I installed and configured DDNS with DuckDNS, but the ping is not successfull, all packages are lost, with ping test over the internet. What's wrong?
Does the host/target allow pinging?
Compare these three things:
- Google "what's my IP"
- the result of nslookup < your ddns domain name >
- the IP address that is reported in the main status screen under "IPv4 upstream"
Do all three match?
Yes they match
Ok... that was the first thing -- making sure that you have a true public IP and that everything is resolving properly.
beyond ping, what is your goal? Are you port forwarding?
Where can I verify this?
What do you mean with resolving and true public IP?
My goal is to make homenetwork to which I can connect from outside, I think this would need port forwarding.
resolving = DNS resolution. This is the process of looking up a domain name (i.e. openwrt.org) and returning an IP address (139.59.209.225)
true public IP = publicly routable IP address. Not all ISP's provide addresses that can be reached from the internet in general. This is called CG-NAT (carrier grade network address translation), and it allows the ISP to maintain fewer public IPs (IPv4 addresses are limited) while still giving internet access. The same thing happens on your router -- everything behind your router is NAT'd and the internal network uses RFC1918 private IP addresses that cannot be reached on the internet.
I would recommend using a VPN instead of port forwarding. It is much more secure and gives a better level of access without compromising the integrity of your network. Wireguard is a good option here.
Frist thanks for the fast respons and explanation.
I first need to study this deeper what you explained. My openwrt router is behind my main router, my this causes something.
I will answere later on your questions and explanation after i gathered more information. Dont known if I can do it today.
This may be the reason you cannot ping -- your upstream router may block pings.
Are you sure? If your OpenWrt router is behind another router, that would suggest that the IPv4 upstream would be an RFC1918 private address, not a public IP address. The Google test should return the apparent public IP.... but we need to know if that IP address is really yours uniquely or if you have a CG-NAT situation.
1 Like
In that case, you would need to forward within the main router. If you're offering a service from the OpenWrt router forward the port to that IP. Usually pings from the Internet would be answered by the main router-- this is OpenWrt's default when used as a main router and there is no harm in answering pings.
When OpenWrt is behind another router, this will not be a public IP, but an IP on the main router's LAN.
Precisely... except if the upstream device is not a router (maybe a simple modem, or modem+router in bridge mode).
@Sundhto -- since your OpenWrt router is apparently behind another device, we need to check both the OpenWrt address to confirm if it is an RFC1918 address, and the main router to see if it has a public IP or a CG-NAT address.
Please look at the OpenWrt router's main status page and find the IPv4 upstream section... what does that show for the address (just post the first two octets in bold: aaa.bbb.ccc.ddd)?
Yes my main router was blocking the ping, found that option. Disabled it, but still the ping isnt coming through.
It showing a 46. .. IP, I dont know if its a CG-Nat situation. How can i check this. But when i ping my DNS Adress, it shows me the right IP next to it.
Yes I want to let it run over wireguard, I want wireguard + DDNS. So i can connect to my Homenetwork from outside and I am using DuckDNS.
Can anybody refer me a tutorial for this topic. Musst be a lot out there, but it seems to me like googles search engine is becoming worse and worse.
Well, since the main router is the thing that interfaces with the public IP, it is the one that will be responsible for responding to pings. If it is not, that means:
- the setting on your router didn't actually affect the change -- maybe it didn't save, maybe it doesn't actually work the way it should
- If you're testing from within the network, the router may not allow responses in a hairpin/loopback mode. Test from outside in this case
- your ISP (or the router) may block ping responses from the connected equipment.
That said, ping is a very useful tool, but it is not the be-all-end-all of connectivity tests.
This should be no problem (at least in theory... hopefully your ISP and/or main router doens't cause problems here). WG is a great option.