I have configured my router TP-Link C7 v5 (running on a OpenWrt release 19.07.8 custom image) to update three DDNS subdomains by SSL.
All I did was to install packages
ca-certificates and enter these two additional lines to config blocks in /etc/config/ddns
option 'use_https' '1' option 'cacert' '/etc/ssl/certs'
Updates work fine.
How do I know that the update traffic (to the DDNS site servers) is using SSL?
If I entered the above two lines into config, and the SSL somehow failed, would (a) plain text traffic go out instead (OpenWrt would have to choose to do so I believe) or would (b) the update simply fail? If (b), then the very success of update would tell me that SSL was working.
NOTES ON CONFIG
I will set out the config blocks I used for the 3 DDNS providers both for this question's sake and also because it took me some time to figure them out and another novice like myself may find them useful.
- Do not use a dash (-) or period (.) in the value for
- In all 3, I believe
option interface 'wan'superfluous (as supplied by defaults). Have not tested (by deleting).
- In all 3, I cause the router to use a Web site to find out its own public IP address. This way the router can sit behind another.
- The password for afraid.org is the portion of URL after the question mark (?) in their so called "Direct URL". To see this URL, log in, click "Dynamic DNS" (in the left column), find your subdomain toward bottom, click link "Direct URL."
- The password for duckdns.org is their so called "token."
- Made-up names (e.g. subdomain) start with "cow."
- Of the 3, the one I least recommend would be afraid.org, based on my experience in this post (it says basically that afraid.org is slow to be updated in LuCI): DDNS does not update LuCI's display
1. Config for afraid.org
config service 'afraid_ipv4' option lookup_host 'cowsubdom.mooo.com' option password 'COWXXXXXXXXXXaYYYYYYYYYYYYYbZZZZZZZZZZc' option service_name 'afraid.org-keyauth' option ip_source 'web' option ip_url 'http://ipecho.net/plain' option interface 'wan' option 'use_https' '1' option 'cacert' '/etc/ssl/certs' option enabled '1'
2. Config for duckdns.org
config service 'duckdns_ipv4' option lookup_host 'cowsubdom.duckdns.org' option domain 'cowsubdom.duckdns.org' option password 'cow3id29-b8sk-b9sj-x9be-sblsifjse' option service_name 'duckdns.org' option ip_source 'web' option ip_url 'http://ipecho.net/plain' option interface 'wan' option 'use_https' '1' option 'cacert' '/etc/ssl/certs' option enabled '1'
3. Config for dynu.com
config service 'dynu_ipv4' option lookup_host 'cowsubdom.ddnsfree.com' option domain 'cowsubdom.ddnsfree.com' option username 'cowuser' option password 'cowpassword' option service_name 'dynu.com' option ip_source 'web' option ip_url 'http://checkip.dynu.com' option interface 'wan' option 'use_https' '1' option 'cacert' '/etc/ssl/certs' option enabled '1'