Not Updating Dynamic DNS
I'm on latest 2.1-RELEASE (i386) on an Atom mobo with dual Intel NICs. I've got an account with afraid.org to update my DNS name. In pfSense, I have Afraid.org setup (freeDNS) and the Cached IP is showing green in pfSense. However, my WAN IP address isn't getting updated through Afraid. Logging into the freedns.afraid.org site, I can see the wrong IP listed for my DNS name. I do have a few OpenVPN clients running on my system now. I wonder if that's the cause?
Yup. Just looked. It appears that the IP address that afraid.org is getting is one of the endpoints for an OpenVPN client. How can I have DynamicDNS updates go through my WAN, and not one of my OpenVPN clients? Thanks!
People using an OpenVPN client on their laptop should not be setting it to update your "site" afraid.org name - that will really stuff you up when they are using WiFi at a local cafe. If they need their laptop to be remotely accessible by DNS name for some reason, then they should each have their own DNS name and password.
The "site" DNS name and updating password should only be known to the pfSense at "site".
I think I might not have explained my issue very well. Sorry!
I have 3 OpenVPN clients running on my pfSense machine. They are for my Private Internet Access VPN connection. I have rules setup on my pfSense that will route certain traffic over these OpenVPN connections. So this has nothing to do with external laptops etc.
I think I have solved my issue. Under GENERAL, I did not have this option checked:
Allow DNS server list to be overridden by DHCP/PPP on WAN
Once I did that, I did another force update on DynamicDNS. It seemed to take after that.
No, this did not work. I tried disabling one of my OpenVPN clients. Once I did that, DynDNS went through as expected and updated correctly. I really need to get this fixed as I tunnel some traffic over these OpenVPN links. I thought it was a gateway group, but I deleted that group, and DynDNS still isn't updating correctly. What info can I provide to help with this? Thanks!
Sounds like you have a real WAN and then some VPN clients connecting out to VPN provider/s. You route various traffic from your LAN across certain VPN client links.
You should be able to define a dynamic DNS, on the interface gateway you want (e.g. WAN, or 1 of your VPN client endpoints, or a gateway group that is a bunch of interface gateways) and pfSense will find the effective real (upstream if necessary) public IP of that interface and set the dynamic DNS name to that address with the dynamic DNS service provider.
Tell us what interfaces/gateways you have, which ones have real public IPs, which interface IP you want the dynamic DNS name to resolve to, what settings you currently have in Dynamic DNS.
Just a thought, but the other thing to remember about DDNS with FreeDNS is the actual entry of the DNS info in pfsense is a little different from other sites.
You don't need a Username at all, just the Domain name and the generated Token from the FreeDNS site. And remember if you have multiple Domains on FreeDNS, they each get different tokens. I usually cut and paste them out of the example scripts they provide on the site.
You probably already know all this, but I remember it bit me back when I first started using FreeDNS ;)
Hostname = you.domain.com
Password = This is the “direct url” in your account in FreeDNS. In your FreeDNS account, over to the left click DynamicDNS, then down near the bottom where you see your ddns name, click Direct URL. It will give you a blank page, in the URL there is a long string after the ? in the URL.
For example http://freedns.afraid.org/dynamic/update.php?dfgdsgfsdjk689GYUIFdfg==
this is what you want to paste in the password field in pf: dfgdsgfsdjk689GYUIFdfg
Thanks for the response! It appears that the reason that Afraid.org wasn't updating correctly because I have a PIA VPN account. The DynDNS request was going out the PIA OpenVPN client gateway and my DynDNS account was using that IP instead of my WAN IP. I also had a secondary DynDNS updater. I have fixed this by removing that second updater and verifying that the Afraid.org updater was going out my WAN port.
If you didn't have the problems you encountered, I'd have been very worried.