When configuring your firewall, you MUST configure the DDNS settings. This is critical. It is common for the upstream bridged modem to provide downstream clients (i.,e the WAN interface on your firewall) a new public IP address periodically. This can happen due to administrative reasons, or due to a modem/firewall restart.

When an IP address is assigned to the WAN interface on your firewall, you will want to use DDNS to update the IP address of the interface of a hostname of your choice, for example, datacenter.domain.tld. That way remote wireguard clients can find your network and public domain names can be resolved to the appropriate IP address.

Configuring DDNS on PFSense

Configuring PFSense is relatively straight-forward. Go to Services→Dyanamic DNS in the firewall admin interface. Then Add a new Dynamic DNS Client.

In the Service Type, choose Namecheap from the menu, or whatever your service provider is. Sovereign Stack has been tested with Namecheap, but any provider that supports DDNS should work. The Interface to Monitor should be set to WAN. Enter the Hostname and domain name for the administrative domain.

The last step is to enter the password, which you obtain from your DNS provider for the domain. In Namecheap, you will need to toggle the Dynamic DNS status at which point the password will be produced. Paste this into your PFSense firewall, enter a description, then click "Save & Force Update".

Of course, if you JUST specified your domain record, you may want to wait just a tad for DNS to properly recognize its existence.

Want to support Sovereign Stack development? Consider donating to our monthly crowdfund.