Help setting up DDNS on Openwrt router

Installing and Using OpenWrt
1

i'm using https://freedns.afraid.org

`config service 'freedns'

    option service_name 'afraid.org-keyauth'
    option password '***********************************************'
    option interface 'lan'
    option ip_network 'lan'
    option enabled '1'
    option lookup_host 'karimhi'

`

but i try to acces it using my hostname
[admin redacted domain name].com it says
** 400 Bad Request

Your request has bad syntax or is inherently impossible to satisfy.**

  • when i use a dns cheker tool and put my FDQN there it gives me my right ip
2

This is not related to DDNS if the service has your correct IP address... but...

This should probably be wan unless this is not the primary router.

The bad request is likely related to the service itself, not dns.

Let's take a look at some other bits of your config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/firewall
2 Likes
3

Also lookup_host is your full domain name not just the first part.

4

it is my secondary router

cat /etc/config/network
{
        "kernel": "4.4.92",
        "hostname": "LEDE",
        "system": "bcm63xx\/HW556_A (0x6358\/0xA1)",
        "model": "Huawei EchoLife HG556a (version A)",
        "board_name": "hg556a_a",
        "release": {
                "distribution": "LEDE",
                "version": "17.01.4",
                "revision": "r3560-79f57e422d",
                "codename": "reboot",
                "target": "brcm63xx\/generic",
                "description": "LEDE Reboot 17.01.4 r3560-79f57e422d"
        }
}
croot@LEDE:~# cat /etc/config/network
at /etc/co
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
config globals 'globals'
        option ula_prefix 'fda6:b7f2:906e::/48'
config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.11.2'
        option gateway '192.168.11.1'
        option dns '8.8.8.8 1.1.1.1'
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'
root@LEDE:~# cat /etc/config/firewall
config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'
config forwarding
        option src 'lan'
        option dest 'wan'
config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'
config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'
config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'
config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
config include
        option path '/etc/firewall.user'
config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.10.10'
        option dest_port '80'
        option name 'HTTP'
5

still same isue

6

This version is extremely old and it has been EOL for about half a decade now. It has many serious security vulnerabilities that have never been patched.

You need to start by upgrading to 23.05

The upgrade path will necessarily require that you reset to defaults, and I suspect that you will need to make multiple stops along the way (probably 17.01 > 19.07 > 21.02 > 23.05; you might need 22.05 in there).

The fastest method may be to do a direct upgrade via TFTP:
https://openwrt.org/toh/huawei/hg556a?s[]=huawei&s[]=echolife&s[]=hg556a&s[]=bcm63xx&s[]=generic#oem_installation_using_the_tftp_method

1 Like
7

i know it's too old
could it be the problem that the ddns isn't working??? i use this router just for sqm it has a single core so when i update it becomes soo slow and laggy that's why I'm using this

8

I don't know. But, the version is so old that it is entirely unsupported and it is also not safe to use anymore due to the many vulnerabilities.

Even the syntax has changed significantly, so it's going to be hard to get valid support for this version (many people probably don't remember the nuances of that version -- it's from 7 years ago!).

Really? A quick look at your configuration make it look like it is purely a lan device and not doing any routing (I only see one network). How is it doing SQM??

Two things here:

  1. if it is really doing SQM and is not powerful enough, it's time to get newer hardware for that purpose.
  2. Yes, older firmware tends be less resource intensive than the latest... that's also true of the 'big' operating systems on general purpose computers. But unless you have a very specific need, you shouldn't ever be running very old versions for security and other reasons. For example, you could say that Windows XP is less resource intensive than Windows 10/11, but why would you run a version that has such extreme vulnerabilities (one of the few valid conditions for XP in this era would be an airgapped system with critical software that only runs on that version -- say CNC control software, for example).
9

i updated to 23.05 and put my ddns and still :frowning_face:
when i put my ddns domain and token in openwrt it automatically give me my public ip so i guess it's correct

  • i also turned off firewall on primary router

image_2024-11-05_095644459


root@OpenWrt:~# ubus call system board
{
        "kernel": "5.10.221",
        "hostname": "OpenWrt",
        "system": "bcm63xx/HW556_A (0x6358/0xA1)",
        "model": "Huawei EchoLife HG556a (version A)",
        "board_name": "huawei,echolife-hg556a-a",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.7",
                "revision": "r20341-591b7e93d3",
                "target": "bcm63xx/generic",
                "description": "OpenWrt 22.03.7 r20341-591b7e93d3"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd18:19a8:8d42::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.11.2'
        option gateway '192.168.11.1'
        list dns '8.8.8.8'
        list dns '1.1.1.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'
10

DDNS CONFIG


config service 'FREEDNS'
        option service_name 'afraid.org-keyauth'
        option use_ipv6 '0'
        option enabled '1'
        option lookup_host 'karimhi.mooo.com'
        option domain 'mooo.com'
        option username 'karimhi'
        option password '*****************************************************'
        option ip_source 'network'
        option ip_network 'lan'
        option interface 'lan'
        option use_syslog '2'
        option check_unit 'minutes'
        option force_unit 'minutes'
        option retry_unit 'seconds'
11

Does the output of:

nslookup karimhi.mooo.com 8.8.8.8

provide the correct answer?

12

nope it gives me my right public ipv4 dns the one i used in dns config

C:\Users\Administrator>nslookup karimhi.mooo.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    karimhi.mooo.com
Address:  196.***.***.**
13

but i can't access it in browser

14

I don't understand, that seems correct.

Are you saying there's some issue (with DDNS)?

Not a DDNS issue.

15

i'm saying that it gives me my public ddns which means everything is okay

1 Like
16

but i can't access it via browser

image_2024-11-05_095644459

17

How would you like us to help you troubleshoot this?

This seems odd because:

You have no WAN and your LAN isn't 192.168.10.0/24 (it's 192.168.11.0/24). So a port forward from WAN to 192.168.10.10 at LAN makes no sense.

:spiral_notepad: The OpenWrt isn't your firewall.

  • Something is seriously wrong with your config.
  • You need to identify which device is responding with an HTTP Error 400
18

this is my current config

and i have 2 router the primary one 192.168.11.2 ZTE with no openwrt
and this one 192.168.11.2 i turned off firewall on both

19

Can you provide us with a network topology diagram that shows all the devices in play here (your main router, OpenWrt, the computer to which this rule points, etc.). Make sure you label all of them with their IP addresses.

1 Like
20

You have to forward the port through the primary router to this router's LAN IP.

Opening Luci to the Internet is not recommended as it is not considered secure enough for other than local access.