Dynamic DNS service using M-Net as provider
-
Hi folks,
I posted this a few days ago in the German section - but got no answer. This problem is bugging me as I will launch several IPv6-sites soon and I need to figure this out before.
I have a DSL Line from a German provider called M-Net. They operate DS Lite. The access router is a Fritzbox delivered by the provider. On the LAN-side of this router, I run my appliance with PFSense on it. So far, so good.
I would like to remotely access the PFSense appliance, so I set up a DynDNS service. It is a German company called SecurePoint, also known as SPDNS. They have a specific update URL which I set into the PFSense.
The Fritzbox receives a /56-prefix from M-Net and the WAN interface of PFSense is set to DHCP6. It gets an IPv6 address and the update URL works fine. The Fritzbox passes all IPv6 traffic to the interface ID of the PFSense, in other words: IPv6 firewalling on the Fritzbox is off.
In the second the provider changes the IPv6 prefix, the update URL is not working anymore and I cannot access my PFSense from remote anymore. PFSense seems to ignore the new IPv6 address of its WAN interface in terms of not submitting it to the dynamic DNS service.
However, if I manually restart the PFSense (without changing the IPv6 prefix in the meantime), it works and the update information is sent to SPDNS.
What the heck is wrong with this setup?
PFSense 2.2.5 on ALIX APU 2D13, Fritzbox 3272 with Fritz OS 6.24
Cheers,
Volker
-
Check this ticket https://redmine.pfsense.org/issues/2148 because I assume your dyndns problem is also related to the fact, that your pfsense system is behind the router where the WAN IP address changes.
Install the pfsense cron package and edit the /etc/rc.dyndns.update setting via Service -> Cron to check every 5 min.
*/5 * * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update -
Mr. Pink,
thanks a lot. That is a very good hint.
Will try that next time I get to the location. Can't do it remotely as DynDNS is not working … :-)
I will let you know if it solved my problem.
Best,
Volker
-
Check this ticket https://redmine.pfsense.org/issues/2148 because I assume your dyndns problem is also related to the fact, that your pfsense system is behind the router where the WAN IP address changes.
Install the pfsense cron package and edit the /etc/rc.dyndns.update setting via Service -> Cron to check every 5 min.
*/5 * * * * root /usr/bin/nice -n20 /etc/rc.dyndns.updateYou might want to sanitize the frequency?!?! Does your IP change every five minutes?!?!
-
Every five minutes amounts to abuse of checkip.dyndns.org - the documentation says checks must be spaced 10 minutes apart.
You cannot expect pfSense to handle dynamic DNS correctly when it is not obtaining the dynamic address - it has no way of knowing the address has changed other than periodic checks. It is better either to run dynamic DNS on the ISP supplied router or see if there is any way of moving the task of obtaining the dynamic address to pfSense, for example by bridging the ISP router and running any PPP and DHCPv6 on pfSense.
-
Gents,
I am still struggling with this.
I installed the cron package and added the line recommended by doctornotor.
However, the DyDNS-service provider did not receive any update, neither all 5 minutes nor at all.
The dynamic IPv6 on the router changed - and I lost connection to the PFSense again.
Rebooting the PFSense worked, it updated the IPv6 address with the DynDNS-service provider correctly.
Do I need to start cron somehow? I checked with the "top" command and cron is running. I also checked if the line is added in /etc/crontab. It is.PFSense is obtaining its IPv6-WAN-address from the ISP router, it has DHCPv6 running.
I found this note at the bottom of the page to configure DynDNS-service:
"Note:
You must configure a DNS server in System: General setup or allow the DNS server list to be overridden by DHCP/PPP on WAN for dynamic DNS updates to work."Well, I have set the IPv4 address of the ISP router as DNS address. Do I have to add another DNS server, ie the ISPs IPv6 address of the DNS server?
Is it neccessary to specify a gateway on this page?What the heck am I doing wrong here …?
Any inputs are more than welcome, I need to maintain several PFSense appliances on M-Net-DS-Lite lines. And they are installed in distant places and I have a hrad time to convince someone at the location to reboot these appliances all the time...
I am about to install a time switch at the location which turns off the power on the PFSense for one minute in the middle of the night to force a reboot (and thus get an update of its IPv6 address). But this would be really old-fashioned and anything but state-of-the-art....
Regards,
Volker