Messages

Maybe you want to try cron for the update.

quite interesting indeed...

Everything you do seems to be exactly correct, so the fault must be somewhere else...

According to this thread, I am not the only one having this issue. And freedns is not the only service affected.

The old (working) os-dyndns has been deprecated two years ago and was finally removed. But nobody cared to get the new replacement os-ddclient to work properly.

Finally, (having two provider) I ended up with:

Code Select Expand


cat <<__EOF__  | sudo tee /etc/cron.d/dyndns >/dev/null
*/5 * * * * joe curl                 https://freedns.afraid.org/dynamic/update.php?<token0> # main dns, whatever can get out
*/5 * * * * joe curl --interface re1 https://freedns.afraid.org/dynamic/update.php?<token1> # dns1, WAN,  vodafone
*/5 * * * * joe curl --interface re0 https://freedns.afraid.org/dynamic/update.php?<token2> # dns2, OPT1, telekom
__EOF__


This has the disadvantage, that it won't catch up if interface goes down/up, but needs up to 5 minutes to catch up.
Another disadvantage is that it puts unnecessary load onto the dns provider, since it will do the update even if the address has not changed.

But at least, it WORKS.

[both]

Then, to get the TV working I have to run:

Code Select Expand

udpbroadcastrelay --id 1 --port 1900 --dev lan.20 --dev lan.30 --multicast 239.255.255.250 --msearch dial -d -s 1.1.1.2

Just curious: have you set up firewall rules such that source:port (which should be unicast, IMHO) of those packets can be reached accross the networks?

To get the Roku to work I have to run:

Code Select Expand

udpbroadcastrelay --id 1 --port 1900 --dev lan.20 --dev lan.30 --multicast 239.255.255.250 -d

I tried running both commands with a different ID number but this caused a multicast flood.

When running both commands with different IDs, both instances receive all the the traffic to 230.355.255.250:1900. This includes traffic from the other instance, respectively. Thus, packets sent by one instance are received by the other instance and will be re-sent on all configured interfaces by the other instance (if not filtered by --msearch). This results in the two instances playing ping-pong with packets containing the --msearch string, effectively flooding the networks.

The clean way to get this working would be to have only one instance and let the result of --msearch decide whether source address/port is to be preserved or replaced instead of completely discard the packet.

I just digged through this thread, and found more contradicting suggestions:

Code Select Expand


mDNS (Chromecast/Apple Bonjour)
224.0.0.251:5353                 -s1.1.1.1
224.0.0.251:5353 224.0.0.51:5353 -s1.1.1.1
224.0.0.251:5353
224.0.0.1:5353

SSDP (UPnp/DLNA Media)
239.255.255.250:1900
239.255.255.250:1900 -s1.1.1.1


So it seems you are not the only one having this problem. You're just the first one who did a systematic analysis of the problem.

PS:
To be honest, I have a hard time to understand what this 1.1.1.1/1.1.1.2 is good for and how it is supposed to get things working.

Without this mangling, the receiver will respond to the original unicast address:port. As long as receiver can do unicast with the original address:port (check firewall rules), communication should work, IMHO. All is good.

OTOH: having this -s mangling in place, UDPBR would put its own interface-address (which would be UNICAST) (and port with 1.1.1.1) into the packet. Unless it also listens to this address:port and remembers to forward traffic to the address:port which were sitting in the original packet, I don't see how this is supposed to work. Have just done a quick glance on the source and I don't think UDPBR is currently doing this forwarding.

So, if I understand things correctly, this -s option is only good for breaking things. Please correct me if I am wrong.

Please double-check that both sides can properly do unicast-communication for the ports/protocols they need to the other side.

Please help me get a better understanding about the topic by confirming and/or correcting some questions:

- UDPBR obsoletes Avahi, IGMP-proxy, mDNS and SSDP (if setup correctly)

- UDPBR obsoletes pimd in the simple case when there is only one router

- For proper operation, multicast depends on IGMP reports to join/leave MC-groups. Is UDPBR involved in this IGMP thing, or is this handled by the kernel?

- UDPBR does NOT depend on the setting of ip_mroute in the kernel, because it actively copies the packets in user-land?

(Edit: typo)

Perhaps because it's RTP and not UDP?

Not sure I understand what you try to tell me :)

You are about the video data? IIUC, tcpdump says this is UDP:

Code Select Expand


IP (tos 0x0, ttl 10, [DF], UDP)  192.168.12.101.47386 > 239.255.1.2.5004: UDP

And this is consistent with Wikipedia, where it is stated that RTP runs over UDP.

But maybe I simply misunderstood your reply?

Hi,

me also need some help to get multicast working across VLANs.

As a test, I'd want to serve an video, like this:

Code Select Expand


cvlc  BigBuckBunny_320x180.mp4  --sout "#rtp{dst=239.255.1.2,port=5004,ttl=10,mux=ts,sap,name=Bunny}" --no-sout-all --sout-keep --loop


Being on the same VLAN, I can see this video with:

Code Select Expand


vlc rtp://239.255.1.2:5004


When server and client are on the same VLAN, tcpdump shows me:

• SSDP and mDNS, advertising all kinds of services
• IGMP queries and reports, which show that the clent has actually joined the 239.255.1.2 group
• the video data on 239.255.1.2:5004

So I set up udpbroadcastrealy like this:

Code Select Expand


udpbroadcastrelay --id  2 --dev re2 --dev re2_vlan10 --dev re2_vlan12 --port 5353 --multicast 224.0.0.251 -s 1.1.1.1 -f
udpbroadcastrelay --id  1 --dev re2 --dev re2_vlan10 --dev re2_vlan12 --port 1900 --multicast 239.255.255.250 -s 1.1.1.2 -f
udpbroadcastrelay --id 20 --dev re2 --dev re2_vlan10 --dev re2_vlan12 --port 5004 -f


All the interfaces have firewall rules to pass everything. Even set "Allow IP options", which is advised to be set so that IGMP messages can be passed.

AFAICS, SSDP, mDNS and the video stream should be forwarded across the VLANs. But unfortunately, I don't see anything.

Any idea what I might be doing wrong here?

Can I advise udpbroadcastrelay to tell what it is receiving?

Thanks!

had it worked ever before?

It was working a long time ago with an old install of opnsense

It is still working with fully upgraded pfsense

It also works when I invoke the url with wget/curl

It does NOT work with this fresh opnsense 24.1.1 install.

Other question, your log reads "Could not authenticate", maybe wrong password, username, typo, ...?

I copy+paste user and password from keepassx. So I don't see how a typo could hit me.

Also try to put in your username instead of your email address (freedns account).

Tried both

Could you log in at freedns?

Had to log into freedns to change from v1 to v2 and back again.

So yes, the credentials are correct.

Thanks for your suggestion, @wirefall!

Unfortunately, this also don't work:

Code Select Expand


2024-02-12T22:10:47 Notice ddclient FAILED: updating my.do.main: failed to get record list from https://freedns.afraid.org/api/?action=getdyndns&v=2&sha=<credentials>: ERROR: Could not authenticate.
2024-02-12T22:05:44 Notice ddclient FAILED: updating my.do.main: failed to get record list from https://freedns.afraid.org/api/?action=getdyndns&v=2&sha=<credentials>: ERROR: Could not authenticate.
2024-02-12T22:00:37 Notice ddclient WARNING: Wait at least 5 minutes between update attempts.
2024-02-12T22:00:37 Notice ddclient WARNING: last updated <never> but last attempt on Mon Feb 12 21:57:47 2024 failed.
2024-02-12T22:00:37 Notice ddclient WARNING: skipping update of my.do.main from <nothing> to xx.xxx.xx.xxx.


Tried both, version 1 and version 2

Hi all.

did a fresh 24.1 install these days and updated to 24.1.1.

Unfortunately, I could not get freedns working with new os-ddclient implementation.

Tried virtually all permutations of:

Backend: native/ddclient
Service: custom
Username: freedns-account/token/domainname
Password: freedns-pwd/token
Hostname: domainname/token/update-url
Check-IP-Method:

Keep getting errors like this:

Code Select Expand


2024-02-12T02:37:10  Error  ddclient  Account xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx [custom - ] failed to set new ip XX.XX.XX.XX [401 - Unable to authenticate with that user/pass combo]   
2024-02-12T02:35:06  Error  ddclient  Account xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx [custom - ] failed to set new ip XX.XX.XX.XX [401 - Unable to authenticate with that user/pass combo]   
2024-02-12T02:20:39  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T02:20:29  Notice ddclient  WARNING: Wait at least 5 minutes between update attempts.       
2024-02-12T02:20:29  Notice ddclient  WARNING: last updated <never> but last attempt on Mon Feb 12 02:15:48 2024 failed.     
2024-02-12T02:20:29  Notice ddclient  WARNING: skipping update of sub.do.main from <nothing> to XX.XX.XX.XX.       
2024-02-12T02:15:52  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T02:10:48  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T02:05:45  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T02:00:42  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:55:39  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:50:36  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:45:33  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:40:30  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:35:26  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:30:23  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:25:20  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:20:17  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:15:11  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:10:07  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:10:07  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:05:03  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:00:00  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:54:55  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:49:52  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:44:49  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:39:47  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:34:45  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:29:41  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:24:38  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:19:32  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:14:30  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:09:27  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:04:25  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:59:21  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:54:18  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:49:16  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:44:14  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:39:12  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:34:07  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 


Any hints?

This looks promising.

But it works only with the webgui accessible?

I am looking for a way to configure from the WAN side without exposing the webgui to the WAN.

So the idea was to log in via ssh to do the config

Thanks, that was it!

Sorry, I don't understand...

How can I activate the privileges?

The account is enabled, and it is member of "admins" group.

Hi,

I created a user for ssh acces and have populated its authorized_keys file.

When I try to log in, I get this message:

This account is currently not available.

So, how would I activate this account?

Thanks for the info.

It appears that DSA keys are inherently insecure, so it's better not to activate them.

I think API would be even better than CLI.

Do you have any pointer to the API? Don't need to be polished docs. Just something where I could start looking into it would be great!