os-ddclient

[juantxorena]

Another problem I have and I haven't seen in the forum:

I'm trying to update both ipv4 and ipv6 with cloudflare. It only updates one of them, depending on the "Check IP method" I choose. It seems that we should be able to choose more than one method, or even better, read the IP locally.

[toxic]

I wanted to say, from my point of view the ddclient is way behind what is available in the dyndns plugin and I really don't understand who made the decision and why switch to ddclient only, "the world is using it" is, I believe, not a valid reason, especially given ddclient hasn"t seen a release in over a year and ther is definitely a lot less polish and integration into opnsense.

I just wanted to list some of my gripes with the ddclient :

• there is no widget for it on the dashboard
• it does not provide a way to check that the public DNS has the proper IP
• it doesn't play nice with multi-WAN and NAT
• there is no way to force an update
• settings are less granular (general verbosity vs per account, same for checkip provider)
• not all checkip providers that were supported are still provided

I've posted a PR on github (https://github.com/opnsense/plugins/pull/2883) that adresses this

I'm trying to update both ipv4 and ipv6 with cloudflare. It only updates one of them, depending on the "Check IP method" I choose. It seems that we should be able to choose more than one method, or even better, read the IP locally.

as well as at least one other item in my list (multiWAN&NAT), but I feel there is still significant work to be done to bring that plugin on-par with what we had before we force everyone to make the switch...

[Vesalius]

... before we force everyone to make the switch...

No one is forced now, nor will they be forced later.

https://forum.opnsense.org/index.php?topic=26446.msg130277#msg130277
https://forum.opnsense.org/index.php?topic=26446.msg130278#msg130278

[toxic]

https://forum.opnsense.org/index.php?topic=26446.msg130277#msg130277
https://forum.opnsense.org/index.php?topic=26446.msg130278#msg130278

That slipped under my radar, thanks a lot, will probably be useful ;)

Nevertheless, I'll still have to rename the menu entry to remove the legacy, and edit the views to remove the warning message ^^

So no one is forcing anyone but still encouraging quite a bit ;)

Anyway, I'm still trying to follow the lead and switch to ddclient and even helping out with PRs.
I just spent my afternoon discovering plugins in OpnSense so I was both annoyed at "having to do this" and happy to see how easily plugins can be written and take advantage of all the framework for GUI, backups, versioning...

Sorry if that came out as pure complaining from my part but the goal was also to highlight the stuff still remaining and hopefully get others involved in enhancing it. Just now realizing I should have toned down the complaining to hopefully catch more helpers ;)

[Steven]

@Stephen maybe you want to upgrade to 22.1.1 first and try again.

This has fixed my issue with not being able to input my username in ddclient. Working now. Thanks Franco.

[fields987]

Has anyone had success setting up cloudflare with an api token? If so, what's the secret? I got it to work with email address and global api key but I'd rather lock it down to a token that just has dns edit permissions. I've seen some conflicting posts regarding DDClients supportability of cloudflare api tokens.

[dirtyfreebooter]

Has anyone had success setting up cloudflare with an api token? If so, what's the secret? I got it to work with email address and global api key but I'd rather lock it down to a token that just has dns edit permissions. I've seen some conflicting posts regarding DDClients supportability of cloudflare api tokens.

ddclient does not support this. not in the released version anyways.

https://github.com/ddclient/ddclient/issues/361

[jpieren]

Hi
I'm trying to use with freedns and it does not work:
debug log:
root@OPNsense:~ # ddclient -daemon=0 -debug -verbose -noquiet
WARNING:  skipping host: <fqdn>: 'login=' is an invalid login.
WARNING:  skipping host: <fqdn>: 'login=' is an invalid login.

seems that it does not adhere to the freedns standart where no logins are required except a key in ip password (will then appedned in the web url).

please keep the current dyndns client since that works and introducoing such buggy version is just ridiclous.

[AdSchellevis]

@jpieren thank you for your valuable contribution. You can easily inspect the written configuration in /usr/local/etc/ddclient.conf ,which in case of freedns doesn't write a login field (https://github.com/opnsense/plugins/pull/2837)

[Vesalius]

please keep the current dyndns client since that works and introducoing such buggy version is just ridiclous.

os-ddclient is not officially being introduced until 22.7, which isn't happening until this summer. dyndns will not be deleted from your opnsense install with the upgrade to 22.7 either.

https://forum.opnsense.org/index.php?topic=26446.msg130277#msg130277
https://forum.opnsense.org/index.php?topic=26446.msg130278#msg130278

[IsaacFL]

Has anyone had success setting up cloudflare with an api token? If so, what's the secret? I got it to work with email address and global api key but I'd rather lock it down to a token that just has dns edit permissions. I've seen some conflicting posts regarding DDClients supportability of cloudflare api tokens.

Were you able to get it to work at all with ipv6 on cloudflare?

I could not get it to work even with Global api key, log seemed to indicate it was trying to send the ipv4 to cloudflare. I was using the interface method.

maybe you could post a how to if you did?

[xlf]

Dear OPNsense team,
dear OPNsense users.

regarding the ddclient issue: i have a very bad feeling.

Let me start by this: i came here because a friend of mine referred me to m0n0wall on pcengines boards somewhen close after teh year 2000. I have been running m0n0 - pf -OPNsense since then.

I originally stayed witho an older deprecated version of m0n0, because Manuel back then decided - for some obscure reason - to outrun and drop support for openVPN. That in turn yanked m0n0 out on one of my customers, since they needed road warrior VPN, so openVPn went to the linux box, the m0n0 got replaced by a terribly complicated and therefore less secure (more prone to mistake) and expensive semi-professional router/firewall, sold by german telecom, who could not be arsed to set it up properly with all the needed features. Privately, i stayed with m0n0 as long as needed, and the switched to pf a.s.a.p.
Do not get me wrong: I am still thankful to Manuel for the years and years of support and work he gave to the world! The decision with openVPN was wrong _from my perspective_, i didn't discuss and didn't hear or see his side back then or now.

I got away from PFsense to opnsense, well, i am not alone here, eh?

Now with the ddclient, i have the fear i run into a bit similar situation like back then with openVPN.

I haven't gotten too far into testing ddclient. Thanks toxic for pointing this out:

I just wanted to list some of my gripes with the ddclient :

• there is no widget for it on the dashboard
• it does not provide a way to check that the public DNS has the proper IP
• it doesn't play nice with multi-WAN and NAT
• there is no way to force an update
• settings are less granular (general verbosity vs per account, same for checkip provider)
• not all checkip providers that were supported are still provided

I run multi-WAN.

I run ipv6 with He.net.

I run my dns with gandi.


I fear i am completely in the sh**s with ddclient.

The underlying issue seems to be that neither ddclient nor the "old" software as packages seem well funded and set up in a sustainable way from an open source project perspective? Am i right?

Now, since the functionality is at the very core of, or let's call it hard requirement, for a router/firewall system: i can understand that the OPNsense team does not want to rely on a project, that is not in a good shape.

I dare to expect, though, that the team then acknowledge and address the issues arising, and make sure their replacement covers at least all  the use cases the old product had covered!

So, i'm all ok with deciso adopting whatever piece of dyn-dns project they decide to fit their process best. You need funding? I am willing to donate a bit. But only if i see gandi and HE.net, and with a reasonably smooth transition.

best regards to all

xlf

[franco]

> regarding the ddclient issue: i have a very bad feeling.

The neglect of many is the sum of your fears. Thinking maintenance and replacements are bad is usually what leads to the death of projects in the long run as witnessed here by a barely functioning DynDNS PHP project abandoned by its author almost two decades ago.  ddclient lost a lot over the years due to hundreds of thousands of users taking DynDNS for granted:

https://github.com/opnsense/plugins/blob/9351dec807c72669c216f1cd108d6d67affe67b8/dns/dyndns/src/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc#L67-L70

In other news the plugin verison 1.3 comes out tomorrow with the following changes:

* Add checkip settings per account using selected source interface when provided
* Add OVH DynHost to the DynDNS providers (contributed by toxic0berliner)


Cheers,
Franco

[STRUBartacus]

Could you please add ClouDNS? This has already been done in the original project:

https://github.com/ddclient/ddclient/pull/202

EDIT: As I just discovered, there is already a ticket for it:
https://github.com/opnsense/plugins/issues/2880

[meyergru]

One of the problems with missing IPv6 support might be that it must be enabled for ddclient explicitly.

I just opened an issue for that, it should be an easy fix: https://github.com/opnsense/plugins/issues/2895