Dynamic DNS is broken with multi-wan setup (more information)

[patrick3000]

I posted about this a few days ago, but I have since learned more about the problem. I have recently switched from PfSense to OPNsense. Everything is great and works fine except for dynamic DNS. I have a multi-Wan setup, with a primary WAN (called WAN) and secondary WAN (called WAN2), gateway groups, and failover. I also have dynamic DNS to access the router from the public Internet for both OpenVPN and a Nextcloud server.

The problem is that, with dynamic DNS, when I specify that I want to monitor the WAN interface, the public IP address of the WAN2 interface is passed to the dynamic DNS provider. I have now learned that this happens whether I use NO-IP, my original dynamic DNS provider, or dyndns, a different dynamic DNS provider that I signed up for today. So, it probably happens no matter which dynamic DNS provider is chosen.

In sum, this is a rather substantial bug. With a multi-WAN setup, the plug-in for dynamic DNS, which is os-ddclient, returns the IP address of only one WAN interface, no matter which WAN interface is specified for monitoring.

I also conjecture that the WAN interface whose IP address is returned is whichever interface appears in the first position under "system," "gateways," "single," which in my case is, apparently by chance, WAN2 rather than WAN.

This problem was discussed in a post on github last year: https://github.com/opnsense/plugins/issues/3076.

Currently, I am monitoring my public IP address on a Windows machine sitting inside the LAN network for purposes of dynamic DNS, but this is an imperfect solution. Does anyone know of a better workaround? Additionally, does anyone know how to report bugs for possible correction in future releases of OPNsense?

[patrick3000]

Tentatively, I might have found a solution. Under "Dynamic DNS," "Settings," "General Settings," there is an option to configure something called "backend," with two options: "ddclient," which is the default, and "OPNsense." Changing the backend to OPNsense appears to have forced NO-IP to update to the IP address of the correct WAN interface. I need to do more testing, but tentatively, it seems that this may fix multi-WAN dynamic DNS.

I don't understand what "backend" means and couldn't find any documentation on it, but I'm cautiously optimistic that it solves the problem.

[franco]

Backend support was added to avoid dealing with ddclient software directly over quality concerns. It's a simplified Python implementation and supports different services via 3 modules: dyndns2, azure and cloudflare (as of 23.1.6).

But 23.1.6 also fixes issues with ddclient interface selection and upstream software fixes not yet released properly but that help with the situation.. some people forgot to select an interface after choosing IP check method "Interface" which doesn't work so well..


Cheers,
Franco

[patrick3000]

Thanks for the information. I'm glad that they added the OPNsense backend, which so far appears to be working properly with my multi-WAN setup, at least with NO-IP as the dynamic dns provider and "Interface (IPv4")" as the check method.

With the ddlcient backend, multi-WAN does not appear to work properly no matter what check method is chosen, "interface" or anything else. I suspect that the ddclient backend is probably fine for single WAN setups, however.