Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic DNS old IP

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 5 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zkab
      last edited by

      I have Dynamic DNS (account.dyn.com) and upgraded my Internet speed ... therefore I got a new WAN IP from my ISP.
      In pfSense 'Services/Dynamic DNS' the new WAN IP is in 'cached IP' (green checkmark) ... so everything seems OK.

      When I start an OpenVPN client (Android) I can see from the log that the client is trying to connect to my old WAN IP instead to the new WAN IP.

      Nothing has changed except the new WAN IP ... the OpenVPN client worked OK with the old WAN IP.

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @zkab
        last edited by

        @zkab DNS changes take time to propogate, and that time depends on your host configuration.

        In your DynDNS host what is the "TTL" set to for your subdomain?

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        Z 1 Reply Last reply Reply Quote 0
        • Z
          zkab @rcoleman-netgate
          last edited by

          @rcoleman-netgate In my account.dyn.com TTL=60 sec for the dynamic DNS host zerone.dyndns-remote.com

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @zkab
            last edited by

            @zkab

            Wild guess : in your openvpn client config file, you use the host name, or an IP ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            Z 1 Reply Last reply Reply Quote 0
            • Z
              zkab @Gertjan
              last edited by

              @gertjan In the OpenVPN client I just import the .ovpn that I got from pfSense (client export).
              That is the only config I do ... and it worked before the WAN IP address was changed by my ISP.
              Can it have anything do do with my ISP ... that they do not allow VPN connection?

              Bob.DigB V 2 Replies Last reply Reply Quote 0
              • Bob.DigB
                Bob.Dig LAYER 8 @zkab
                last edited by

                @zkab Open the file in a text editior of your choice and have a look.

                1 Reply Last reply Reply Quote 0
                • V
                  viragomann @zkab
                  last edited by

                  @zkab
                  The question is if there is the IP or the host name in the remote line in the .ovpn file.

                  Z 1 Reply Last reply Reply Quote 0
                  • Z
                    zkab @viragomann
                    last edited by

                    @viragomann Here is an extract of .ovpn

                    remote 100.70.111.232 1194 udp4
                    nobind
                    verify-x509-name "zerone.dyndns-remote.com" name

                    Don't understand '100.70.111.232' ... I have not given that IP anywhere.
                    'zerone.dyndns-remote.com' is my dyndns
                    name for my pfSense

                    Bob.DigB V GertjanG 3 Replies Last reply Reply Quote 0
                    • Bob.DigB
                      Bob.Dig LAYER 8 @zkab
                      last edited by Bob.Dig

                      @zkab You can just edit this line and you are good.
                      If you use the client exporter, there you can change it too. It is not fully automated because you can have many WANs and DDNS addresses etc.

                      1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @zkab
                        last edited by

                        @zkab
                        Your IP seems to be a CG-NAT. So there is no way to access it from outside. It's only for upstream traffic.

                        Z 1 Reply Last reply Reply Quote 2
                        • Z
                          zkab @viragomann
                          last edited by

                          @viragomann Have no experience of CG-NAT.
                          Is this an ISP issue?
                          Should my ISP change something?
                          What must be done to get it working?
                          Don't understand why it worked OK with my old WAN IP before the speed change.

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @zkab
                            last edited by

                            @zkab
                            https://en.wikipedia.org/wiki/Carrier-grade_NAT.

                            It's a private network of the ISP and it's natted to the public address space. So the WAN IP seen by your pfSense isn't a real public IP at all.
                            You can checkout your public IP on https://whatismyipaddress.com.
                            But there is nothing forwarded to you in the ISP network.

                            ISPs use CG-NAT just to save public IPs.

                            You can ask your ISP to get a real public IP again. Or to forward certain ports to you.

                            1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan @zkab
                              last edited by Gertjan

                              @zkab said in Dynamic DNS old IP:

                              Don't understand '100.70.111.232' ... I have not given that IP anywhere.
                              'zerone.dyndns-remote.com' is my dyndns

                              Check the OpenVPN client export :

                              0376b1b8-82d1-4151-ae05-5a08fb21f6d7-image.png

                              By default, it's the IP, or WAN IP.
                              Chose the "host name", as it would incorporate the host name, would be wise ;)
                              You've noticed that the hos name doesn't change, but the IP where it points to, does.
                              That's what dyndns is all about.

                              ( but if you can't reach it,

                              @zkab said in Dynamic DNS old IP:

                              Have no experience of CG-NAT.
                              Is this an ISP issue?
                              Should my ISP change something?
                              What must be done to get it working?

                              See https://en.wikipedia.org/wiki/Carrier-grade_NAT
                              edit : Viragoman had the same idea ;)
                              The issue is : there are no more IPv4 available. So ISPs start to share the same IPv4 among many clients.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              Z 1 Reply Last reply Reply Quote 0
                              • Z
                                zkab @Gertjan
                                last edited by

                                @gertjan I asked my ISP to get a real public IP and got one ... but sadly for a monthly fee.
                                This solved the problems I had with OpenVPN.
                                Thanks again for all your support ... I have learned alot about CG-NAT ... that was a white spot on my map.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.