DynDNS på HA Pfsense med dynamiskt ip på wan

This is a short guide i found how to run CARP when not having access to a static IP in the internet side for the gateways.

 

0) We are assuming that the first CARP VIP you have defined on both pfsense boxes is for the ”master” (in normal condition) and the second VIP is for the ”backup” (in normal condition). As a result, CARP interfaces are something like xxx_vip1 and xxx_vip2

1) Setup 2 dyndns names, respectively the master and the backup FQDNs (be careful, the order matters) on both the ”master” and the ”backup” pfsense boxes

E.g.:

pfbox1.dyndns.org (master pfsense)
pfbox2.dyndns.org (backup pfsense)

2) Modify file rc.carpmaster adding the following at the end of it:

/* Start DynDNS for CARP nodes */
$config['dyndnses']['dyndns'][strval((int)(SUBSTR($argv[1],-1)-1))]['enable'] = true;
write_config();
shell_exec("/etc/rc.dyndns.update");

3) Modify file rc.carpbackup adding the following at the end of it:

/* Stop DynDNS for CARP nodes */
$config['dyndnses']['dyndns'][strval((int)SUBSTR($argv[1],-1)-1))]['enable'] = false;
write_config();
shell_exec("/etc/rc.dyndns.update");


Explanation:

The above mentioned scripts trim the VIP interface name extracting its interface number (e.g. ”xxx_vip1”->1), that becomes an index to access every pfsense’s DynDNS table, enabling/disabling the service update for the given box, so there should be a 1:1 relationship between overall VIPs and DynDNSes sequence, being them defined in the same way on all the CARP boxes. Due to current code, this trick can support up to 9 pfsense systems, with related VIPs and DynDNSes (tested on nanobsd 2.1.5-release i386).

Kommentera