If you want to address your own server publicly via ipv6 you do not register the WAN interface address with some DDNS provider out the actual public permananent address of the server. The Dynamic DNS module of OpenWRT support several methods to determine the IP address that should be registered, but for IPv6 servers it is kinda non-obvious how to determine the address of the server.
I would not be good to put the address in statically, since the ipv6 prefix might change if you switch to a(nother) 6in4 tunnel.
So what I would prefer is a dynamic method to determine the server address and send it off to the DDNS provider.
I can see that in the LUCI interface are known the IPv6 address leases, but I don't know how to query those in a script (what command is actually providing that information?).
I read in the forum that dnsmasq should also record the names with the ipv6 leases, but for me it does not, so i cannot use DNS for this purpose.
Apart from that it may make sense to also provide a DNS lookup as a IP determination method to offer on the DDNS LUCI interface (more comfy than making a script).
Maybe it was not clear enough. The OpenWRT is not my server and in my opinion it should not be. It is "just" a router and that's enough.
So it is not at all helping if it determines the IPv6 of one of its own interfaces (incl. that of the WAN6 interface).
What I really need it to do is determine the IPv6 of my server dynamically and send that to the DDNS provider.
So thank you cordially for your contribution. Unfortnately that solution is exactly what I do not need.
That just gives all addresses that node has for ipv6.
What I meant was if one could specifiy the lifetime of the address to select. usually the ULA addresses have lifetime -1 and the provider prefix based addresses something else.
I have a similar setup, the scripts extracts IPv6 address using the MAC address, updates the firewall to allow incoming connection and updates DDNS when the IP address change is detected. The cron job runs every couple of hours.
Thank you so much. The script works not completely.
There seems to be a mistake in the selection of the public address:
if echo "${ADDR}" | grep -q "${NET_PREF6%/*}"
The public address is not selected.
Another problem for me now is that the server disappeared from the active dhcpv6 lease list... so the script will return empty anyway (but I tested it with a different host name that is in the dhcpv6 list).
How could that happen. The server is up and running.
I think this happens when odhcpd (or whatever dhcp server you use) gets restarted.
Then the leases are cleared but the clients are still maintaining an active lease.
Maybe it is better to assign static DHCP leases (so the last bits of the address are always the same) and then use a mask in your IPv6 firewall rule to only match certain bits of the IPv6 address.
(like ISP prefix (first 32 bits or less) + static DHCP Part (last 64 bits), excluding your delegated prefix because that maybe changes)
Example ip6tables rule:
But be aware if you use multiple sub nets don't use the same DHCP static addresses otherwise you end up forwarding traffic you don't want to.
And hardcode the DDNS Update with the DHCP static address. (e.g. only extract the ISP prefix + the delegated prefix and append the DHCP static address to it.)
And the jsonfilter in openwrt is a bit limited...but there is "a trick" (that also works four other sources)
You can remove all line breaks from the string that you want to parse, so that you end up with one big line. Then you can grep over it more easily.
You can also use ip neigh command (and grep by MAC address) and then filter out the unwanted addresses.
Here is my simple script that I use with OpenWRTs DDNS scripts:
#!/bin/sh
. /lib/functions/network.sh
INTERFFACE="lan"
ISP_PREFIX="1234:5678"
HOST_ID=":10::1"
network_get_subnets6 LAN_PREFIXES "${INTERFFACE}"
if LAN_PREFIX="$(echo "${LAN_PREFIXES}" | grep "${ISP_PREFIX}" | cut -d ':' -f 1-4)" \
&& [ -n "${LAN_PREFIX}" ]; then
HOST_IP="${LAN_PREFIX}${HOST_ID}"
if ip -6 route get "${HOST_IP}"/128 >/dev/null 2>&1; then
echo "${HOST_IP}"
exit 0
else
exit 1
fi
else
exit 1
fi
Would it not make more sense to do this on the server itself? I mean you can probably fudge it on the router but this seems a case of making things more difficult than it needs to be...
This script works standalone.
However when using it in DDNS LUCI there is a problem:
Advanced Settings - IP address source [IPv6]: can not detect local IP. Please select a different Source combination
LUCI highlights the Script option for IP address source [IPv6]
Another thing is that the script always uses the wan6 prefix. What I need is to determine the prefix for a different interface because the server is NOT the router but a separate devide that is on a different interface than wan6 (see my earlier clarification).
Is it possible to replace network_find_wan6 with something else where we can specify for which interface we want the prefix?
I don't know whether it is such a strange thing to to, but - get this - wait for it - again - I do not want the prefix of wan6! I want the prefix of another interface. And this does not seem to work. Look at the script above, I did already what you proposed, but it only works for wan6!
And then even the DDNS UI complains: "Advanced Settings - IP address source [IPv6]: can not detect local IP. Please select a different Source combination"