Multi-Wan 2.0 & DynDNS problem
-
Hi,
Yesterday I had setup a pfSense 2.0 RC3 (21st June build) with 2 PPPoE WAN links, primarily for loadbalance and failover.
Both the WAN IPs are dynamic and dyndns.org is configured for them. In the routing table on command line I see following:
netstat -rnfinet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 122.160.xxx.157 UGS 1 13027 pppoe0 4.2.2.2 59.177.xx.1 UGHS 0 52 pppoe1 8.8.8.8 122.160.xxx.157 UGHS 0 149 pppoe0 59.177.xx.1 link#10 UH 0 0 pppoe1 59.177.xx.122 link#10 UHS 0 0 lo0 68.180.xxx.184 122.160.xxx.157 UGHS 0 1159 pppoe0 74.125.xxx.48 59.177.xx.1 UGHS 0 1159 pppoe1 122.160.xxx.55 122.160.xxx.157 UGHS 0 1786 pppoe0 122.160.xxx.157 link#9 UH 0 0 pppoe0 122.163.xxx.23 link#9 UHS 0 0 lo0 127.0.0.1 link#5 UH 0 142 lo0 192.168.1.0/24 link#2 U 0 4354193 em0 192.168.1.xxx link#2 UHS 0 0 lo0 202.56.xxx.6 122.160.xxx.157 UGHS 0 1694 pppoe0 202.159.xxx.229 59.177.xx.1 UGHS 0 5230 pppoe1 203.94.xxx.70 59.177.xx.1 UGHS 0 5251 pppoe1
I have configured seperate public DNS servers in "System -> General Setup" for each of the gateway.
In "System -> Routing -> Gateways" none of the gateways is selected as default gateway. There is just one gateway group configured with both the gateways at "Tier 1" and equal weights. The firewall rule allows any from LAN to any destination through the above loadbalance gateway group.
When the PPPOE0 went down, all the requests from LAN were going fine through PPPOE1 but DynDNS updates were not happening automatically for PPPOE1. I had to force the update by doing "Edit -> Save" on dyndns entry for PPPOE1. Since it was on remote site, I had to ask for the changed IP everytime a new had been handed out.
Today, when the PPPOE0 came up, it got automatically updated on dyndns. I see that traceroute to both the DNS go through seperate gateways as configured, but dyndns.com takes only the default route.
Am I missing anything here?
-
Try enabling allow switching default gateway under system advanced.
-
Enabled it.
Will ask them to pull the plug on current default GW when their office opens tomorrow morning for testing.
So this means that any communication that happens between pfSense itself and the Internet, will happen using the default route while for rest of the traffic firewall / policy routing rules apply?
-
After enabling default gateway switching in "Advanced Settings", I brought PPPOE0 interface down by entering incorrect username.
The routing table showed following:
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire 4.2.2.2 120.59.xx.1 UGHS 0 2 pppoe1 74.125.xxx.48 120.59.xx.1 UGHS 0 83 pppoe1 120.59.xx.1 link#10 UH 0 0 pppoe1 120.59.xx.161 link#10 UHS 0 0 lo0 127.0.0.1 link#5 UH 0 142 lo0 192.168.1.0/24 link#2 U 0 0 em0 192.168.1.xx link#2 UHS 0 0 lo0 202.159.xx.229 120.59.xx.1 UGHS 0 0 pppoe1 203.94.xx.70 120.59.xx.1 UGHS 0 2 pppoe1
There is no default route and I was not able to reach dyn.com from pfsense CLI.
ping dyn.com PING dyn.com (204.13.248.115): 56 data bytes ping: sendto: No route to host and traceroute -n dyn.com traceroute: findsaddr: failed to connect to peer for src addr selection.
Once PPPOE0 is back, routing table has a "default" entry to it's gateway.
I am perplexed now :(
-
What si the status of your gateways at this time?
-
This time both the links are up and surprisingly default route is assigned to PPPOE1 which used to be PPPOE0 earlier.
PPPoE0's dyndns entry is updated but PPPoE1 is still stale.
netstat -rnfinet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 59.177.xx.1 UGS 1 1597 pppoe1 4.2.2.2 59.177.xx.1 UGHS 0 0 pppoe1 8.8.8.8 122.160.xxx.157 UGHS 0 0 pppoe0 59.177.xx.1 link#10 UH 0 0 pppoe1 59.177.xx.134 link#10 UHS 0 0 lo0 68.180.xxx.184 122.160.130.157 UGHS 0 5433 pppoe0 74.125.xxx.48 59.177.72.1 UGHS 0 5433 pppoe1 122.160.xxx.55 122.160.130.157 UGHS 0 3452 pppoe0 122.160.xxx.157 link#9 UH 0 0 pppoe0 122.161.xx.162 link#9 UHS 0 0 lo0 127.0.0.1 link#5 UH 0 142 lo0 192.168.1.0/24 link#2 U 0 132571 em0 192.168.1.xxx link#2 UHS 0 0 lo0 202.56.xxx.6 122.160.130.157 UGHS 0 4796 pppoe0 202.159.xxx.229 59.177.72.1 UGHS 0 3325 pppoe1 203.94.xxx.70 59.177.72.1 UGHS 0 3327 pppoe1
Following are the logs for PPPoE1 which doesn't update dyndns automatically. Note that "Cached IP" is not getting updated in the cache file and the value is same for both the instances in this log:
Aug 20 02:21:51 thehop php: : DynDns: updatedns() starting Aug 20 02:21:51 thehop php: : DynDns debug information: 59.177.xx.121 extracted from local system. Aug 20 02:21:51 thehop php: : DynDns: Current WAN IP: 59.177.x.121 Cached IP: 120.59.xx.161 Aug 20 02:21:51 thehop php: : DynDns debug information: DynDns: cacheIP != wan_ip. Updating. Cached IP: 120.59.xx.161 WAN IP: 59.177.xx.121 Aug 20 02:21:51 thehop php: : DynDns: DynDns _update() starting. Aug 20 02:23:07 thehop php: : DynDns: DynDns _checkStatus() starting. Aug 20 02:23:07 thehop php: : DynDns: Current Service: dyndns Aug 20 08:21:58 thehop php: : DynDns: updatedns() starting Aug 20 08:21:58 thehop php: : DynDns debug information: 59.177.xx.134 extracted from local system. Aug 20 08:21:58 thehop php: : DynDns: Current WAN IP: 59.177.xx.134 Cached IP: 120.59.xx.161 Aug 20 08:21:58 thehop php: : DynDns debug information: DynDns: cacheIP != wan_ip. Updating. Cached IP: 120.59.xx.161 WAN IP: 59.177.xx.134 Aug 20 08:21:58 thehop php: : DynDns: DynDns _update() starting. Aug 20 08:23:13 thehop php: : DynDns: DynDns _checkStatus() starting. Aug 20 08:23:13 thehop php: : DynDns: Current Service: dyndns
And these are the logs pertaining to PPPoE0 which is updated successfully:
Aug 20 10:07:33 thehop php: : DynDns: updatedns() starting Aug 20 10:07:33 thehop php: : DynDns debug information: 122.161.xx.162 extracted from local system. Aug 20 10:07:33 thehop php: : DynDns: Current WAN IP: 122.161.xx.162 Cached IP: 122.176.xx.245 Aug 20 10:07:33 thehop php: : DynDns debug information: DynDns: cacheIP != wan_ip. Updating. Cached IP: 122.176.xx.245 WAN IP: 122.161.xx.162 Aug 20 10:07:33 thehop php: : DynDns: DynDns _update() starting. Aug 20 10:07:34 thehop php: : DynDns: DynDns _checkStatus() starting. Aug 20 10:07:34 thehop php: : DynDns: Current Service: dyndns Aug 20 10:07:34 thehop php: : DynDns debug information: 122.161.xx.162 extracted from local system. Aug 20 10:07:34 thehop php: : phpDynDNS: updating cache file /conf/dyndns_wandyndns'gslxxxx.dyndns.org'.cache: 122.161.xx.162 Aug 20 10:07:34 thehop php: : phpDynDNS: (Success) IP Address Changed Successfully! (122.161.xx.162)
-
I'm trying to accomplish the same thing and need to check the PPPoE logs. Are you using the web gui and looking at a specific log, or is it something you are filtering from the system log?
PPPoE is not one of the tabs in my system logs on the web gui.
Thanks,
Mark
-
-
Now I feel a little stupid ;D. Thanks for that, couldn't see it for looking.
Mark
-
The problem still persists and the occurance is random. Additionally, I get following alert in the email on multiWAN setup:
Gateways status could not be determined, considering all as up/active.
Recently, I have installed a pfSense box with single WAN and that too is randomly not updating "dynDNS" servers at times.
Is it better and more reliable to use RFC2136 and TSIG key on dynDNS?