Dyndns in multiwan environment, WAN2 (opt1) ip update fails



  • Hi,

    i'm using pfSense 2.01 in a multiwan environment.
    Both wans are connected through pppoe directly to the internet and both wans are up.
    There aren't any loadbalancing options active. I use the second wan only for special purpouses.

    The dyndns service for the first wan works flawlessly, but the second entry (WAN2/opt1) fails to update with error:
    "php: /services_dyndns_edit.php: Curl error occurred: couldn't connect to host"

    I've checked /etc/inc/dyndns.class and it seems that curl tries to update the second wan-ip through the opt1 interface and fails.
    Probably some rules in the firewall need to be adjusted, i've no idea?

    A workaround that i come up with is to force curl to use the first WAN interface

    curl_setopt($ch, CURLOPT_INTERFACE, get_interface_ip('wan'));
    

    and deactivate the online parsing of the ip-adress in "_checkIP()".

    Any ideas?



  • @G-l-l4X0r7:

    The dyndns service for the first wan works flawlessly, but the second entry (WAN2/opt1) fails to update with error:
    "php: /services_dyndns_edit.php: Curl error occurred: couldn't connect to host"

    I've checked /etc/inc/dyndns.class and it seems that curl tries to update the second wan-ip through the opt1 interface and fails.

    If I recall correctly, it is  a requirement of some dynamic DNS services that an update request must come from the new IP address.

    It appears that your pfSense is unable to access the dynamic DNS service over opt1.

    @G-l-l4X0r7:

    A workaround that i come up with is to force curl to use the first WAN interface

    It appears that you are attempting to register dynamic-dns-name-of-wan with IP address of your WAN interface and dynamic-dns-name-of-opt1 with IP address of your OPT1 interface. What you have done is likely to result in registering dynamic-dns-name-of-opt1 with IP address of WAN which may not be what you want. Please clarify what you want.

    @G-l-l4X0r7:

    I use the second wan only for special purpouses.

    It is unclear if special purposes includes full internet connectivity or at least connectivity to your dynamic DNS service. (Maybe OPT1 has an upstream firewall which blocks access to the dynamic DNS service.)



  • What you have done is likely to result in registering dynamic-dns-name-of-opt1 with IP address of WAN which may not be what you want.

    It registers the ip-address of opt1 with the dynamic-dns-name-of-opt1 through the wan interface instead of op1 interface. (Dyndns.com luckily accepts that)

    It is unclear if special purposes includes full internet connectivity or at least connectivity to your dynamic DNS service.

    Opt1 has full Internet connectivity and i wanted to know why opt1 can't register its ip with dynamic-dns-name-of-opt1 through its interface?



  • @G-l-l4X0r7:

    i wanted to know why opt1 can't register its ip with dynamic-dns-name-of-opt1 through its interface?

    Your original post reported:
    @G-l-l4X0r7:

    but the second entry (WAN2/opt1) fails to update with error:
    "php: /services_dyndns_edit.php: Curl error occurred: couldn't connect to host"

    so it would appear the reason opt1 can't register through opt1 is that it couldn't (can't) connect to the dynamic DNS service specified. Was this a temporary situation? Was it a break in internet connection between your ISP's router and your DNS provider? Maybe the dynamic DNS web server went down. Maybe ….

    It would probably be useful to verify connectivity from opt1 to your dynamic DNS provider by using the pfSense shell commands ping and traceroute, both with the option to specify an interface on which to send. See the FreeBSD man pages at http://www.freebsd.org/cgi/man.cgi to get the option details.



  • Found it.

    Pinging through opt1 any host from the ssh-console didn't work, even traffic routed through the opt1 interface didn't answer, well ping answered on client machines routet through opt1 (LAN rule) but no internet.
    Setting opt1 as the default gateway enabled traffic routing through opt1, but disabled it on wan. (i've read about this behavior here quite a few times)

    I've deleted my only NAT rule, switched "Allow default gateway switching" on and off and recreated the NAT rule (tcp-rule) exactly like it was before and now everything works, dyndns (without modifications), traffic routet through opt1 etc.

    I couldn't recreate this behavior…

    Edit: I had a layer7-filter-floating-rule which blocked opt1, don't know why...

    Thanks


Locked