Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Will dyndns work with another router ahead of pfsense?

    General pfSense Questions
    3
    9
    2001
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      So will dyndns report the correct ip on say the WAN interface if the WAN interface has an ip of like 192.168.1.2

      Will it report the public ip?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        Yes, it will find out the public IP and set that with DynDNS (I use the actual company DynDNS). I have an ADSL router in front of my pfSense, not in bridge mode. But if the front-end device has its public WAN IP change, then pfSense is not going to notice an interface change (the local little private subnet will stay the same, and no hardware down/up on that for pfSense to react to.
        There is a Cron job that wakes up once a day to check the dynamic DNS address. I schedule mine to run every 15 minutes to check if the address is current:

        5,20,35,50  	*  	*  	*  	*  	root  	/usr/bin/nice -n20 /etc/rc.dyndns.update 
        

        But I have noticed that it doesn't actually work.
        I am having a look at the code now, services.inc services_dyndns_configure seems to only do its thing if the dynamic DNS interface is a gateway group. In my case, there is just a plain old WAN, no gateway group.

        1 Reply Last reply Reply Quote 0
        • stephenw10
          stephenw10 Netgate Administrator last edited by

          Looks interesting. So you just changed the interval on an existing cron job?
          I use No-IP free service and I frequently get emails threatening to cut me off because I haven't updated recently. I have in fact been removed from their service several times. It's easy to renew it but very inconvenient. pfSense only updates if the address had changed or 25 (?) days have past and that's not often enough I have found.

          I think you will need to modify the 25 day interval as well as scheduling more frequent checks.

          Steve

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis last edited by

            The relevant chunk of code in services.inc services_dyndns_configure is:

            foreach ($dyndnscfg as $dyndns) {
            	$failovergroup = interface_gateway_group_member($int);
            	if (!empty($int) && $int == $dyndns['interface']) {
            		services_dyndns_configure_client($dyndns);
            		sleep(1);
            	} elseif (is_array($gwgroups[$dyndns['interface']])) {
            		services_dyndns_configure_client($dyndns);
            		sleep(1);				
            	} else {
            		continue;
            	}
            }
            
            

            The regular cron job does not pass an interface parameter ($int is empty). So it goes to the "elseif" above, but that only happens for dyndns interfaces that are a gateway group.
            I can't see why that check is needed, if $int is empty, then we want to do services_dyndns_configure_client for every $dyndns that is in the config.
            This seems simpler and works:

            foreach ($dyndnscfg as $dyndns) {
            	$failovergroup = interface_gateway_group_member($int);
            	if ((empty($int)) || (!empty($int) && $int == $dyndns['interface']) || (is_array($gwgroups[$dyndns['interface']]))) {
            		services_dyndns_configure_client($dyndns);
            		sleep(1);
            	}
            }
            
            

            The dyndns entry gets actioned if $int is empty, if the $int parameter matches the the dyndns entry interface value or if the dyndns interface is a gateway group. This is the previous behaviour, plus some extra dyndns interfaces being actioned for the $int empty case.
            To the developers: is there some special case I am missing here? or does this change look like a good thing in general?
            (It works for me - now my WAN address gets updated in DynDNS when I run /etc/rc.dyndns.update)

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis last edited by

              I use the paid DynDNS service ($US20/year for up to about 30 names), so they don't cut anything off that hasn't been updated. I have a few names that I haven't used for a few months and I can still "nslookup" them on the internet and they resolve to the IP address they last had.
              I guess the free services want to remove "unused" stuff from their DNS servers at some point, and (from their point of view) sooner rather than later.

              1 Reply Last reply Reply Quote 0
              • stephenw10
                stephenw10 Netgate Administrator last edited by

                Does it actually update though?
                When I run /etc/rc.dyndns.update is runs fine but I see this in the log:

                
                Dec 21 16:45:55 	php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
                Dec 21 16:45:55 	php: : DynDns: Current WAN IP: 31.185.***.*** Cached IP: 31.185.***.***
                Dec 21 16:45:55 	php: : DynDns debug information: 31.185.***.*** extracted from local system.
                Dec 21 16:45:55 	php: : DynDns: updatedns() starting
                

                Steve

                1 Reply Last reply Reply Quote 0
                • P
                  phil.davis last edited by

                  With the code changes above, installing Cron package, editing the cron job so it runs every 15 minutes, I am now getting this sequence in the system log each 15 minutes:

                  Dec 21 22:20:01 	php: : DynDns: updatedns() starting
                  Dec 21 22:20:02 	php: : DynDns debug information (myname.dyndns-ip.com): 49.123.111.11 extracted from checkip.dyndns.org
                  Dec 21 22:20:02 	php: : DynDNS (myname.dyndns-ip.com): running get_failover_interface for wan. found vr1
                  Dec 21 22:20:03 	php: : DynDns debug information (myname.dyndns-ip.com): 49.123.111.11 extracted from checkip.dyndns.org
                  Dec 21 22:20:03 	php: : DynDns (myname.dyndns-ip.com): Current WAN IP: 49.123.111.11 Cached IP: 49.123.111.11
                  Dec 21 22:20:03 	php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
                  

                  (I replaced the actual name and real IP with "myname" and "49.123.111.11")
                  And in Services:Dynamic DNS Clients, the entry in the Cached IP column has changed from red to green and the IP matches the real public IP currently allocated to my front-end ADSL box.

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis last edited by

                    And I put the code change on another system just now. At the next interval I got this in system log:

                    Dec 21 22:53:26 	php: : DynDns: updatedns() starting
                    Dec 21 22:53:27 	php: : DynDns debug information (ntc-ibp-inf.dyndns-ip.com): 49.244.236.229 extracted from checkip.dyndns.org
                    Dec 21 22:53:27 	php: : DynDNS (ntc-ibp-inf.dyndns-ip.com): running get_failover_interface for opt1\. found vr2
                    Dec 21 22:53:29 	php: : DynDns debug information (ntc-ibp-inf.dyndns-ip.com): 49.244.236.229 extracted from checkip.dyndns.org
                    Dec 21 22:53:29 	php: : DynDns (ntc-ibp-inf.dyndns-ip.com): Current WAN IP: 49.244.236.229 Cached IP: 49.244.224.120
                    Dec 21 22:53:29 	php: : DynDns debug information (name.dyndns-ip.com): DynDns: cacheIP != wan_ip. Updating. Cached IP: xx.xxx.224.120 WAN IP: xx.xxx.236.229
                    Dec 21 22:53:29 	php: : DynDNS (ntc-ibp-inf.dyndns-ip.com): DynDns _update() starting.
                    Dec 21 22:53:29 	kernel: Bump sched buckets to 256 (was 0)
                    Dec 21 22:53:33 	php: : DynDNS (name.dyndns-ip.com): DynDns _checkStatus() starting.
                    Dec 21 22:53:33 	php: : DynDNS (name.dyndns-ip.com): Current Service: dyndns
                    Dec 21 22:53:34 	php: : DynDns debug information (name.dyndns-ip.com): xx.xxx.236.229 extracted from checkip.dyndns.org
                    Dec 21 22:53:34 	php: : phpDynDNS: updating cache file /conf/dyndns_opt1dyndns'name.dyndns-ip.com'0.cache: xx.xxx.236.229
                    Dec 21 22:53:34 	php: : phpDynDNS (name.dyndns-ip.com): (Success) IP Address Changed Successfully! (xx.xxx.236.229)
                    

                    This system has OpenVPN site-to-site servers. Now that the dynamic IP has been automatically updated with DynDNS, the clients have found the servers and the site-to-site VPN links came up.
                    I'm glad this post jogged my interest again and got me to look into this - I had been having trouble keeping OpenVPN servers accessible in these type of configs, where the server and DynDNS updater is on a pfSense box that hides behind an ADSL router.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10
                      stephenw10 Netgate Administrator last edited by

                      Hmm, Ok.
                      My own box is not hidden behind NAT the WAN interface has my public IP. Thus it does not have to use a service like checkip.dyndns.org to discover the public address. The address doesn't change so it it does nothing and after about 18 days I get emails. After 25 days it will send the update information even it's still the same but it seems that interval is now too long, for No-IP at least.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy