News:

Welcome to the Home Network Guy forum!

Main Menu

Recent posts

#11
Troubleshooting / Re: Info - Debug Logs just sta...
Last post by osopolar - March 16, 2023, 03:56:32 AM
HI
Yes you help me several months ago to get some of the setup running.
I have as mentioned the following
Available Range 192.168.23.1 - 192.168.23.254:-

Within the Available Range i have Static Leases 192.168.23.1 - 192.168.23.9 I have my OPNsense & Wifi Router Static
Range Set from 192.168.23.10 - 192.168.23.99 This is for OPNsense to dish / allocate out IP's
Within the Available Range i have Static Leases 192.168.23.100 - 192.168.23.254

The latter (192.168.23.100 - 192.168.23.254) are set manually by me in OPNsense by me is that the correct way?
I had to do it like this as in this range the devices are heavily tied into a Home Assistant yaml automation files and addons so i didnt want to change every file or search looking for the IP addresses i have used for years.

My only question was you mentioned " "automatic DHCP leases" enabled rather than a static IP defined on the client itself. "
What do you mean by defined on the client itself ?

#12
Troubleshooting / Re: How to register a DN and s...
Last post by Home Network Guy - March 14, 2023, 11:21:16 AM
I think there may be some confusion on using DNS servers to look up IP addresses for domain names and using your own domain name to access your networks.

Either end of your networks can use any DNS servers they like to perform DNS lookups. You do not need to set your upstream DNS servers to the same place where you have your domains registered. You can use Google's DNS of 8.8.8.8 to look up your domain name which is registered through GoDaddy to find the IP address of your networks you are trying to access.

You need to make sure both networks can access an external DNS server like Google, Cloudflare, etc before you can properly resolve the IP addresses you set on your domain name. That means you need to have your VPN configured so that DNS will work for any clients behind the VPN. Verify that both networks can access DNS properly before moving to the next step of troubleshooting.

For your domain name, you just need to set the IP address of the main domain or any subdomains you have created. If your IP address(es) are dynamic, you can use a DDNS client like you suggested to keep them up to date. If you are testing stuff out, you can of course manually set the IPs until you can figure out how to properly configure your DDNS clients.

DNS is one of those things you are better off minimizing the complexity involved because it may very well bite you and make it difficult to troubleshoot what is happening in your networks.

You may want to use the bare minimum DNS first to get things working (such as using the built-in Unbound DNS in OPNsense) rather than Pi-hole. Once you get that working, then you can move over to Pi-hole. I find it easier to get the basic functionality working first and then add one new change at a time until I have everything configured how I want. The reason is that I know for sure which changed broke the configuration and then I can roll back to try again (or try something else).
#13
Troubleshooting / Re: Info - Debug Logs just sta...
Last post by Home Network Guy - March 14, 2023, 11:06:58 AM
Do you have static DHCP reservation for devices with static IPs or manually configured on each client? Those clients which you set as a static DHCP reservation in OPNsense will still send a DHCP request because those clients have "automatic DHCP leases" enabled rather than a static IP defined on the client itself. It still has to get the IP address just like dynamic IP assignments except you're telling OPNsense to always hand out the same IP address to the client with a static DHCP reservation configured.

It is normal to see DHCP requests every couple of minutes when you have several clients on your network. I believe the DHCP log page is set to "warnings" by default because that log is spammy due to how often DHCP requests occur on the network.
#14
Troubleshooting / Re: How to register a DN and s...
Last post by Shaggy1 - March 13, 2023, 10:05:47 AM
Hi

Thank you very much for your reply and apologies for not acknowledging earlier, I had thought there were no replies on this.

That gives me a good top level starting point.

So ignoring ddns for now in my current setup, where my pihole points to my VPN suppliers DNS, how would dns look up from my LAN for an external DN look ? I'm thinking something like:
-> Pihole -> my (NordVPN) DNS -> ISP DNS direct ? or forwarded to DNS hierarchy? -> resolution
Not sure if the NordVPN DNS 'knows' my ISPs DNS directly (possibly something in the client config?) or whether it simply forwards the query on to what ever set of servers it uses)
?

I have now registered a DN with an external supplier (GoDaddy) whose A-Record I have pointed (for now) directly at the WAN ip address of the router.
(I have also set up port forwarding for access to a test web server on a local device and can now access that (well at least from my neighbours network) using my registerd DN). 

So accessing from an external network dn look up would go something like:
<type in my DNS> -> GoDaddy DNS -> resolved to my router WAN address (via the DN A-Record I have set)

Would that be about correct ?

I believe the actual set up I am looking for will require changes which is really a question for a separate post, but as a side point, if I set my pihole to point directly to my godaddy DNS do you know if DN lookup queries from my LAN should still work ? Or is there something about using a vpn (for example DN queries are also encrypted) that requires me to send DN lookups via the VPNs DNS ?
#15
Troubleshooting / Re: Info - Debug Logs just sta...
Last post by osopolar - March 12, 2023, 06:51:51 AM
Let me explain how i set it up and was advised it would be ok.
Avaiable Range 192.168.23.1 - 192.168.23.254
Range Set from 192.168.23.10 - 192.168.23.99 This is for OPNsense to allocate out
Within the Avaiable Range i have Static Leases 192.168.23.100 - 192.168.23.254
Within the Avaiable Range i have Static Leases 192.168.23.1 - 192.168.23.9 I have my OPNsense & Wifi Router Static
I only see 20 to 30 items being used within 10 to 99 but the logs are showing IP set in the static lease area !!

https://i.imgur.com/rhWEsnz.png
#16
Troubleshooting / Info - Debug Logs just started...
Last post by osopolar - March 11, 2023, 04:16:58 AM
HI Guys

I have had OS running for a few months with help from here and it has been solid no logs nothing.
I have not messed with it but i have started seeing logs popping up do i need to do anything to fix the issue?

Info Logs 100's like this over past few days



I only ask as my other friends with OPNsense do not see these logs

Main message x 55000 times see https://i.imgur.com/V7WYMDR.png

Other Info https://i.imgur.com/XoJSCLO.png

Debug message https://i.imgur.com/yO1eTLI.png
#17
Troubleshooting / Re: How to register a DN and s...
Last post by Home Network Guy - February 21, 2023, 10:39:01 PM
Sorry for the delay!

There are a few things to note in all those details:

1. DDNS is simply a service that updates the IP address for the A or AAAA records of your domain name registrar. That is all it does. DDNS services are not involved in any DNS lookups -- it simply updates records of where you purchased your domain name. That's how DNS lookups know which IP address to use for particular domains/subdomains.

2. DNS is essentially a chain of servers: your devices will perform a DNS lookup using your local network DNS server (if you are hosting DNS on your local network, such as Pi-hole like you mentioned). If your local DNS doesn't know the answer, the DNS query will be recursively performed until one of the upstream DNS servers knows the answer to the DNS lookup. At the highest level you have DNS root servers. They are the last stop at resolving DNS queries. If it can't resolve the query, then it returns a response that nothing was found for that domain name. Of course there is lots of DNS caching that takes place so that the root servers don't have to be queried as frequently. I'm not a DNS expert so my explanations may be a bit crude or not 100% correct... the important takeaway is that if your local DNS server can't resolve a domain name, it will use an external DNS server that you have configured (your ISP DNS servers or whatever you have configured as the upstream DNS server in Pi-hole.

3. If your router has NAT reflection enabled, you should be able to access your internal server using the external domain name since it will recognize you are trying to access a local IP address. I actually prefer to use split DNS (or split horizon or split brain DNS, it has several names) since I can create a DNS override that allows me to specify my local IP address for a particular host/domain name. This is more efficient than a redirect and it allows you to directly specify where you want to a host/domain to point to.

I hope this helps you get started. Let me know if you have other questions!
#18
Troubleshooting / How to register a DN and setup...
Last post by Shaggy1 - February 18, 2023, 10:37:16 AM
Hi

I have a home setup which uses a dd-wrt router hooked up via pihole dns which sends traffic over a vpn.
I have set things up such that I can access the web server from an external site using my WAN ip address (or the DN url I get by doing nslookup on that adddress)

I'd now like to be able to access a web server running on my local LAN using a DN, but am struggling to understand how this would work and what information I need to do this

I was wondering if anyone might be able to clarify first how this fits into the network infrastructure and second what information I need to give to the DN and DDNS providers to set it up.

From my searches as I understand it the setup should work something like this:
When a request for your DN (the external DN you registered with the DN hosting company) is made from an external network it is sent to the local DNS which sends it down the DNS hierarchy until your local (in my case my ISP DNS) receives the request.
This then forwards it to the DDNS server (that you registered with), which maps it to the WAN ip address of your router and sends the information back to the DNS. The DNS then knows the ip address to route to and the request is received at the WAN side of the router.

There is a DDNS client running on the router which continuously feeds the DDNS server with information about the ip address for the domain, so if the ISP changes the WAN IP the DDNS knows about it and things continue to carry on working (the home DN is still mapped to the correct ip address)


Is that roughly correct ?

Given that is the case:
How does the my ISP DNS know which DDNS server (i.e the DDNS I have registered with) to forward it's request to ?
What information do I need to provide to the DDNS service provider ? just the domain name I buy from the DN provider ?
Do I need to provide any DDNS information when I register the domain name for my host network ?
Is it important which I do first - register the domain name or register with a DDNS service ?
Given my router uses pihole for DNS should my DDNS client be running on the router or on pihole or does it not matter ?

#19
Troubleshooting / Re: Network novice - 2 private...
Last post by Home Network Guy - January 28, 2023, 08:38:15 AM
If you have the WAN interface set up to use DHCP, clients on your LAN should be able to access the internet since it should use the DNS server of the WAN address and use the WAN interface to get out to the Internet.

One thing you may have to check is to make sure the WAN interface blocks private network addresses since that may block your LAN from accessing the Internet. I don't think consumer routers do that but maybe newer more feature rich consumer routers may do that to potentially improve network security (since if the router is directly connected to the Internet, it should not have any private IP addresses coming from the public Internet).

In OPNsense for example, you have to allow private IP addresses on the WAN interface if you are running behind another router.
#20
Troubleshooting / Re: Network novice - 2 private...
Last post by tudo - January 28, 2023, 12:22:20 AM
I have inserted my personal router after the building's network.  I now need some advice how to access the Internet from the LAN clients on my personal router.  The WAN port of my personal router has an IP of 10.31.1.166 and i have set the DHCP server on the LAN side to allocate clients from 172.16.0.1 range.  I did this to ensure my private network to have isolation from the building's private network.

How do i configure the router so the 172.16 clients use the 10.31.1.166 address to access the Internet or is this even possible?  I have tested the building's Internet access by plugging the cable from their wall socket into a PC and could browse the Internet successfully.  Thanks.