Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Ph0enix

#1
Thank you for the pointer. I have not used Caddy yet but that could a good reason to explore.
#2
24.1, 24.4 Legacy Series / Dynamic DNS for Porkbun
March 28, 2024, 08:12:20 PM
I'm trying to configure DDNS for porkbun and some questions came up without a lot of answers on the Internet.

I have `os-ddclient` installed, configuration for `duckdns` and for `Hurricane Electric` works fine, to be fair for both of these I was able to find step-by-step guide how to set it up for OPNSense.

Porkbun has its own API: https://porkbun.com/api/json/v3/documentation#DNS%20Edit%20Record%20by%20Domain,%20Subdomain%20and%20Type
They also have a script that is deprecated: https://github.com/porkbundomains/porkbun-dynamic-dns-python/tree/main

I was able to verify that it works by executing a curl that looks like this:
`curl -H "Content-Type: application/json" --request POST -d '{"secretapikey": "sk1_XXX", "apikey": "pk1_XXX", "content": "192.168.0.200"}' https://porkbun.com/api/json/v3/dns/editByNameType/root.domain/A/sub1.sub2`

Notice that the domain I want to update looks like `sub1.sub2.root.domain`

Is there a way to make it work with `os-ddclient` somehow?

Eventually I had some success by using `porkbun` service with `ddclient` backend. However if I use more than 1 level of subdomain it considers the rest as root domain and returns an error, e.g. `sub2.root.domain` is not correct. Native `ddclient` has an option `root-domain` but I can't figure out how to set it via OPNSense WebGui. Adding it to `ddclient.conf` manually also did not help, perhaps it did not reload the config though.

Alternatively I thought using `custom` + `Custom POST` would allow me to what I wanted but then I can't figure out how to feed it the data part of the query. Help suggests that I should use the link `https://porkbun.com/api/json/v3/dns/editByNameType/root.domain/A/sub1.sub2` as the `server` but `data` part where I would provide the keys and the content is still a mystery. I tried looking at `/usr/local/etc/ddclient.json` but could not see anything resembling the data part of a `POST` request.

Am I missing something or is the built-in dynamic DNS not flexible enough to accomplish what I need?

Additionally what I'd like to know is if it's possible to use a different gateway to determine the IP address. I have a VPN tunnel, there is a corresponding GW. The GW has an internal wireguard IP. not an exit IP. So if setting the `interface to monitor` to the GW in question would send the quesry for a service like `freedns` through that gateway.

In the end it appears that to accomplish what I want it might be easier to set up docker containers that would sit on different subnets and  run the services to update the domains behind my WAN and my WAN_VPN. However having all that running on OPNSense would mean a bit less clutter.
#3
Quote from: Mega32 on October 30, 2023, 08:51:32 PM
Do you use VirtualBox ?

No, it's in VM running on Proxmox.
#4
Quote from: franco on October 30, 2023, 08:31:20 PM
Sounds like a case requiring to enable Firewall: Settings: Advanced: Disable force gateway.

Thank you for the suggestion but that did not help. I'm also not quite sure why it would help since the connection is within a single network so there is no routing involved.
#5
I'm testing in a VM. And I have another VM through which I can access the GUI via LAN network.

I could in theory arrange for my PC to get on the LAN network behind OPNsense but that's not the point of the current exercise. The point is to understand why setting up direct access to GUI does not work.
#6
I'm doing some testing and I have an instance that is on my local network. The WAN interface is on my local interface and LAN has a different local network behind it. My PC is on the same local network as the WAN interface so it's convenient to access the GUI from that interface. At this point it's also about understanding what's missing for that to work.

Upon doing some research I've done the following:
- System -> Settings -> Administration -> Listen Interface == "All (Recommended)"
- On the same page I switched to `HTTP` just to make sure there are no HTTPS issues involved.
- Interfaces -> [WAN] -> "Block private networks" is unchecked
- Firewall -> Rules -> Wan. I added the rule to allow all the incoming traffic on the interface (IPV4+6, any source IP, any port, etc.), obviously not something to keep in production, just for testing. Same rule for outgoing traffic.

It appears that now the connection is not fully blocked but I get `The connection to the server was reset while the page was loading.` when I try access it via WAN interface. Works fine through LAN interface. If I disable the rule that allows all incoming traffic I get timeout so the firewall rule seems to allow the traffic to go through but there is something else that interferes with the connection.

If I execute `pfctl -d`then I can access the GUI via WAN.

What am I missing and what else needs to be configured to make it work?

I also tried to check some logs but I could not find any relevant connection attempts, maybe I need to increase the verbosity of the logs? In any case some pointers on how to investigate the issue would be appreciated as well.