DDNS on Highesnet
-
I have configured and placed an sg-1100 behind a hughesnet modem/router for an internal network which has the shared access to the internet. It's not very extensive but I would like to get some home/farm automation working and would like to get access into the system so I can manage the services and devices.
I installed the system on a small farm but I live in another state. Although I established ddns and vpn (which worked, stand-alone, in my home setup), I cannot access the device remotely because of hughesnet restrictions.
Issue 1:
I am receiving an email notification from pfsense (every night right at 1:01 am pfsense server time) indicating that the ddns IP address on the pfsense box has changed. Soon after that, at 1:08 am, I get a second notification that it has changed again. Every night.I'm pretty sure this is somehow being triggered by a cron job which runs every evening at 1:01 am.
/usr/bin/nice -n20 /etc/rc.dyndns.update
I didn't think that this routine would or should change the IP address, but simply confirm what it was and update pfsense's ddns.
Interestingly, the IP addresses retrieved are almost the same with just the 4th octet being different. xxx.yyy.zzz.28. The 1st three sets are always the same and the last one seems to be random between 1 and 254.
Issue 2:
Looks like hughesnet doesn't even allow access from outside for residential accounts. They do have a business service where one can get a static IP but I suspect that's out of my price range. One has to call to get a quote so if you have to ask... it's too expensive. I think I can get around this by using something like ngrok on a raspberry pi as a jump/go box. Anyone have any experience with hughesnet.Their service seems to have high latency, is fairly slow, limited monthly usage, restrictions (like no ddns), and is expensive. What's not to hate about it. ;)
Any tips or tricks, appreciated.
-
@chrisjx you sure your even on a public IP, I would guess that hughesnet is carrier grade nat - 100.64-127.x.x
They are also satellite connection are they not - I find it highly highly unlikely they support any sort of services inbound to your connection, even if they provided a public IP.
Your saying your behind your isp device, Is pfsense wan IP rfc1918? 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?
Although I established ddns and vpn (which worked, stand-alone, in my home setup)
Did you test that from a cell phone or something via an outside cell connection - or did you test it via your local wifi connection?
You could look to something https://ngrok.com/ This allows your local connection to make an outbound connection to the service, which you then tunnel through.
Other options would be vps setting up vpn that do really the same sort of thing with - you create the tunnel outbound from the location, and then come through that tunnel. Another option would be maybe https://www.zerotier.com/ Again this is done via a middle man where your connection at your remote location creates an outbound connection you use to get into the remote location with.
Do you have pfsense at another location - if so you could create vpn connection outbound from your remote location to your other location - and then go through that vpn to get to your remote location. This is a site 2 site vpn, etc. But this could work because your remote location would be initiating the connection.
-
@johnpoz
"I find it highly highly unlikely they support any sort of services inbound to your connection"You're right. Hughesnet (satellite service) does not automatically provide a usable public IP although pfsense gets an IPv4 address on the WAN interface (a new one twice a day at 1:01am and at 1:08am). I did of course set up ddns to make it possible to access pfsense via vpn. I thought they would at least support ddns but, noooo... that would be too easy.
Hughesnet has a business level service for $70, plus modem monthly $10, plus static IP $10, with 35G data cap, and a required 24 month contract. Irks me bad. ;)
Yes, I used my phone in hotspot mode to test it from my home on my laptop. I could VPN into the soon-to-be remote pfsense network (I used 192.168.x.x) and access raspis behind the firewall before I installed it at the farm.
I've used ngrok when I used to set up raspis and played with home automation demos at the bay area maker faires. So I'll be sending a raspi configured with ngrok to my sister and have her plug it into the LAN side of pfsense. That should tell the tale. If I can't ssh in to the raspis or access my node-red web application I'll try some of your other suggested tricks.
It will be interesting to see if I can get the pfsense web ui via ngrok without making the UI too vulnerable. Although... thinking just now, if there's no inbound service... but even then I don't think installing ngrok on the pfsense box makes any sense. I don't like over-burdening hosts.
Thank you,
Chris. -
@chrisjx Just curious - have you looked into starlink as an option to your current sat connection? I have no idea what services you can get with that, if they offer inbound services, etc.
But from my understanding suppose to be a faster connection, and cheaper option.
-
@johnpoz
Actually, I have. I checked in yesterday on their sign up page and they came back with a statement that they expect to have coverage in the area of the farm by summer 2022. So I'll likely move to that when the current hughesnet contract is up. The technology looks much better and they're talking up Gb speeds.I'm not holding my breath on this but I'm also keeping my eye on the rural broadband part of the infrastructure bill that passed recently. Come on fiber trench down the road to the farm. Haha.