Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DDNS on Highesnet

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chrisjx
      last edited by

      I have configured and placed an sg-1100 behind a hughesnet modem/router for an internal network which has the shared access to the internet. It's not very extensive but I would like to get some home/farm automation working and would like to get access into the system so I can manage the services and devices.

      I installed the system on a small farm but I live in another state. Although I established ddns and vpn (which worked, stand-alone, in my home setup), I cannot access the device remotely because of hughesnet restrictions.

      Issue 1:
      I am receiving an email notification from pfsense (every night right at 1:01 am pfsense server time) indicating that the ddns IP address on the pfsense box has changed. Soon after that, at 1:08 am, I get a second notification that it has changed again. Every night.

      I'm pretty sure this is somehow being triggered by a cron job which runs every evening at 1:01 am.

      /usr/bin/nice -n20 /etc/rc.dyndns.update

      I didn't think that this routine would or should change the IP address, but simply confirm what it was and update pfsense's ddns.

      Interestingly, the IP addresses retrieved are almost the same with just the 4th octet being different. xxx.yyy.zzz.28. The 1st three sets are always the same and the last one seems to be random between 1 and 254.

      Issue 2:
      Looks like hughesnet doesn't even allow access from outside for residential accounts. They do have a business service where one can get a static IP but I suspect that's out of my price range. One has to call to get a quote so if you have to ask... it's too expensive. I think I can get around this by using something like ngrok on a raspberry pi as a jump/go box. Anyone have any experience with hughesnet.

      Their service seems to have high latency, is fairly slow, limited monthly usage, restrictions (like no ddns), and is expensive. What's not to hate about it. ;)

      Any tips or tricks, appreciated.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @chrisjx
        last edited by johnpoz

        @chrisjx you sure your even on a public IP, I would guess that hughesnet is carrier grade nat - 100.64-127.x.x

        They are also satellite connection are they not - I find it highly highly unlikely they support any sort of services inbound to your connection, even if they provided a public IP.

        Your saying your behind your isp device, Is pfsense wan IP rfc1918? 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?

        Although I established ddns and vpn (which worked, stand-alone, in my home setup)

        Did you test that from a cell phone or something via an outside cell connection - or did you test it via your local wifi connection?

        You could look to something https://ngrok.com/ This allows your local connection to make an outbound connection to the service, which you then tunnel through.

        Other options would be vps setting up vpn that do really the same sort of thing with - you create the tunnel outbound from the location, and then come through that tunnel. Another option would be maybe https://www.zerotier.com/ Again this is done via a middle man where your connection at your remote location creates an outbound connection you use to get into the remote location with.

        Do you have pfsense at another location - if so you could create vpn connection outbound from your remote location to your other location - and then go through that vpn to get to your remote location. This is a site 2 site vpn, etc. But this could work because your remote location would be initiating the connection.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        C 1 Reply Last reply Reply Quote 0
        • C
          chrisjx @johnpoz
          last edited by

          @johnpoz
          "I find it highly highly unlikely they support any sort of services inbound to your connection"

          You're right. Hughesnet (satellite service) does not automatically provide a usable public IP although pfsense gets an IPv4 address on the WAN interface (a new one twice a day at 1:01am and at 1:08am). I did of course set up ddns to make it possible to access pfsense via vpn. I thought they would at least support ddns but, noooo... that would be too easy.

          Hughesnet has a business level service for $70, plus modem monthly $10, plus static IP $10, with 35G data cap, and a required 24 month contract. Irks me bad. ;)

          Yes, I used my phone in hotspot mode to test it from my home on my laptop. I could VPN into the soon-to-be remote pfsense network (I used 192.168.x.x) and access raspis behind the firewall before I installed it at the farm.

          I've used ngrok when I used to set up raspis and played with home automation demos at the bay area maker faires. So I'll be sending a raspi configured with ngrok to my sister and have her plug it into the LAN side of pfsense. That should tell the tale. If I can't ssh in to the raspis or access my node-red web application I'll try some of your other suggested tricks.

          It will be interesting to see if I can get the pfsense web ui via ngrok without making the UI too vulnerable. Although... thinking just now, if there's no inbound service... but even then I don't think installing ngrok on the pfsense box makes any sense. I don't like over-burdening hosts.

          Thank you,
          Chris.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @chrisjx
            last edited by

            @chrisjx Just curious - have you looked into starlink as an option to your current sat connection? I have no idea what services you can get with that, if they offer inbound services, etc.

            But from my understanding suppose to be a faster connection, and cheaper option.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            C 1 Reply Last reply Reply Quote 0
            • C
              chrisjx @johnpoz
              last edited by

              @johnpoz
              Actually, I have. I checked in yesterday on their sign up page and they came back with a statement that they expect to have coverage in the area of the farm by summer 2022. So I'll likely move to that when the current hughesnet contract is up. The technology looks much better and they're talking up Gb speeds.

              I'm not holding my breath on this but I'm also keeping my eye on the rural broadband part of the infrastructure bill that passed recently. Come on fiber trench down the road to the farm. Haha.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.