Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 27.07.2012 12:54, schrieb Frank:

>>- does ist still works, if you call /etc/rc.dyndns.update manually ?

Main difference between /etc/rc.dyndns.update and wget -O- ... is
that rc.dyndns.update uses the system config.
So: wget working and rc.dyndns.update not would indicate a config error.


But why and how would it update the IP after hitting "Save" in the 
WebGUI, if the config was wrong?


-Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 27.07.2012 12:54, schrieb Frank:


BTW: Have you thought about using an own DynDNS Server?


Thought about it, yes. But won't help in this particular case, as my 
customer insists on using no-ip; he recently migrated away from DynDNS 
to no-ip and doesn't want to perform another migration.
I take it he uses no-ip with other systems, too (that aren't as easily 
migrated, like off-the-shelf DSL routers), and probably wants to keep it 
all in one place.



Bit of a problem: pfsense seems not to support gnudip natively
(which is one of the easier ways to make your own DynDNS).


It does support RFC 2136, which sounds like the way to go when you want 
to roll your own dynamic DNS.  I believe a partner company of mine uses 
that for their dynamic DNS needs (albeit purely on Linux, no 
pfSense/*BSD involved, but that shouldn't make a difference).


-Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Frank]

Hi Stefan,

just because you asked...

On Thu, Jul 26, 2012 at 11:14:14PM +0200, Stefan Baur wrote:
> Am 26.07.2012 22:45, schrieb Frank:
...
>> - if you *update* dyndns manually (curl, fetch, wget, whatever) every
>>10m - does  /that/ work?
>>... because just using checkip does not give any information
>>about if or if not the *update* works when periodically executed
>
> I'm not getting what you're trying to prove or disprove with that.  Care  
> to explain?  Fact is, triggering the update by refreshing the DynDNS  
> page in the WebGUI works.

I will try to explain. 
Fist of all: "work" is short for "updates the dyndns as expected".
If you update dyndns manually 
(something like 
wget -O- --no-check-certificate 
https://user:passw...@members.dyndns.org/nic/update?...)
and this works even when called periodically, there is a problem
at your side (script/config).

If the dns is *not* updated, it's possible that dyndns works unreliably
as other people in the thread suspected - or just enforcing the mentioned
update rate limits.

>> - does ist still works, if you call /etc/rc.dyndns.update manually ?

Main difference between /etc/rc.dyndns.update and wget -O- ... is 
that rc.dyndns.update uses the system config. 
So: wget working and rc.dyndns.update not would indicate a config error.

> Depends on what you mean with "works".  I can call the script and it  
> doesn't error out, *but*, it does *not* update the IP.  My guess is that  
> it is trying to check whether or not the WAN IP has changed using its  
> local means (comparing the current interface IP with a previously stored  
> value) and *not* using checkip.dyndns.org. 

that could have been found out using tcpdump :)

.. not necessary any longer as I read - but still a nice exercise.

BTW: Have you thought about using an own DynDNS Server?
Bit of a problem: pfsense seems not to support gnudip natively
(which is one of the easier ways to make your own DynDNS).

-- 
Gruss Frank
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Jeppe Øland]

On Thu, Jul 26, 2012 at 4:25 PM, Stefan Baur
 wrote:
>> There's got to be more in the log than just that!
> Nope, there isn't... but...
> Exactly from there:
>> Do me a favor and see if you maybe by accidend checked the "disable"
> And GH, it seems that I hit that disable checkbox some time when I

Haha - that's classic. :-P

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 27.07.2012 01:16, schrieb Jeppe Øland:

On Thu, Jul 26, 2012 at 2:14 PM, Stefan Baur
 wrote:

- what does your log say about dyndns?


Nothing that would look helpful:
 check_reload_status: Updating all dyndns
is the only message containing the string "dyn", and it only appears once
during startup.


There's got to be more in the log than just that!


Nope, there isn't... but...


Maybe (or not) this bugreport is related to your problem.
The bug is marked as resolved, but I am not sure that's actually true:
 http://redmine.pfsense.org/issues/943


Exactly from there:

This is gonna sound really stupid but:

Do me a favor and see if you maybe by accidend checked the "disable" checkbox 
at the top of the dyndns account settings (i did this once and it took me three days 
to notice this...)


And GH, it seems that I hit that disable checkbox some time when I 
wasn't paying attention.  Will wait for the next upstream IP change to 
confirm, but I guess that was the solution.  Fsck.


Is there a particular reason why this is "check to disable" and not 
"check to enable"?


-Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Jeppe Øland]

On Thu, Jul 26, 2012 at 2:14 PM, Stefan Baur
 wrote:
>> - what does your log say about dyndns?
>
> Nothing that would look helpful:
> check_reload_status: Updating all dyndns
> is the only message containing the string "dyn", and it only appears once
> during startup.

There's got to be more in the log than just that!

Maybe (or not) this bugreport is related to your problem.
The bug is marked as resolved, but I am not sure that's actually true:
http://redmine.pfsense.org/issues/943

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 26.07.2012 23:53, schrieb Nishant Sharma:


Are you running dual WAN setup with gateway failover by any chance?


Nope, single WAN, but in private IP space, as there is another router 
above it.


-Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Nishant Sharma]

On Fri, Jul 27, 2012 at 2:44 AM, Stefan Baur
 wrote:
> Am 26.07.2012 22:45, schrieb Frank:
>
> I'm not getting what you're trying to prove or disprove with that.  Care to
> explain?  Fact is, triggering the update by refreshing the DynDNS page in
> the WebGUI works.

Are you running dual WAN setup with gateway failover by any chance? I
am running a setup and at times dyndns entries are not updated because
it tries before the system could replace the default route with the
gateway of active link.

Both the links of mine are PPPoE.

-Nishant
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 26.07.2012 22:45, schrieb Frank:


Hi Stefan,

On Thu, Jul 26, 2012 at 09:09:35AM +0200, Stefan Baur wrote:

Am 25.07.2012 18:36, schrieb RB:


However, repeatedly firing off

fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address:
\(.*\)<\/body>.*$/\1/'
within the same minute doesn't error out, so it doesn't look like a limit
that's enforced by dyndns.


Just some thoughts:

- what does your log say about dyndns?


Nothing that would look helpful:
check_reload_status: Updating all dyndns
is the only message containing the string "dyn", and it only appears 
once during startup.



- are there messages about cron-errors in the logs
   (maybe invisable special character, ..)


Nope. Would be hard to mess that up, anyways, when using the built-in vi 
to change that single line (it's not like I'm using Microsoft Word to 
edit the crontab...).



- if you *update* dyndns manually (curl, fetch, wget, whatever) every
   10m - does  /that/ work?
   ... because just using checkip does not give any information
   about if or if not the *update* works when periodically executed


I'm not getting what you're trying to prove or disprove with that.  Care 
to explain?  Fact is, triggering the update by refreshing the DynDNS 
page in the WebGUI works.



- does ist still works, if you call /etc/rc.dyndns.update manually ?


Depends on what you mean with "works".  I can call the script and it 
doesn't error out, *but*, it does *not* update the IP.  My guess is that 
it is trying to check whether or not the WAN IP has changed using its 
local means (comparing the current interface IP with a previously stored 
value) and *not* using checkip.dyndns.org.  However, I don't know which 
part of the code is responsible for that.  Pointers greatly appreciated. 
 I'm too much of a sysadmin and not enough of a coder to figure that 
out on my own.



- do some brute-force debugging :)
   - replace  /etc/rc.dyndns.update by an own script. See if it's called


Rather than doing that, I just added some log code to the existing 
script.  It shows up in the System Log every 10 minutes, as scheduled.



   - tcpdump the connection with the dyndns Server, analyze dump


pfSense is said to use checkip.dyndns.org for IP checking even when 
using no-ip as the dynamic DNS provider. Which one should I be looking 
for, the attempt to communicate with checkip.dyndns.org or the attempt 
to update the record with no-ip?


-Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Frank]

Hi Stefan,

On Thu, Jul 26, 2012 at 09:09:35AM +0200, Stefan Baur wrote:
> Am 25.07.2012 18:36, schrieb RB:
>
>>> However, repeatedly firing off
>>>
>>> fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address:
>>> \(.*\)<\/body>.*$/\1/'
>>> within the same minute doesn't error out, so it doesn't look like a limit
>>> that's enforced by dyndns.

Just some thoughts:

- what does your log say about dyndns?
- are there messages about cron-errors in the logs 
  (maybe invisable special character, ..)
- if you *update* dyndns manually (curl, fetch, wget, whatever) every 
  10m - does  /that/ work?
  ... because just using checkip does not give any information
  about if or if not the *update* works when periodically executed
- does ist still works, if you call /etc/rc.dyndns.update manually ?
- do some brute-force debugging :)
  - replace  /etc/rc.dyndns.update by an own script. See if it's called
  - tcpdump the connection with the dyndns Server, analyze dump


-- 
Gruss Frank
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[RB]

On Thu, Jul 26, 2012 at 1:09 AM, Stefan Baur
 wrote:
> Still no luck. :-( Old IP shows up as red after the nightly IP change.

Crud, sorry to hear but unsurprised.

> You mentioned a cron job for updating; are you hijacking pfSense built-in
> functions for that or did you roll your own script that needs to be passed
> login credentials for the DynDNS provider?

I've switched to another package (ddclient) running on another
internal system for consistency's sake.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 25.07.2012 18:36, schrieb RB:


However, repeatedly firing off

fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address:
\(.*\)<\/body>.*$/\1/'
within the same minute doesn't error out, so it doesn't look like a limit
that's enforced by dyndns.


My only guess is that they're enforcing by trend rather than burst.
Regardless, I'll be interested to know your outcome.


Still no luck. :-( Old IP shows up as red after the nightly IP change.

You mentioned a cron job for updating; are you hijacking pfSense 
built-in functions for that or did you roll your own script that needs 
to be passed login credentials for the DynDNS provider?


-Stefan

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 25.07.2012 23:30, schrieb Fuchs, Martin:

I also had many problems and since I use noip now, the problems have gone...
It's still the case that dyndns updates sometimes work and sometimes not :-(


I *am* using no-ip, however, pfSense uses the checkip.dyndns.org server 
to check for the current IP (at least that's how I remember it from one 
of our Gurus on this list, probably Chris or Seth).


-Stefan

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Fuchs, Martin]

I also had many problems and since I use noip now, the problems have gone...
It's still the case that dyndns updates sometimes work and sometimes not :-(

Am 25.07.2012 um 18:38 schrieb "RB" :

> On Wed, Jul 25, 2012 at 10:32 AM, Stefan Baur
>  wrote:
>> Okay, indeed it says so there (and I've updated my crontab accordingly).
>> Thanks for pointing that out.
> 
> Not a problem, the problem you outline is of interest to me because I
> even see DDNS update issues having a public IP on my WAN; the trigger
> doesn't seem to work very well whereas a cron job does tend to.
> 
>> However, repeatedly firing off
>> 
>> fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address:
>> \(.*\)<\/body>.*$/\1/'
>> within the same minute doesn't error out, so it doesn't look like a limit
>> that's enforced by dyndns.
> 
> My only guess is that they're enforcing by trend rather than burst.
> Regardless, I'll be interested to know your outcome.
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
> 
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[RB]

On Wed, Jul 25, 2012 at 10:32 AM, Stefan Baur
 wrote:
> Okay, indeed it says so there (and I've updated my crontab accordingly).
> Thanks for pointing that out.

Not a problem, the problem you outline is of interest to me because I
even see DDNS update issues having a public IP on my WAN; the trigger
doesn't seem to work very well whereas a cron job does tend to.

> However, repeatedly firing off
>
> fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address:
> \(.*\)<\/body>.*$/\1/'
> within the same minute doesn't error out, so it doesn't look like a limit
> that's enforced by dyndns.

My only guess is that they're enforcing by trend rather than burst.
Regardless, I'll be interested to know your outcome.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 25.07.2012 18:24, schrieb RB:

On Wed, Jul 25, 2012 at 10:19 AM, Stefan Baur
 wrote:

I thought there was a maximum allowable frequency (e.g. 10 minutes)
for hitting checkip.dyndns.org, but can't currently find documentation
of that.



The limit is for hitting the update server, not for hitting
checkip.dyndns.org (but feel free to prove me wrong).


Here you go: http://dyn.com/support/developers/checkip-tool/


Okay, indeed it says so there (and I've updated my crontab accordingly). 
Thanks for pointing that out.


However, repeatedly firing off
fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address: 
\(.*\)<\/body>.*$/\1/'
within the same minute doesn't error out, so it doesn't look like a 
limit that's enforced by dyndns.


Anyways, I guess all I can do now is wait for the next IP update 
(probably around 4:00am CEST) and see if it works with the 10 minute 
setting.


-Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[RB]

On Wed, Jul 25, 2012 at 10:19 AM, Stefan Baur
 wrote:
>> I thought there was a maximum allowable frequency (e.g. 10 minutes)
>> for hitting checkip.dyndns.org, but can't currently find documentation
>> of that.
>
>
> The limit is for hitting the update server, not for hitting
> checkip.dyndns.org (but feel free to prove me wrong).

Here you go: http://dyn.com/support/developers/checkip-tool/
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 25.07.2012 18:17, schrieb RB:


I thought there was a maximum allowable frequency (e.g. 10 minutes)
for hitting checkip.dyndns.org, but can't currently find documentation
of that.


The limit is for hitting the update server, not for hitting 
checkip.dyndns.org (but feel free to prove me wrong).


-Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[RB]

On Wed, Jul 25, 2012 at 9:55 AM, Stefan Baur
 wrote:
> */5 *   *   * *   root/usr/bin/nice -n20
> /etc/rc.dyndns.update
>
> would solve my issues. However, it does not work (any more?).
>
> When I log in to the GUI, I see the IP displayed in red, meaning it is not
> current.

I thought there was a maximum allowable frequency (e.g. 10 minutes)
for hitting checkip.dyndns.org, but can't currently find documentation
of that.  Have you tried with 10-20 minutes?
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Stefan Baur]

Am 25.07.2012 18:02, schrieb Michael Schuh:

Hi Stefan,

you are in Germany - right?
i suggest:
most DSL-Providers "spend" you a firm IP-Address if you ask.
Most times it will cost you just the phone call. some will bill you 5 €.
So no more dynamic dns needed. no hussle, no troubles.

HTH


Sadly, no. That doesn't scale well (we're talking a 2-digit number of 
installations, with a lot more planned, and various providers).


-Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

[Michael Schuh]

Hi Stefan,

you are in Germany - right?
i suggest:
most DSL-Providers "spend" you a firm IP-Address if you ask.
Most times it will cost you just the phone call. some will bill you 5 €.
So no more dynamic dns needed. no hussle, no troubles.

HTH

greetings

m.

2012/7/25 Stefan Baur 

> Hi list,
>
> as previously mentioned on this list, I'm running my pfSense boxes within
> private address space, so they can't detect the WAN ip change on their own
> interface, as what they believe is their WAN ip is just another private
> address.
>
> Therefore, I need to rely on the mechanism that connects to
> checkip.dyndns.org.
>
> My previous understanding was that /etc/crontab by default contains
>
> 1   1   *   * *   root/usr/bin/nice -n20
> /etc/rc.dyndns.update
>
> (which means that the script only gets called at 01:01 AM each day), and
> changing that to
>
> */5 *   *   * *   root/usr/bin/nice -n20
> /etc/rc.dyndns.update
>
> would solve my issues. However, it does not work (any more?).
>
> When I log in to the GUI, I see the IP displayed in red, meaning it is not
> current.
>
> Logging into pfSense on the command line and executing
>
> fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address:
> \(.*\)<\/body>.*$/\1/'
>
> gives me the current IP, so I know that connecting to checkip.dyndns.orgworks.
>
> Hitting the "Save" button in the GUI will update the IP, so my credentials
> are correct, too.
>
> What do I have to change so that pfSense will contact checkip.dyndns.orgevery 
> 5 minutes, and will update the record when required?
> (Note that it should not blindly update every 5 minutes, as that would be
> considered abuse by most Dynamic DNS providers.)
>
> Kind Regards,
> Stefan
> __**_
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/**mailman/listinfo/list
>



-- 
= = =  http://michael-schuh.net/  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil:  0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] DynDNS troubles, once again

[Stefan Baur]

Hi list,

as previously mentioned on this list, I'm running my pfSense boxes 
within private address space, so they can't detect the WAN ip change on 
their own interface, as what they believe is their WAN ip is just 
another private address.


Therefore, I need to rely on the mechanism that connects to 
checkip.dyndns.org.


My previous understanding was that /etc/crontab by default contains

1   1   *   * *   root/usr/bin/nice -n20 
/etc/rc.dyndns.update


(which means that the script only gets called at 01:01 AM each day), and 
changing that to


*/5 *   *   * *   root/usr/bin/nice -n20 
/etc/rc.dyndns.update


would solve my issues. However, it does not work (any more?).

When I log in to the GUI, I see the IP displayed in red, meaning it is 
not current.


Logging into pfSense on the command line and executing

fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address: 
\(.*\)<\/body>.*$/\1/'


gives me the current IP, so I know that connecting to checkip.dyndns.org 
works.


Hitting the "Save" button in the GUI will update the IP, so my 
credentials are correct, too.


What do I have to change so that pfSense will contact checkip.dyndns.org 
every 5 minutes, and will update the record when required?
(Note that it should not blindly update every 5 minutes, as that would 
be considered abuse by most Dynamic DNS providers.)


Kind Regards,
Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list