Ddns question about remote acces

Peacefuleight · November 20, 2022, 8:25pm

Hi,

I setup for the forst time ddns, I would like to use it with wireguard to remote access.
first, I would like to know if my ddns seems to be ok, btw, I try to use my new ddns address to acces my router, and it does not work, rfc1918 error.
here my config

root@OpenWrt:~# uci show ddns
ddns.global=ddns
ddns.global.ddns_dateformat='%F %R'
ddns.global.ddns_loglines='250'
ddns.global.ddns_rundir='/var/run/ddns'
ddns.global.ddns_logdir='/var/log/ddns'
ddns.duckdns=service
ddns.duckdns.enabled='1'
ddns.duckdns.domain='xxxxx.duckdns.org'
ddns.duckdns.username='xxxxxx'
ddns.duckdns.password='952aa6xxxxxxxxxxxxba5'
ddns.duckdns.ip_source='network'
ddns.duckdns.ip_network='wan'
ddns.duckdns.force_interval='72'
ddns.duckdns.force_unit='hours'
ddns.duckdns.check_interval='10'
ddns.duckdns.check_unit='minutes'
ddns.duckdns.update_url='http://www.duckdns.org/update?domains=[USERNAME]&token=[PASSWORD]&ip=[IP]'
ddns.duckdns.lookup_host='xxxxx.duckdns.org'
ddns.duckdns.use_https='1'
ddns.duckdns.cacert='/etc/ssl/certs/ca-bundle.pem'
root@OpenWrt:~#

psherman · November 20, 2022, 8:33pm

That would certainly constitute an error since RFC1918 addresses are not publicly routable.

So the error you are getting suggests that the WAN has an RFC1918 address. Is that true? Is this device sitting behind another router?

What do you see for your WAN IP as reported by OpenWrt (via ifconfig or ip commands on the CLI, or on the LuCI web interface Status > Overview > Network > IPv4 upstream? Is it an RFC1918 address? If in doubt, post it here (just the octets in bold: aaa.bbb.ccc.ddd)

Peacefuleight · November 20, 2022, 8:43pm

thanks, my router is behind a modem.
I see my public ip from my isp

Protocol: DHCP client
Address: 74.210.xx.xx/24
Gateway: 74.xxxx.1
DNS 1: 192.168.1.1

psherman · November 20, 2022, 8:44pm

Is this a modem only, or a modem + router?

How do you see this? On the OpenWrt's WAN? or is it via some other method?

Peacefuleight · November 20, 2022, 8:47pm

overview, ip4 upstream, I mean I see the ip that I can see on https://www.dnsleaktest.com/
my hardware is a gateway but the wifi is deactivated from isp, bridge mode

eduperez · November 21, 2022, 3:19pm

Are you trying from a device connected to your network? Or from an external connection?

Peacefuleight · November 21, 2022, 3:31pm

I tried from my smartphone via wifi and tried without wifi.

Peacefuleight · November 21, 2022, 3:32pm

Maybe I need to uncheck in uhttpd?
Or open something in firewall or traffic rules..

RaresC95 · November 21, 2022, 4:07pm

In /etc/config/uhttpd
set:

option rfc1918_filter '1'

to value 0, that worked for me.

Peacefuleight · November 21, 2022, 4:20pm

Yes but it.is there to protect, not sure it is good,no ?

RaresC95 · November 21, 2022, 4:39pm

Since you are accesing via VPN from local subnet is the same as using 192.168.1.1 from LAN connected via cable, of course, If the VPN îs secured as well. Opening remote acces directly on WAN isn't safe, since you are doing it through a VPN there's no problem.

Peacefuleight · November 21, 2022, 5:06pm

For now, wg is not yet ready, I have some problems

RaresC95 · November 21, 2022, 5:47pm

I am also using wireguard, what problems do you have? RFC1918 is solved and SAFE If u use that setting, I am also using it.