Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP Server outbound interface for DDNS updates?

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 314 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matsan
      last edited by

      Hello,
      our SG-3100 in a remote office is running DHCP Server on LAN (192.168.52.0/24) and at the same time acting as a OpenVPN Client to connect to HQ. OpenVPN uses 10.3.101.0/30 as the Tunnel Network for peer-to-peer functionality to be enabled. DHCP Server is configured with the address in HQ for Dynamic DNS registration.

      When checking the logs at the DNS in HQ (bind 9) I see that the DDNS updates are originating from the OpenVPN interface 10.3.101.2 instead of the LAN IP 192.168.52.4.

      Is there a way to fix this? (Comparing to DNS Resolver where I set the outbound interface to LAN and all works).

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @matsan
        last edited by

        @matsan

        Fix ? Probably not broken.
        The DHCP uses the default gateway : your OpenVPN connection (?)

        Btw : Why would a process (dhcp) running 'in' pfSense = behind every pfSense interfaces, go out to the LAN, go back into the LAN, go trough pfSense, out over the default "WAN", to reach your 'HQ' ?

        I'm using OpenVPN as a server, I've no OpenVPN client experinece, but Policy Routing should be your solution - something like that.

        And why are you surprised that, when you use a "OpenVPN to connect to HQ", connections to HQ are using this connection (OpenVPN). Isn't this what you actually want ?

        @matsan said in DHCP Server outbound interface for DDNS updates?:

        (Comparing to DNS Resolver where I set the outbound interface to LAN and all works).

        Yeah, I know. Totally absurd.
        99,999999999 % change that it won't find "DNS root servers", TLD servers, and domain name servers on any LAN type interface.
        On the other hand : who cares. Routing will take care of things just nicely.
        So : If I set LAN as the "outbound", and then unbound goes out over WAN anyway ...
        ( this starts to look like I didn't understood something here )

        Btw : I know : I've could have set up a rasberry pi with some resolver solution on my LAN , and have unbound forward to it.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 0
        • M
          matsan @Gertjan
          last edited by

          @Gertjan Default gateway for the SG-3100 is itself, not the OpenVPN connection to HQ. Local clients go out through 192.168.52.4.

          "And why are you surprised that, when you use a "OpenVPN to connect to HQ", connections to HQ are using this connection (OpenVPN). Isn't this what you actually want ?"

          Actually yes I am surprised since the DHCP Server is configured for the LAN interface.

          Setting DNS Resolver to use LAN as Outbound port makes the SG-3100 in remote office look like a remote office client (i.e. in 192.168.52.0/24 network, not the OpenVPN peer-to-peer network).

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @matsan
            last edited by

            @matsan said in DHCP Server outbound interface for DDNS updates?:

            Actually yes I am surprised since the DHCP Server is configured for the LAN interface.

            The DHCP server 'serves' leases on the LAN.
            That's one part of the job.

            You are also using :

            @matsan said in DHCP Server outbound interface for DDNS updates?:

            DHCP Server is configured with the address in HQ for Dynamic DNS registration.

            and that's another job, using the interface that lead to the upstream ( ? ) DDNS service, your HQ.
            That traffic won't go over LAN .... HQ isn't on LAN.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.