Messages

Unfortunately, my last statements/explanations do not work as desired.
I tried out a bit more and got stuck on the magic word "active" gateway. There is a setting under System -> Settings -> General at the bottom called "Gateway switching". If you switch this on, the ddclient works with only 1 entry with the interface "none".

Addendum: It works for me even if I configure only 1 DDNS for WAN 1 and only 1 rule on the WAN 1 interface with gateway <group gateway>. I think it works because the so configured periodic DDNS service always sends its check-ip-method over the WAN 1 interface and this request is then always routed over the <group gateway> because of the firewall rule.

Thank you very much for your detailed explanations. These where very helpful to understand what happens.
But using your proposal for the firewall rule it doesn't work for me.

Therefore I set up the following configuration (a little modification of your guide):
- Set up DDNS for WAN 1 with Check ip method "nsupdate.info-ipv4"
- Set up DDNS for WAN 2 with THE SAME Check ip method "nsupdate.info-ipv4"
- Create Firewall->Alias "check IP - WAN Failover" with Type = "Hosts(s)" and Content = "ipv4.nsupdate.info"
- On Firewall settings on BOTH Interfaces WAN 1 (primary) and WAN 2 (secondary) create a rule how you described with Action="Pass", "Drection="out", Destination="check IP - WAN Failover" BUT WITH Gateway = <Your Group Gateway> (this entry is located under System->Gateways->Group if you are using Multi-WAN)
- Move the 2 new rules to the top of the list of rules of the interfaces

That works for me.

I explaine this for me so, that the firewall rules takes care of all enquiries are routed by the group-gateway (which coordinate the both WAN-gateways).

Thank you very much again!

Can you please post more detailed configurations?
I tried it as you described on July 25, 2023, 12:41:26 pm. But as soon as I enable both DDNS entries, no IP address update happens.
For the firewall rule, I'm not sure what the gateway settings "set gateway to secondary WAN / GW to monitor" mean. As I understand it, the rule is supposed to block the connection on the primary WAN interface.
Does this mean that the DDNS update for secondary WAN fails as long as the primary gateway is active and after the primary gateway is gone the DDNS update for secondary WAN runs via the secondary gateway (since this is then the only/primary one)?

Hello,
It seems that with the OPNsense 23.7 release or at a later date the os-dyndns plugin is no longer supported or even deleted.
It is advised to use the os-ddclient plugin. However, you cannot specify the interface or gateway "WAN Failover" as "Interface to monitor" there. But this works with the plugin os-dyndns.

My question now: How and with which DynDNS plugin can I achieve that it is always searched via the gateway "WAN Failover"?

Many greetings
Martin

Hello,

I would like to configure an OpenVPN-Server on OPNsense which routes all traffic through the tunnel but the OpenVPN-User should NOT have access to the internal LANs.
You only can restrict the local networks while "Redirect Gateway" is not checked.
Is that possible? Currently I have on firewall settings the rule for OpenVPN to allow all. Are special firewall rules the soulution?
Has anybody an idea to configure this?

Martin

I use the new OPNsense 22.7 and newest os-ddclient 1.8 because os-dyndns is legacy and will be removed.

I have the problem that the new os-ddclient is not working by using WAN failover.

I tried to use the recommended new os-ddclient plugin with my WAN-Failover-Gateway-Group setting. But there is no choice to select WAN-Failover-Interface on the setting "Interface to monitor" during configuration. You can choose "Interface to monitor" = none , but this has no effect. The host will not be updated when the WAN failover is switching.

In contrast to it, the legacy os-dyndns plugin had supported this option.

Has somebody similar problems? Is there a solution (planed)?

I have the problem that the new os-ddclient (1.4) is not working by using WAN failover:

I tried to use the recommended new os-ddclient plugin with my WAN-Failover-Gateway-Group setting. But there is no choice to select WAN-Failover-Interface on the setting "Interface to monitor" during configuration. You can choose "Interface to monitor" = none , but this has no effect. The host will not be updated.

In contrast to it, the legacy os-dyndns plugin had supported this option.

Has somebody similar problems? Is there a solution (planed)?

I tried to use the recommended new os-ddclient plugin with my WAN-Failover-Gateway-Group setting. But there is no choice to select WAN-Failover-Interface on the setting "Interface to monitor" during configuration. You can choose "Interface to monitor" = none , but this has no effect. The host will not be updated.

In contrast to it, the legacy os-dyndns plugin had supported this option.

Has somebody similar problems? Is there a solution (planed)?

Thank you, that's it! 

Regards,
Martin

Thank you, but that didn't do anything.

Hello,

changing the language at ,,System -> Settings -> General -> Language" for example from "German" to ,,English" has only effect on the login screen but no effect inside (version is 22.1).
The language remains German.

Is there a solution for this?