DHCP Server outbound interface for DDNS updates?
-
Hello,
our SG-3100 in a remote office is running DHCP Server on LAN (192.168.52.0/24) and at the same time acting as a OpenVPN Client to connect to HQ. OpenVPN uses 10.3.101.0/30 as the Tunnel Network for peer-to-peer functionality to be enabled. DHCP Server is configured with the address in HQ for Dynamic DNS registration.When checking the logs at the DNS in HQ (bind 9) I see that the DDNS updates are originating from the OpenVPN interface 10.3.101.2 instead of the LAN IP 192.168.52.4.
Is there a way to fix this? (Comparing to DNS Resolver where I set the outbound interface to LAN and all works).
-
Fix ? Probably not broken.
The DHCP uses the default gateway : your OpenVPN connection (?)Btw : Why would a process (dhcp) running 'in' pfSense = behind every pfSense interfaces, go out to the LAN, go back into the LAN, go trough pfSense, out over the default "WAN", to reach your 'HQ' ?
I'm using OpenVPN as a server, I've no OpenVPN client experinece, but Policy Routing should be your solution - something like that.
And why are you surprised that, when you use a "OpenVPN to connect to HQ", connections to HQ are using this connection (OpenVPN). Isn't this what you actually want ?
@matsan said in DHCP Server outbound interface for DDNS updates?:
(Comparing to DNS Resolver where I set the outbound interface to LAN and all works).
Yeah, I know. Totally absurd.
99,999999999 % change that it won't find "DNS root servers", TLD servers, and domain name servers on any LAN type interface.
On the other hand : who cares. Routing will take care of things just nicely.
So : If I set LAN as the "outbound", and then unbound goes out over WAN anyway ...
( this starts to look like I didn't understood something here )Btw : I know : I've could have set up a rasberry pi with some resolver solution on my LAN , and have unbound forward to it.
-
@Gertjan Default gateway for the SG-3100 is itself, not the OpenVPN connection to HQ. Local clients go out through 192.168.52.4.
"And why are you surprised that, when you use a "OpenVPN to connect to HQ", connections to HQ are using this connection (OpenVPN). Isn't this what you actually want ?"
Actually yes I am surprised since the DHCP Server is configured for the LAN interface.
Setting DNS Resolver to use LAN as Outbound port makes the SG-3100 in remote office look like a remote office client (i.e. in 192.168.52.0/24 network, not the OpenVPN peer-to-peer network).
-
@matsan said in DHCP Server outbound interface for DDNS updates?:
Actually yes I am surprised since the DHCP Server is configured for the LAN interface.
The DHCP server 'serves' leases on the LAN.
That's one part of the job.You are also using :
@matsan said in DHCP Server outbound interface for DDNS updates?:
DHCP Server is configured with the address in HQ for Dynamic DNS registration.
and that's another job, using the interface that lead to the upstream ( ? ) DDNS service, your HQ.
That traffic won't go over LAN .... HQ isn't on LAN.