How to Configure Dynamic DNS in OPNsense
If you have software/services running on your local network that you want to remotely access, you may have encountered a situation in which your IP address changes periodically. Many ISPs do not assign static IP addresses to non-business accounts especially for IPv4 addresses because they are extremely limited and have technically been exhausted for some time now.
When your modem stays connected for a long period of time with an ISP, it is possible your IP address will not change often. In my experience, that seems to be the case with Comcast. If you have an interruption of service/power or you turn off your modem for a while, you may end up receiving a new IP address.
To work around this issue, you can set up domain name using a dynamic DNS service so that your router or other device on the network can periodically update the DNS record for that domain name with your IP address. Whenever you use the domain name, it should always have the correct and current IP address for your network.
There are a number of dynamic DNS services that are free, but you are limited to using a handful of generic domain names. Some of the services have an option where you can pay to use your own custom domain name. Alternatively, if you have your own domain name, your registrar may have an API available that allows you to update the DNS record(s) via a dynamic DNS client. That feature is really nice because you do not need to pay for a domain name and pay for a dynamic DNS service that supports custom domain names. Dreamhost and Cloudflare are two examples of domain registrars which have such an API (note that for Cloudflare, you can only transfer existing domain names – you cannot register new ones with them).
Install the Dynamic DNS Plugin
Unlike some consumer routers which support dynamic DNS out of the box, OPNsense does not have dynamic DNS functionality installed by default. This is easily remedied by installing the Dynamic DNS plugin by going to “System > Firmware > Plugins” and selecting os-dyndns.
Once the plugin is installed, you will see the “Dynamic DNS” menu option under the “Services” menu. You will have to click to another page or refresh the page to see the new menu option.
Configuring the Dynamic DNS Client
Go to the “Services > Dynamic DNS” page and click the “Add” button in order to add a new dynamic DNS entry.
Click the “Enable” checkbox so the updates will occur once you save the entry. For the “Service type”, select your dynamic DNS provider or registrar that supports updating DNS records. In this example, I use Cloudflare as the registrar. The “Interface to monitor” will mostly likely always be the WAN, but if you have more than one configured WAN, you can select the appropriate interface. Enter the domain name you wish to update the IP address in the “Hostname” box. All that is left is the “Username” and “Password” information. For some providers that have APIs, you need to enter the API key as the password. Refer to the OPNsense documentation for special notes on specific DNS providers. If you need to supply an API key as the password, you need to login into your account to find the API key.
Once you are done, click the “Save and Force Update” update to test if you entered everything correctly. If everything is working properly, you should see a green IP address listed under the “Cached IP” column.
Schedule Periodic Updates
For dynamic DNS to be effective, it needs to be a reoccurring task so that your IP address is always update to date for your domain. A cron job can be set up in OPNsense by going to “System > Settings > Cron” and clicking the “+” icon at the bottom right corner of the table.
Click the “enabled” box to enable the cron job. To run every 15 minutes, use “/15” for “Minutes”, “” for the next 4 boxes. This means every 15 minutes for every hour for every day of the month for every month. A useful reference for determining cron job values: https://crontab.guru/every-15-minutes. All that is left is to set the “Command” to be “Dynamic DNS Update” and enter a “Description” if you like.
You should now be set up to dynamically update the IP address of your domain name which you use to remotely access your network!