(Bug) Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15831 ms: No route to host

SipriusPT · Dec 23, 2021, 4:52 PM

Even checking that port 443 from that node, it shows as openned:

Running: /usr/local/bin/nmap  -sS -e lagg0.4088 'members.dyndns.com'
Starting Nmap 7.91 ( https://nmap.org ) at 2021-12-23 16:50 WET
Nmap scan report for members.dyndns.com (162.88.175.12)
Host is up (0.17s latency).
rDNS record for 162.88.175.12: vip.web1-05-ussnn1.prod.dc.dyndns.com
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 13.04 seconds

SipriusPT · Dec 23, 2021, 5:32 PM

And curling that 443 port, on members.dyndns.com from everywhere, I got a 404 error.

Curling to 80 port on checkip.dyndns.org, it works as expected.

SipriusPT · Dec 23, 2021, 5:49 PM

If I set verbose mode on that dynamic DNS entry, I got the following info:

Dec 23 17:40:26	php	98159	rc.dyndns.update: Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15729 ms: No route to host
Dec 23 17:40:26	php	98159	rc.dyndns.update: Dynamic DNS dyndns-custom (x.getmyip.com): _checkStatus() starting.
Dec 23 17:40:26	php	98159	rc.dyndns.update: Response Data:
Dec 23 17:40:26	php	98159	rc.dyndns.update: Response Header:
Dec 23 17:40:10	php	98159	rc.dyndns.update: Dynamic DNS dyndns-custom (x.getmyip.com): _update() starting.
Dec 23 17:40:10	php	98159	rc.dyndns.update: DynDns (x.getmyip.com): Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: 0.0.0.0 WAN IP: x.x.x.226
Dec 23 17:40:10	php	98159	rc.dyndns.update: Dynamic Dns (x.getmyip.com): Current WAN IP: x.x.x.226 Cached IP: 0.0.0.0
Dec 23 17:40:10	php	98159	rc.dyndns.update: Dynamic DNS dyndns-custom (x.getmyip.com): x.x.x.226 extracted from Check IP Service
Dec 23 17:40:09	php	98159	rc.dyndns.update: Dynamic DNS (x.getmyip.com): running get_failover_interface for opt3. found lagg0.4090
Dec 23 17:40:09	php	98159	rc.dyndns.update: Dynamic DNS dyndns-custom (x.getmyip.com): x.x.x.226 extracted from Check IP Service
Dec 23 17:40:03	php	98159	rc.dyndns.update: Dynamic DNS: updatedns() starting

Gertjan · Feb 1, 2022, 4:00 PM

@sipriuspt said in Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15831 ms: No route to host:

members.dyndns.org port

Ok, members.dyndns.org port resolves fine.
The other end is picking up the phone, but refuses to talk.
The

No route to host

isn't really what this is all about.

Is it a TLS error ?
Just a wild shot : is the time of your pfSense correct ?
Another one : don't ripe out the power, do a clean shut down. When the un it is down, remove the power, count to 60, put the power back.
Retry.

SipriusPT · Feb 1, 2022, 4:00 PM

@gertjan sorry for the late response.

Is it a TLS error ?

Dont seems to be, in both firewalls I got 404 with https://members.dyndns.org.

is the time of your pfSense correct ?

Same time set.

don't ripe out the power, do a clean shut down. When the un it is down, remove the power, count to 60, put the power back. Retry.

Same output.

SipriusPT · Feb 1, 2022, 4:56 PM

Why am I starting to think that this is a bug ...

If I dont find any aparent reason for this to happean, I will backup and factory reset this box and restore that backup.

SipriusPT · Feb 1, 2022, 5:45 PM

Even on primary box I have thousands of:

rc.dyndns.update: Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15729 ms: No route to host

Now I am unable to identify the source of that problem on secundary box through logs ....

Gertjan · Feb 3, 2022, 2:19 PM

@sipriuspt said in Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15831 ms: No route to host:

Dont seems to be, in both firewalls I got 404 with https://members.dyndns.org

Then from a 'traffic' point of view - your side-their side - all is well.

It looks like "dyndns.org" changed something, on their side of course.

SipriusPT · Feb 3, 2022, 2:19 PM

Thanks a lot for the help @Gertjan, I openned an issue on pfSense bug tracker, and seems like its an already known problem.

From what I see, it happeans more when you have multi WAN, and the tier 1 is offline and tier 2 is up, who is the same that I have here. It has also made problems with other Dynamic DNS services like NoIP.

This one was mine:
https://redmine.pfsense.org/issues/12753

First report:
https://redmine.pfsense.org/issues/12631

So beware ppl.

Gertjan · Feb 3, 2022, 3:58 PM

@sipriuspt

IMHO, you are hit by two issues :

The first one : members.dynds.org is 'dead'. click on the link and you se the problem. It returns a simple '404' ..... That's a "dynds.org" problem.

Btw 'curl' simulates the same http or https request as a web browser like edge, firefox, etc. It gets back the reply and shows, or places it in file, the choice is up to you.

The second one : Multiple WANs : you see a 'route to host' : this tells me that the request can't leave the pfSense box and is indeed a local (pfSense) issue.
It could be a bug, or just a floating firewall rule that forbids that intercepts that typical curl request for going out.
I can't tell, as I never dealt with Multiple WAN,s or grouped WAN type interfaces.

I presume that when you remove your "GW" setup, and you wind up having distinct WAN interfaces, with one being the default, the issue is gone.
That is, now you'll hit the " members.dyndns.org returns 404 ".

SipriusPT · Feb 3, 2022, 5:06 PM

@gertjan you are right about being two issues, but I can live with a 'failed connect' on logs if everything is working fine ehehe

In my case there is no floating rules.

SipriusPT · Apr 1, 2022, 10:53 AM

@gertjan Just to confirm here that after upgrating pfsense OS from 21.05.2 to 22.01, and recreating (copy) all dyndns entries, it finally worked.

Without recrating those dyndns entries, I was having badauths on logs under 22.01 version.