Cloudflare DDNS
If you have a Dynamic WAN IP, you'll need to set up some sort of DDNS client. Most ISPs use Dynamic IPs with residential customers, so this is pretty common and there are multiple options for working around this. I currently manage my domains with Cloudflare, so I'll be using their DDNS so I can have all my management under 1 provider. Setting this up is fairly simple!
First, make sure the os-ddclient plugin is installed on your OPNsense firewall. Once installed, navigate to Services ---> Dynamic DNS ---> Settings:
Next, select the "+" icon to add an account.
Open up a web browser and create an A Record with your domain registrar for a subdomain. On Clouflare its fairly simple. Navigate to your DNS records, and create a new record:
- Enter a name for your subdomain, and any IP address. The IP you enter doesn't matter as this record will be updated with your WAN IP automatically.
- Make sure you turn Proxy off
Your final settings should look like this:
With this record saved, navigate to your API tokens and generate a new API token. Navigate to Overview in Cloudflare, then scroll down and select "Get API token". On the next page, select create token:
Use the "Edit zone DNS" template and configure the following:
- Enter a name for the token
- Add another permission as Zone - DNS - Read
- Under zone resrouces configure Include - Specific Zone - Select the domain you have the A Record configured with
- After creating the token, save it somewhere! You will not be able to view this token again!
With your A Record configured, and API token in hand, you can now go back to the OPNsense Page:
- Enable the account
- Give it a Description or name
- Select Cloudflare under Service
- Keep username blank
- Enter your API token as the password
- For zone, enter your domain name
- example.com
- For Hostname, enter your FQDN
- vpn.example.com
- For Check IP method, select ip4only.me
- Force SSL, then save configurations
Save your settings and apply the new configurations. Select the refresh icon and your WAN IP should now be updated!
Check your DNS A Record to see if your WAN IP has updated. It should automatically update. You can now get your WAN IP from this subdomain, as it'll automatically update. To ensure it automatically updates, I've created a cron job in my router to check for changes in my IP every 6 hours and update if necessary.