OpenVPN Server using DDNS instead of static IP?

Rohirrimus · November 27, 2022, 5:17pm

Hello guys,
I recently Setup Redmi AC2100 as a Gateway/firewall and I want to to setup a openVPN server.

I don't have a static IP, so I have configured luci-app-ddns with CloudFlare and got it all working.

Now I want to configure OpenVPN Server, but I want to do it by using domain name gateway.example.com which will resolve to my IP address.
I was going to follow this Tutorial , and I saw this part:


# Fetch WAN IP address
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_ipaddr NET_ADDR "${NET_IF}"
OVPN_SERV="${NET_ADDR}"
 
# Fetch FQDN from DDNS client
NET_FQDN="$(uci -q get ddns.@service[0].lookup_host)"
if [ -n "${NET_FQDN}" ]
then OVPN_SERV="${NET_FQDN}"
fi

I am not sure do I need to do both "Fetch IP address" and " Fetch FQDN" , or should I just do the Fetch FQDN ?

Thanks

psherman · November 27, 2022, 7:42pm

If you're setting up a server, you don't need to worry about the specific IP address of the server in the main server configuration. Instead, all you need to do is register domain with a ddns provider and then run the ddns scripts on your OpenWrt router so that it updates the DNS records appropriately. On your client, you'll use your domain as registered and it will just work (provided everything else is properly configured).

EDIT: You can also consider running Wireguard instead of OpenVPN -- it is easier to configure and much more performant.

Rohirrimus · November 28, 2022, 6:34pm

thanks, so when I am setting it up I can skip this part:

# Fetch WAN IP address
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_ipaddr NET_ADDR "${NET_IF}"
OVPN_SERV="${NET_ADDR}"

and just enter:

# Fetch FQDN from DDNS client
NET_FQDN="$(uci -q get ddns.@service[0].lookup_host)"
if [ -n "${NET_FQDN}" ]
then OVPN_SERV="${NET_FQDN}"
fi

I prefer OpenVPN as I need to connect another router ( client) when traveling so that all of the network gets routed through my home, then laptop need to connect with VPN to the company ( so it's like a tunnel inside of the tunnel) and I am afraid there might be an issue with WireGuard due to what company VPN uses.

Thanks

psherman · November 28, 2022, 6:39pm

ah... now I see what that is for... it is to simplify the automatic generation of the client config files. Yes, you can skip the first part and just use the FQDN (assuming you've set that up already).

Rohirrimus · November 29, 2022, 12:30pm

Thanks, I managed to set it up actually and it's working quite well.
my only issue is that I cannot see the server setup in the gui:

I installed luci package, deleted sample configs but I don't see the one running.
Is there any way to show? I'd like to have everything that's running shown in Luci, so that I can see at a glance all of the configuration.

Thanks