DynDns doesn't work behind modem

Hello,

I'm using the following router Linksys Viper (E4200v2 / EA4500) with OpenWrt 19.07.7 r11306-c4a6851c72 / LuCI openwrt-19.07 branch git-21.044.30835-34e0d65 behind a vodafone cable modem.

I had OpenVPN on the OpenWrt running, until I changed my account and only got DS-Lite instead of a real IPv4.

Now, I wanted to use wireguard with OpenWrt and therefore reconfigure my DynDns (Selfhost.de) account. This worked with the plugins luci-app-dns and ddns-scripts, except, that the ip cannot be updated, because I get the following error messages:

 213040 ERROR : No or private or invalid IP '192.168.0.1' given! Please check your configuration
 213040 ERROR : No update send to DDNS Provider

I tried to follow this topic ([Solved] DDNS on LEDE behind ISP router detects private ip - #6 by psherman), but removing the two lines from the /etc/config/ddns config file and restarting the router didn't work for me, because I had these two parameters only in the myddns_ipv4/6 configs, but not in my "selfhost" config part.

Here's my ddns config file:


config ddns 'global'
	option ddns_dateformat '%F %R'
	option ddns_loglines '250'
	option upd_privateip '0'

config service 'myddns_ipv4'
	option lookup_host 'yourhost.example.com'
	option domain 'yourhost.example.com'
	option username 'your_username'
	option password 'your_password'
	option interface 'wan'
	option service_name 'dyn.com'
	option enabled '0'

config service 'myddns_ipv6'
	option update_url 'http://[USERNAME]:[PASSWORD]@your.provider.net/nic/update?hostname=[DOMAIN]&myip=[IP]'
	option lookup_host 'yourhost.example.com'
	option domain 'yourhost.example.com'
	option username 'your_username'
	option password 'your_password'
	option use_ipv6 '1'
	option interface 'wan6'
	option enabled '0'

config service 'selfhost'
	option service_name 'selfhost.de'
	option lookup_host '*********.selfhost.eu'
	option username '******************'
	option password '***********************************************'
	option enabled '1'
	option check_interval '5'

Any ideas, if I can fix this problem and use WireGuard behind my modem with DS-Lite? If WireGuard doesn't run at all with my combi of router behind modem and DS-Lite, I wouldn't need the hostname, either.

Thanks and kind regards,

Dirk

What does the log say for the ddns service?

1 Like

Here's are the last entries of the log

 170112  WARN : Updating IP at DDNS provider failed - starting retry 4/0
 170113       : Detect local IP on 'network'
 170113       : Local IP '192.168.0.1' detected on network 'wan'
 170113       : Update needed - L: '192.168.0.1' <> R: 'xx.xx.xxx.xx'
 170113 ERROR : No or private or invalid IP '192.168.0.1' given! Please check your configuration
 170113 ERROR : No update send to DDNS Provider
 170113       : Waiting 600 seconds (Check Interval)
 171113       : Detect registered/public IP
 171113       : #> /usr/bin/nslookup ******.selfhost.eu  >/var/run/ddns/selfhost.dat 2>/var/run/ddns/selfhost.err
 171113       : Registered IP 'xx.xx.xxx.xx' detected
 171113  WARN : Updating IP at DDNS provider failed - starting retry 5/0
 171113       : Detect local IP on 'network'
 171113       : Local IP '192.168.0.1' detected on network 'wan'
 171113       : Update needed - L: '192.168.0.1' <> R: 'xx.xx.xxx.xx'
 171113 ERROR : No or private or invalid IP '192.168.0.1' given! Please check your configuration
 171113 ERROR : No update send to DDNS Provider
 171113       : Waiting 600 seconds (Check Interval)

The plugin fetches the correct (last) ip from selfhost. But it cannot update it, because the ip is the one of my modem.

Thanks and kind regards,

Dirk

With DS-Lite, your LAN runs on private IPv4 addresses and there is a NAT gateway at the ISP (carrier-grade NAT).
This means you cannot offer any service to the internet via IPv4. Instead, you have to run the VPN over IPv6 if you want to allow connections from outside.

3 Likes

The good news is that IPv6 is not a broken protocol with bailing wire and chewing gum holding it together so you can just publish your IPv6 via DNS and allow the packets in the firewall!

2 Likes

Thanks a lot to both of you! Then I'll search for a tutorial how to do this with IPv6. The only doubts I have is that I cannot connect to the VPN from my smartphone, e.g. because I guess I read, that most mobile providers do not yet use IPv6?! But I'll try out. As IPv6 is the future, I guess it will come at any time.

Thanks and kind regards,

Dirk

It depends for example in the US T-Mobile uses 100% IPv6.

Your other option is to use a VPS server on the internet as a VPN hub

1 Like

Some mobile ISPs might not default to IPv6, but still offer it optionally - e.g. by using different APN settings.

1 Like

Thanks a lot. Great help for me!

Kind regards,

Dirk