VDSL connection that i want to use in load-balancing mode and a third one (the LTE) that i want to use only as a failover when both VDSL connection goes down.

Is this the correct configuration?

stephenw10

Your LTE is behind NAT. If it wasn't curl http://checkip.dyndns.org/ would be reporting the same IP the pfSense sees ion the interface. It might be 1:1 NAT if you can connect in that way.
Anyway, yeah, setting it to a private IP causes the dyndns client to look for the external IP rather than use the interface address.

Yes, that will work for load-balancing. There's no need to put LTE in tier 5 it will work exactly the same in tier 2.
Be aware that you can only use that load-balance group in policy routing rules. You can' use that as the default system gateway. That can only be a specific gateway or a failover group.

Steve

andreaconfa

@stephenw10 sorry i don't understand exaclty this

Be aware that you can only use that load-balance group in policy routing rules. You can' use that as the default system gateway. That can only be a specific gateway or a failover group.

I setted up my balancing/failover group as default group

stephenw10

You can't use a load-balancing group as the system default gateway in System > Routing > Gateways. Where is says: Select a gateway or failover gateway group to use as the default gateway.
The wording there was changed because it's a common mistake.
To actually balance the load across several WANs you need to use policy based routing rules:
https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

Steve

andreaconfa

@stephenw10 said in Dynamic DNS Show local IP:

e the load across several

can you explain me how to make the load balancing work correctly? now in the default gateway i setted up the load balancing group and it appears to work correctly. For example, in speedtest, i reach the sum of the two connection. during for example an http download i got the download of 1 connection, but then if another client start to download something, he get full speed too by using automatically the other wan connection.

I also have this rule in the lan out setting of the firewall

What is the correct setting for the default gateway?

stephenw10

The top screenshot there is the correct (and only) way to do it. That will be loadbalancing your traffic from hosts on the LAN.

The default gateway should be only a specific gateway or a failover group.
If you enter a load-balance group there the firewall will cycle though the gateways in it if they go down but does not actually load-balance traffic. Rge default gateway if only ever 1 WAN at a time.

Steve

andreaconfa

@stephenw10 so what i have to do? i have to make another group only for failover and put that in the default gateway? First Connection Tier 1, Second Connection Tier 2 and Third Connection LTE Tier 3 and put that in the default gateway?

stephenw10

Since you are using a correctly configured policy routing rule for LAN traffic you do not have to do anything.
Anything not caught by that policy rule, such as traffic from the firewall itself, will use the default gateway. Just be aware that with that set to the load-balancing group as it is traffic will use one of the two PPPoE WANs that are in tier 1. It will not use both and there is no way to specify which one it will use. It will simply switch to the other one if one goes down or to the LTE if both go down. That setup is probably fine for your use.

Steve