Solved

DynDns with VPN creating problems

Posted on 2011-09-08
21
875 Views
Last Modified: 2012-05-12
I just setup a remote computer with dyndns client and the host has been reporting correctly.  I recently created a VPN connection on that computer to my home network and it kicks in at boot-time.  Everything was working great!

However, I notice that the host/broadband DNS address for the remote computer is the same as my home network's.  For some reason DynDns is picking that up when the remote computer is connected in to my home network via VPN.

Any ideas?

Thanks for the assistance!

Dave
0
Comment
Question by:dlmille
  • 12
  • 8
21 Comments
 
LVL 9

Accepted Solution

by:
jeff_01 earned 200 total points
ID: 36508530
Hi there,

It would probably be best to set the DYNDNS settings in your gateway device if it has that functionality. Otherwise is there another device on that network that can install the dyndns updater client that does not boot straight into the VPN?

Another work around is to add a static route to the checkip.dyndns.org IP on your PC but if they change the IP address then the solution fails until you update the static route.





0
 
LVL 41

Author Comment

by:dlmille
ID: 36508560
I see what you're saying.  Don't have that functionality on the 2Wire Gateway Router, though I do on my home network, but opt out as I like the dyndns features of checking online the status, etc.

However, since this is task initialized, I suppose I could make it run the dyndns client as the SECOND step, after ensuring my Wireless is up on the remote computer, THEN as the THIRD step initiate the RASDIAL command.

I was noticing that at times I could'nt VPN in, then - the next day, or hours later, I could.  Having it boot up straight to VPN as soon as it could, rather than wait/delay after someone logged in clued me in to maybe it was failing before this - at the point of the dyndns client doing its work.

I didn't have this problem in Vista on the remote computer (or, frankly, never thought I did - and I had it running for about a year), which had the logon, delay, and check status every 30 minutes to rerun RASDIAL (in case the VPN came down).

Is this a Windows 7 issue, or the fact that I'm starting VPN so soon. What I'm asking is if I follow the 3 step process articulated above, will I just run into this problem again?

Should I turn off the schedule on the client updater, and update the dyndns client, after taking VPN down, then bring VPN back up?  I can schedule that at unlikely-to-be-needed times...

Dave
0
 
LVL 12

Expert Comment

by:asidu
ID: 36508770
What version of DYNDNS client your are using ?
If its an old version get the latest one from their site. It will perform better with many bugs patched.

You should check the setting of the DYNDNS client program. Its suppose to check the  change in IP address and push up the latest IP address on to the dyndns  server.

You could also do some settings in the DYNDNS client program to ignore some ranges of detected IP address.

There should not be an issue when you start the DYNDNS client. It should behave in the same manner.

Just make sure you have ONE DYNDNS client running behind the 2 wire.  
0
 
LVL 41

Author Comment

by:dlmille
ID: 36509017
>> What version of DYNDNS client your are using ?
Using the latest - just installed

>>You should check the setting of the DYNDNS client program. Its suppose to check the  change in IP address and push up the latest IP address on to the dyndns  server.

It does that - but since I made the change to VPN in ( or at least the change that does it at boot time ) the IP Address its updating is the WAN IP of the VPN network, not the local network where the computer resides.

>> You could also do some settings in the DYNDNS client program to ignore some ranges of detected IP address.
I'll check that out

>>There should not be an issue when you start the DYNDNS client. It should behave in the same manner.
hope so

>> Just make sure you have ONE DYNDNS client running behind the 2 wire.  
whoops - need to turn the one on Vista machine off, now
0
 
LVL 12

Expert Comment

by:asidu
ID: 36509060
Are you running the VPN on both the machines?
If you suspect the VPN is creating an issue.

Just run the DYNDNS client on a machine that does not have the VPN running
on it.

Set your DYNDNS client to check the IP changes at  5 or 10 minutes level.


>It does that - but since I made the change to VPN in ( or at least the change that >does it at boot time ) the IP Address its updating is the WAN IP of the VPN >network, not the local network where the computer resides.
The WAN IP ranges can be set to be ignored by the client updater.
0
 
LVL 41

Author Comment

by:dlmille
ID: 36509071
>>Just run the DYNDNS client on a machine that does not have the VPN running on it.

The other machine will be going away

>>Set your DYNDNS client to check the IP changes at  5 or 10 minutes level.

Daily checks has worked for the past year, but I'll give this some thought

>>The WAN IP ranges can be set to be ignored by the client updater

Not sure that computes.  The WAN IP changes are what I want the client updater to update!  Just not the WAN IP of the VPN network  - the WAN IP of the network where the computer resides.
0
 
LVL 12

Expert Comment

by:asidu
ID: 36509122

>Not sure that computes.  The WAN IP changes are what I want the client updater to update!  Just not the >WAN IP of the VPN network  - the WAN IP of the network where the computer resides.

Sorry for confusing the issue about WAN IPs.
You can force the client updater to ignore any range which you dont want it to load.
If the two ip ranges that you want to work with are distinct, you can ignore the whole range.

If your VPN is on 213.214.2.32
and you WAN IP is 240.222.3.34

You could safely ignore any changes from 213.X.X.X

Get your system working with shorter time updates. Once the issue is resolved.
Set the update timing to what ever you like.
I usually have 15 minute update for the client. That job of checking the IP 4 times an hour
is very comfortable for the processor. Just in case there was some change of IP it will be
uploaded in the next 15 minutes. The outage due to IP change will only be at the max of 15 minutes.

Hope that helps.

0
 
LVL 41

Author Comment

by:dlmille
ID: 36509503
Makes sense - I have a dynamic IP address for my VPN, re: xxx.homeserver.com

The most important thing is that backups happen over the net.

Dave

PS - will have to try, tomorrow
0
 
LVL 41

Author Comment

by:dlmille
ID: 36509580
I'm not sure I follow.  I can finally get back on the laptop at the remote location.

When I remote desktop the computer, and vpn into my network, I run www.whatismyip.com.  It tells me that my WAN IP is the same as my local WAN IP.

How is dyndns going to know the difference?  How would it ever be able to update?

Dave
0
 
LVL 41

Author Comment

by:dlmille
ID: 36509597
I'm not sure I've decided this is a problem, but I can't remote in to that PC via dyndns, but if all's running OK, I can remote into it via its local name/ip if its VPN'd in.

I noticed this originally, because I was debugging why the network backup wasn't working, and landed on this.

I would want to have the dyndns address to always be the correct WAN IP.  I have the FREE version, so there's not much to configure.

Given all this, what's the advise/clarified?

Thanks,

Dave
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 12

Expert Comment

by:asidu
ID: 36510267
Dave,

Have a look at the log of your dyndns client.
See  if you can observe what is going on ?

First thing to test and confirm is that your wan IP is registered at the DYNDNS server.
I think you can change value physically for testing.
Its not a neat solution but once the right IP is registered for the host name you should
be able to access your machine using the host name.

The FREE version account is OK. There are NO catches with the service they offer.

What if you disable the VPN does your client pushs up the correct VPN address.
I think this should be confirmed to working fine in the first instance.

Regrettably, I dont have a VPN running on my machine so not able to give you more pointers.
My free DYNDNS account with three hosts is working fine.

Asidu
0
 
LVL 41

Author Comment

by:dlmille
ID: 36513131
The WAN IP is registered.  It appears to be changing back and forth between the computers' local network WAN IP and my home network (where its VPN ning into)...

here's the log file where I obfuscated the first part of the IP's, but think you can see what's going on.

Dave
DynUpLog-obfsct.txt
0
 
LVL 41

Author Comment

by:dlmille
ID: 36552935
Any comments?

Dave
0
 
LVL 12

Expert Comment

by:asidu
ID: 36552959
Sorry Dave, I am away on a break. Poor internet connection.
I will have a look at the log when I get back home tomo.
0
 
LVL 41

Author Comment

by:dlmille
ID: 36552966
thanks.  not a rush item, for some reason its been staying 'up' on vpn and finally got enough time for backup and has been backing up ever since.  However, the only way I can connect to it is from my server or by figuring out what its local VPN internet address is.  I need to understand how to setup a broadcast of that PC's VPN address for my local network its vpnning to, or rather fix the dyndns POST that's being done, so I can access directly.

Until then.

Dave
0
 
LVL 12

Assisted Solution

by:asidu
asidu earned 300 total points
ID: 36567834
I have had a look at the log report.
Your dyndns client is uploading remote.156.160.87. Is this your WAN IP?
What does the remote stand for?

On every occasion the upped remote.156.160.87 is changed back to vpn.103.232.10
Something is not quite right here.

I reckon this is an issue with the client updater. Its seeing two valid IPs.

I also note that its not possible to control/filter in  the upping of a set of IPs as i suggested earlier. That was possible with an earlier version of dyndns client updater.

As suggested by jeff_01 I would also recommend having the client updater on another machine.



0
 
LVL 41

Author Comment

by:dlmille
ID: 36568008
Having 2 updaters might have been part of the problem.  The "problem" has not gone away, however, I can VPN to the remote machine with the local IP the VPN assigned to the remote machine, so not a critical issue, I think.  I would have liked it to have updated the RIGHT WAN IP to DYNDNS, but its alternating between the correct one and the WAN IP where the machine has VPN in to.  That's the difference between remote.156.160.87 and vpn.103.232.10 - two different WAN IP's - one where the laptop is located, and one where the laptop is VPN into.

Any further ideas?  Should I schedule the DYNDNS update to happen with the task scheduler, taking down VPN - updating DYNDNS - then raising the VPN again?

Dave
0
 
LVL 12

Assisted Solution

by:asidu
asidu earned 300 total points
ID: 36591187
I checked one of my old machines running DYNDNS its using a version 3 updater.
It has some good options for control. You can down load the version 3 DynDns updater from  http://www.gamefront.com/files/service/thankyou?id=4048063

You can test the older version updater and see how it goes.

You can set in the controls not to allow vpn.103.232.10.
Or the entire range VPN.103.X.X.

You will need to know the real values of VPN and Remote.

Test and see how it goes.




0
 
LVL 41

Author Comment

by:dlmille
ID: 36591210
That's good advice.  However the VPN network's WAN IP address is also something that can change overtime.  Any ideas on how to manage this?  Can I use the network name assigned by DYNDNS on the VPN network's WAN instead of an IP address to exclude?

Dave
0
 
LVL 12

Expert Comment

by:asidu
ID: 36591218
I am not sure Dave, how it will go.
You could give it a try. Download that program and
look at the options available. There should be some flexibility
with the parameter settings.

I can check the settings again some time and
respond. It may be sometime next week thou.

Asidu
0
 
LVL 41

Author Closing Comment

by:dlmille
ID: 36593053
going for the router first is a great point.  Great diagnosis on the log file and using the older version of dyndns updater with the ability to screen should do the trick.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now