Messages

Well this message is timely.

2 days ago I swapped my usual Protectli box with a Lenovo M700 tiny to which I had added an m.2 i226 based ethernet port.  Just checked firmware as per your message and mine has v2.17 firmware as well (see below).

[1] igc0: <Intel(R) Ethernet Controller I226-V> mem 0xdf100000-0xdf1fffff,0xdf200000-0xdf203fff irq 18 at device 0.0 on pci1
[1] igc0: EEPROM V2.17-0 eTrack 0x80000303

As it's working fine, I'm kinda reluctant to roll the dice on flashing new firmware.

I have a 2015 Sony TV running Android and shortly after installing Adguard Home I noticed that the Netflix and Vudu apps were connecting to domains (presumably sending telemetry) and my TV was contacting a Sony.net domain address also.  I blocked those with custom filtering rules in Adguard Home. Looking at my Adguard stats over the last 24 hours the TV has made over 5,000 connection attempts to reach Netflix and  I don't even have an active Netflix account.

Note: if you go this route you will probably need some firewall rules to force DNS queries through Adguard (or Pihole) as many embedded devices will use 8.8.8.8 effectively bypassing your Pihole or Adguard blockers unless you reroute DNS queries.  I also have 3 Roku devices and they do the same thing.

I use custom as my provider isn't on the drop-down list. Since yours is an available selection I'd stick with what you've got.  For server I think its just going to be dnsmadeeasy.com.  The username and password entries should go in the designated blanks. As I don't use your provider I'm not positive whether the record id is your domain name (but I suspect that it probably is) which means I'd put that value in the hostname field.

Did you create and save an entry on the Dynamic DNS settings page like screenshots below?

Did you enable it?
What do you see in the log?

Yes.  Add new lines to ddclient.conf with the dns made easy parameters outlined in the earlier message and (obviously) replace the placeholder labels with your real username password and whatever that record id parameter is.

Looking at the ddclient github site their master config file shows that it supports dns made easy (see required syntax below). 

## DNS Made Easy (https://dnsmadeeasy.com) ##
protocol=dnsmadeeasy,
login=your-account-email-address
password=your-generated-password
your-numeric-record-id-1,your-numeric-record-id-2,...


You may have to manually edit the ddclient.conf file located in the /usr/local/etc directory on your OPNsense box
to populate it with all of the required parameters.

Can't you just stop and restart the service from the Services: Dynamic DNS: Settings submenu?

I am running a similar setup using Adguard Home on a VM as my internal DNS server/adblocker. I used the info in the discussion at the link below to set everything up.

https://forum.opnsense.org/index.php?topic=22162

Maybe Clonezilla?

Not specifically listed in the Opnsense GUI but it is supported by the plugin. Select 'custom' for the service in the GUI.

I have attached a screenshot of my OPNsense Dyndns menu.  This minimal setup creates the initial ddclient.conf file.  After enabling and saving then manually edit the config file to match content from my first message.

Happy to help.  I use https://freemyip.com.

No need to register, just to go to the website and create the name of your domain and you will receive a token (save it!).

Below is a copy of my ddclient.conf file.  Enter your token on the password line and change the last line to match the domain name that you created.


daemon=360
syslog=yes
pid=/var/run/ddclient.pid
ssl=yes
verbose=yes
use=if, if=igb0
use=web, web=freemyip.com/checkip
protocol=freemyip,
password=YOUR_TOKEN
YOURDOMAIN.freemyip.com

I performed the upgrade this morning to 22.1.9 (which included an update to the ddclient plugin).  After rebooting I found that my existing ddclient.conf file had been replaced with a newly generated version which contained the content previously entered in the OPNsense web interface.  I had manually edited my ddclient.conf file as my provider uses a token which contains an ampersand and the OPNsense web form would not allow entry of an ampersand so had I not spotted this I would have been left with a nonworking configuration.

Heads up to all who have manually customized ddclient.conf, after upgrading  check your ddclient.conf  file located in /usr/local/etc directory.  Lucky I had a copy saved elsewhere that I could transfer to the OPNsense box.

True. You have to edit the ddclient.conf file directly.

[use=cmd, cmd="/usr/local/opnsense/scripts/ddclient/checkip -i pppoe0 -t 1 -s noip-ipv4",]

I've had good luck with using the 'web' method of checking IP.  As a test, comment out the below line in your ddclient.conf file:

use=cmd, cmd="/usr/local/opnsense/scripts/ddclient/checkip -i pppoe0 -t 1 -s noip-ipv4",


and insert these:

use=if, if=igb0
use=web, web=freemyip.com/checkip


Note: igb0 is my WAN connection, if yours is different you will need to adjust.