DHCP Server outbound interface for DDNS updates?

matsan

Hello,
our SG-3100 in a remote office is running DHCP Server on LAN (192.168.52.0/24) and at the same time acting as a OpenVPN Client to connect to HQ. OpenVPN uses 10.3.101.0/30 as the Tunnel Network for peer-to-peer functionality to be enabled. DHCP Server is configured with the address in HQ for Dynamic DNS registration.

When checking the logs at the DNS in HQ (bind 9) I see that the DDNS updates are originating from the OpenVPN interface 10.3.101.2 instead of the LAN IP 192.168.52.4.

Is there a way to fix this? (Comparing to DNS Resolver where I set the outbound interface to LAN and all works).

Gertjan

@matsan

Fix ? Probably not broken.
The DHCP uses the default gateway : your OpenVPN connection (?)

Btw : Why would a process (dhcp) running 'in' pfSense = behind every pfSense interfaces, go out to the LAN, go back into the LAN, go trough pfSense, out over the default "WAN", to reach your 'HQ' ?

I'm using OpenVPN as a server, I've no OpenVPN client experinece, but Policy Routing should be your solution - something like that.

And why are you surprised that, when you use a "OpenVPN to connect to HQ", connections to HQ are using this connection (OpenVPN). Isn't this what you actually want ?

@matsan said in DHCP Server outbound interface for DDNS updates?:

(Comparing to DNS Resolver where I set the outbound interface to LAN and all works).

Yeah, I know. Totally absurd.
99,999999999 % change that it won't find "DNS root servers", TLD servers, and domain name servers on any LAN type interface.
On the other hand : who cares. Routing will take care of things just nicely.
So : If I set LAN as the "outbound", and then unbound goes out over WAN anyway ...
( this starts to look like I didn't understood something here )

Btw : I know : I've could have set up a rasberry pi with some resolver solution on my LAN , and have unbound forward to it.

matsan

@Gertjan Default gateway for the SG-3100 is itself, not the OpenVPN connection to HQ. Local clients go out through 192.168.52.4.

"And why are you surprised that, when you use a "OpenVPN to connect to HQ", connections to HQ are using this connection (OpenVPN). Isn't this what you actually want ?"

Actually yes I am surprised since the DHCP Server is configured for the LAN interface.

Setting DNS Resolver to use LAN as Outbound port makes the SG-3100 in remote office look like a remote office client (i.e. in 192.168.52.0/24 network, not the OpenVPN peer-to-peer network).

Gertjan

@matsan said in DHCP Server outbound interface for DDNS updates?:

Actually yes I am surprised since the DHCP Server is configured for the LAN interface.

The DHCP server 'serves' leases on the LAN.
That's one part of the job.

You are also using :

@matsan said in DHCP Server outbound interface for DDNS updates?:

DHCP Server is configured with the address in HQ for Dynamic DNS registration.

and that's another job, using the interface that lead to the upstream ( ? ) DDNS service, your HQ.
That traffic won't go over LAN .... HQ isn't on LAN.