DynDNS GoDaddy and pppoe not working (but working on a another 2.5.2 setup)

sttwebs

Hi everyone,

I have a pfSense 2.5.2 up and running and set up a PPPOE WAN connection. I have my DNS registried with GoDaddy.

The issue:
When I try to run an DDNS Update (either by reconnect or enforcing) I get those log entries (exported from my central syslog):

Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: Dynamic DNS godaddy (@.MYDOMAIN.DE): MYPUBLICIP extracted from local system.
Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: Dynamic DNS (@.MYDOMAIN.DE): running get_failover_interface for wan. found bge0
Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: Dynamic DNS godaddy (@.MYDOMAIN.DE): _update() starting.
Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: Response Header:
Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: Response Data:
Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: Dynamic DNS godaddy (@.MYDOMAIN.DE): _checkStatus() starting.
Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: phpDynDNS (@): PAYLOAD:
Nov  9 13:06:22 10.0.0.2 php-fpm[53058]: /services_dyndns_edit.php: phpDynDNS (@): (Unknown Response)

The local /conf cache files are filled with 0.0.0.0

This is what I have troubleshooted so far:

• I can use my GoDaddy API Key/Secret perfectly fine with a bash script. There are NO copy and paste errors (have recreated the profile now MULTIPLE times)
• I can use the exact config on a friends pfsense without ANY issues. He has the same WAN setup as I do (even the same provider), he even uses the pfsense 2.5.2
  -- only differences: He has a multi-wan setup, his pfsense is virtual, mine is bare metal.
• I switched to different IP check services. Nothing helped here. All the services can find the public IP as it looks like.

Would you have any ideas what I else I could try for troubleshooting?

Cheers,
Stefan

Gertjan

@sttwebs said in DynDNS GoDaddy and pppoe not working (but working on a another 2.5.2 setup):

... running get_failover_interface for wan. found bge0

Strange.
I've been using pppoe years ago, nad it was the "pppoe" interface you had to select, as this is the outgoint interface, not the WAN interface.

Select here :

I've set WAN, you should have a pppoe interface.

sttwebs

@gertjan

Sorry, should have mentioned that before, I did set the PPPOE (named Telekom) as my device. WAN is serving only as Layer 1 connection (so to say)

Gertjan

@sttwebs
You've entered '@' as a host name.

Is the description wrong ?

sttwebs

@gertjan
"@" is working fine as GoDaddy can interprete it properly. Tested it on my friends firewall.

I might found another reason why this might fail:
So there is one interessting difference between my setup and this of my friend.
So we both are on DEUTSCHE TELEKOM who demand the WAN to speak on VLAN7 (tagged).

So here is my Setup:

FibreBox -> Bare Metal with WAN Interface with vlan7 subinterface (bge0.7) running PPPoE

My friend's setup is:

VDSLBox -> Switch (taking care of vlan tagging)-> HyperVisor -> pfSense VM WAN Interface (bge0) running PPPoE

I do believe, that the plugin is unable to handle my VLAN subinterface and fails.

Could that be a valid reason?

Gertjan

Your "VLAN 7" and PPPOE settings must be correct, as you have a working connection.

Your "WAN" interface is called "TELEKOM", and is based on a VLAN7 interface, and this VLAN interface is set to use PPPOE as a connection method. (right ?!).
The conenction works, so it must be ok.

For godaddy's dyndns, all this is irrelevant.
You can reach them, so all is well.

The thing is, nothing comes back.

This is the code used : https://github.com/pfsense/pfsense/blob/a69cd01714c81f57c46b2df82412568748ad8025/src/etc/inc/dyndns.class#L1127

See what happens if you fill in 'the blank' yourself, and see what comes back :

https://reqbin.com/req/php/c-vdhoummp/curl-get-json-example

Here you see (in reversed order) what ahppens when I update my OpenDNS DynDNS account :

2021-11-09 01:01:03.963886+01:00 	php 	74247 	rc.dyndns.update: phpDynDNS (office): (Success) IP Address Changed Successfully! (1.2.3.4)
2021-11-09 01:01:03.957342+01:00 	php 	74247 	rc.dyndns.update: phpDynDNS: updating cache file /conf/dyndns_wanopendns'office'1.cache: 1.2.3.4
2021-11-09 01:01:03.952795+01:00 	php 	74247 	rc.dyndns.update: Dynamic DNS opendns (office): 1.2.3.4 extracted from Check IP Service
2021-11-09 01:01:03.516230+01:00 	php 	74247 	rc.dyndns.update: Dynamic DNS opendns (office): _checkStatus() starting.
2021-11-09 01:01:03.514659+01:00 	php 	74247 	rc.dyndns.update: Response Data: good 1.2.3.4
2021-11-09 01:01:03.513073+01:00 	php 	74247 	rc.dyndns.update: Response Header:
2021-11-09 01:01:03.511503+01:00 	php 	74247 	rc.dyndns.update: Response Header:
2021-11-09 01:01:03.509944+01:00 	php 	74247 	rc.dyndns.update: Response Header: x-ingress-point: cdg1
2021-11-09 01:01:03.508375+01:00 	php 	74247 	rc.dyndns.update: Response Header: x-xss-protection: 1; mode=block
2021-11-09 01:01:03.506816+01:00 	php 	74247 	rc.dyndns.update: Response Header: x-envoy-upstream-service-time: 74
2021-11-09 01:01:03.505246+01:00 	php 	74247 	rc.dyndns.update: Response Header: content-type: text/html; charset=UTF-8
2021-11-09 01:01:03.503689+01:00 	php 	74247 	rc.dyndns.update: Response Header: content-length: 18
2021-11-09 01:01:03.502143+01:00 	php 	74247 	rc.dyndns.update: Response Header: server: opendns
2021-11-09 01:01:03.500595+01:00 	php 	74247 	rc.dyndns.update: Response Header: date: Tue, 09 Nov 2021 00:01:03 GMT
2021-11-09 01:01:03.498963+01:00 	php 	74247 	rc.dyndns.update: Response Header: HTTP/2 200
2021-11-09 01:01:03.131859+01:00 	php 	74247 	rc.dyndns.update: Dynamic DNS opendns (office): _update() starting.
2021-11-09 01:01:03.130293+01:00 	php 	74247 	rc.dyndns.update: DynDns (office): Dynamic Dns: More than 25 days. Updating. 1636416062 - 1634252826 > 2160000
2021-11-09 01:01:03.128706+01:00 	php 	74247 	rc.dyndns.update: Dynamic Dns (office): Current WAN IP: 1.2.3.4 Cached IP: 1.2.3.4
2021-11-09 01:01:03.126491+01:00 	php 	74247 	rc.dyndns.update: Dynamic DNS opendns (office): 1.2.3.4 extracted from Check IP Service
2021-11-09 01:01:02.687232+01:00 	php 	74247 	rc.dyndns.update: Dynamic DNS (office): running get_failover_interface for wan. found em0
2021-11-09 01:01:02.685583+01:00 	php 	74247 	rc.dyndns.update: Dynamic DNS opendns (office): 1.2.3.4 extracted from Check IP Service
2021-11-09 01:01:02.245064+01:00 	php 	74247 	rc.dyndns.update: Dynamic DNS: updatedns() starting

I've set the 'debug' option so I see a lot of info return coming back when I call the update URL.

The thing is : godaddy's dyndns s doesn't give back any result.
Know it is possible that you asked to many times an 'update' : they can blacklist your requests for some time. This is done so no one tries to update it's IP every 10 seconds or so.

sttwebs

@gertjan
Thanks for pointing out the class for me.
Sadly I'm not really able to make that class snipped "executable". Would you be able to guide me a bit?
Sorry for that.

Gertjan

@sttwebs

I don't have / use godaddy, so can't really test.
I'm using the good old DynDNS myself, way easier to test and debug if needed.

Your real issie is : your missing something that's right in-front of you, as you have a second system using the same method at your disposal.

If you have a Windows pro system running somewhere, you can have a Hyperr-V VM host up en running with some clicks. That's exactly what I did @home. pfSense runs really good out of a VM.
On the other hand : VM, or barre metal, it's all the same. When the LAN works, and the Internet connection is up, it's not the installation.

Can you check @godaddy - do they have a log or something , - see if the could/json/api calls come through and reach them ?

I'm pretty sure your not the only Godaddy user, so if there was an issue (on the pfSEnse side of things - or Godaddy) then that would have been known by now.

sttwebs

@gertjan
I did some more testing, here is what I found out:

• Setting up my GoDaddy Creds on a pfSense 2.5.2 behind my perimeter FW (the one that bugs me) - the DynDNS request works flawlessly fine!
• Testing CURL with my creds from the permimeter FW (the one that bugs me) - the DynDNS request works flawlessly fine!
• Changed my interface from a VLAN tagged interface to a non-tagged VLAN interface on the perimeter FW - Does not change anything (still not working)
• Playing around with perimeter FW DNS settings (changing it, switching to other) - Does not change anything (still not working)

In conclusion:

• GoDaddy and it's creds are 100% working and I am NOT blocked by GoDaddy
• since the creds are working with 2 different pfSense 2.5.2 installations (funny enough both virtual),I believe it must be a configuration thing.

I wish there were more DEBUG options...

Gertjan

@sttwebs

Starts to look like a VLAN issue.
On the pfSEnse side : firewall rules are ok on each interface ?

The routing for your VLAN interface is ok ? Compare settings of the VLAN interface with the LAN interface. Except for the network mask IP, it should be identical. DHCP server per interface should also differ.

VLAN are just LANs, but they use most often other devices : smart switches, to work.
So, what happens when you remove a VLAN stuff, remove all the smart switches, and create ordinary physical interfaces and use ordinary 'dumb' switches, and you copy the default firewall rule, present on the LAN interface, to all your other LAN (OPTx) interfaces ? it works !

sttwebs

@gertjan
Maybe I spoke in riddles, but this is exactly what I did and meant with "changed my interface from a VLAN tagged to a non-tagged VLAN" -> I removed the VLAN stuff in other words -> no change/still not working.

Gertjan

@sttwebs
From pfSense, what do you see when you 'curl' manually :

curl https://api.godaddy.com/v1/domains/

I saw :

{"code":"MISSING_CREDENTIALS","message":"Unauthorized : Credentials must be specified"}

Which seams ok as I'm not sending any parameters or identification.

sttwebs

@gertjan
As mentioned before, my curl based script with all details applied works perfectly fine.

When I curl the same as you, I get the same result as you.

Gertjan

@sttwebs

If you're able to edit a fie :

The file /etc/inc/dyndns.class :

The first test is done for "200" which indicates "OK" or all went went.
The test is done with the "$header" variable.

The next test looks for any "4xx" return codes. There was a failure, so the header contains a "4xx" error code, which could (example) mention "Page nor found".

The final case dumps the $data variable. But, it's empty. A "(Unknown Reponse") is also logged.

Can you change this "$data" on line 2473 for "$header" to have the header logged instead of the empty $data variable ?

Change also the text string "(Unknown Reponse") for "(Unknown - HERE WE ARE - Reponse") so you know this code gets executed, as it should be logged also.

This is what I would do .... I can't really test as I have no godaddy account.