[SOLVED] WAN DHCP client to Static Address change now unable to access home from outside

I have been having some issues where my connection drops a few times per day for 2 or 3 seconds then quickly reconnects. At first I thought it was because my old router (running DDWRT) was failing so I made the switch to a RP4 (openwrt)+ArcherC7(openwrt dumb AP) configuration. Unfortunately the issue persists.

I contacted my ISP and they told me it is an issue with lease timing out. According to them the fix is to change the WAN protocol from DHCP client to Static Address Static Address Setting. At this location I get internet coming in via a ethernet cable that plugs straight into my RP4. No modem in my unit.

When running on DHCP client mode, I can use wireguard to connect to my home network without issues. The wireguard has DDNS via dynu for the ip address changes. However, when switching to the Static IP protocol I lose the ability to get into my network from outside. I have tried playing around with the DDNS setting from leaving the "IP address source" as Network and the "network" as WAN (DDNS IP address source as well as leaving the "IP address source" as URL (DDNS URL and the URL to detect is correct based on the log file viewer for the DDNS service. When using the URL option, under the log file viewer, it says it is successful but on the main DDNS page I can see the ip address stays as 1.1.1.1 (I have the IP address as 1.1.1.1 on the URL source address) but ip address on the log file viewer does show me the correct WAN IP given by the ISP. So I am not sure if this is the issue.

The ISP has told me that I am NOT behind a CGNAT so I am not sure what could be leading to me not being able to get into my network with the WireGuard+DDNS configuration I have been using. Any help would be greatly appreciated.

Forget about DDNS and WireGuard for a while.
Let's check if you see any incoming traffic in general.
Install tcpdump and use any "port checking" site on Internet.
See PC Router x64 - Can't port forward? - #26 by AndrewZ

Did I do this right?

root@OpenWrt:~# tcpdump -v -i eth1 port 5121
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
08:18:51.379216 IP (tos 0x28, ttl 52, id 47468, offset 0, flags [DF], proto TCP (6), length 60)
    ec2-52-202-215-126.compute-1.amazonaws.com.48242 > 38.64.XXX.XXX.5121: Flags [S], cksum 0x724a (correct), seq 4261233903, win 26883, options [mss 1460,sackOK,TS val 2237070723 ecr 0,nop,wscale 7], length 0
08:18:51.379278 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    38.64.XXX.XXX.5121 > ec2-52-202-215-126.compute-1.amazonaws.com.48242: Flags [R.], cksum 0xd691 (incorrect -> 0xc5f7), seq 0, ack 4261233904, win 0, length 0

tcpdump -v -i eth1 port 5121
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
08:25:25.938424 IP (tos 0x28, ttl 52, id 439, offset 0, flags [DF], proto TCP (6), length 60)
    ec2-52-202-215-126.compute-1.amazonaws.com.51175 > 38.64.XXX.XXX.5121: Flags [S], cksum 0x6c14 (correct), seq 1022918496, win 26883, options [mss 1460,sackOK,TS val 2237169367 ecr 0,nop,wscale 7], length 0
08:25:25.938516 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    38.64.XXX.XXX.5121 > ec2-52-202-215-126.compute-1.amazonaws.com.51175: Flags [R.], cksum 0xd691 (incorrect -> 0x4117), seq 0, ack 1022918497, win 0, length 0
^Z[1]+  Stopped                    tcpdump -v -i eth1 port 5121

Please let me know if I did not hide my IP correctly
Please note that I ran the test with the WAN protocol currently on DHCP mode as I will be leaving for work soon and still need to have the access to my network

We're wasting time then.
Please use </> button to properly format the command output.

Sorry you are right lol, here is the output with the WAN protocol set to static address

tcpdump -v -i eth1 port 5121
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144                                                                              bytes
08:47:15.173703 IP (tos 0x28, ttl 50, id 36725, offset 0, flags [DF], proto TCP                                                                              (6), length 60)
    ec2-52-202-215-126.compute-1.amazonaws.com.58732 > 38.64.XXX.XXX.5121: Flags                                                                              [S], cksum 0xd0d3 (correct), seq 1239478811, win 26883, options [mss 1460,sackO                                                                             K,TS val 2237496686 ecr 0,nop,wscale 7], length 0
08:47:15.173771 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6),                                                                              length 40)
    38.64.XXX.XXX.5121 > ec2-52-202-215-126.compute-1.amazonaws.com.58732: Flags                                                                              [R.], cksum 0xd60d (incorrect -> 0xa472), seq 0, ack 1239478812, win 0, length                                                                              0

Great, that was TCP, but for WG you need UDP, so test this as shown on the same thread that I mentioned earlier.

Sorry Andrew, is this the correct command to run the tcpdump for the UDP port: tcpdump icmp? I looked at the thread you posted but didn't understand what to change to get the UDP port.

tcpdump -v -i eth1 udp port {number}

I assume you are using the right parameters for the static configuration, right? It's the same IP address, network mask, and gateway that you receive using DHCP.

root@OpenWrt:~# tcpdump -v -i eth1 udp port 5121
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
09:05:39.347462 IP (tos 0x48, ttl 53, id 25088, offset 0, flags [DF], proto UDP (17), length 28)
    nl2.node.check-host.net.53533 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.351481 IP (tos 0x0, ttl 53, id 42146, offset 0, flags [DF], proto UDP (17), length 28)
    de4.node.check-host.net.39064 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.352699 IP (tos 0x48, ttl 46, id 19545, offset 0, flags [DF], proto UDP (17), length 28)
    de1.node.check-host.net.58083 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.358908 IP (tos 0x48, ttl 50, id 38792, offset 0, flags [DF], proto UDP (17), length 28)
    hostedby.privatelayer.com.33895 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.379408 IP (tos 0x48, ttl 54, id 9212, offset 0, flags [DF], proto UDP (17), length 28)
    nl1.node.check-host.net.56057 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.387629 IP (tos 0x48, ttl 49, id 27027, offset 0, flags [DF], proto UDP (17), length 28)
    ip13-bcn1-ddos.coldhosting.com.47639 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.397899 IP (tos 0x48, ttl 50, id 616, offset 0, flags [DF], proto UDP (17), length 28)
    pl2.node.check-host.net.57032 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.406625 IP (tos 0x28, ttl 52, id 50578, offset 0, flags [DF], proto UDP (17), length 28)
    195-154-114-92.rev.poneytelecom.eu.38608 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.406915 IP (tos 0x28, ttl 52, id 30611, offset 0, flags [DF], proto UDP (17), length 28)
    uk1.node.check-host.net.45426 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.419734 IP (tos 0x48, ttl 47, id 60305, offset 0, flags [DF], proto UDP (17), length 28)
    it2.node.check-host.net.38214 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.427461 IP (tos 0x28, ttl 52, id 19228, offset 0, flags [DF], proto UDP (17), length 28)
    se1.node.check-host.net.38098 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.436485 IP (tos 0x48, ttl 49, id 43764, offset 0, flags [DF], proto UDP (17), length 28)
    hr1.node.check-host.net.33381 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.439307 IP (tos 0x28, ttl 52, id 63888, offset 0, flags [DF], proto UDP (17), length 28)
    cz1.node.check-host.net.39311 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.440201 IP (tos 0x28, ttl 54, id 50520, offset 0, flags [DF], proto UDP (17), length 28)
    pl1.node.check-host.net.47037 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.444109 IP (tos 0x28, ttl 48, id 6547, offset 0, flags [DF], proto UDP (17), length 28)
    bg1.node.check-host.net.54278 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.454911 IP (tos 0x28, ttl 55, id 28833, offset 0, flags [DF], proto UDP (17), length 28)
    pt1.node.check-host.net.51750 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.463041 IP (tos 0x48, ttl 46, id 9863, offset 0, flags [DF], proto UDP (17), length 28)
    fi1.node.check-host.net.55623 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.471426 IP (tos 0x28, ttl 48, id 49983, offset 0, flags [DF], proto UDP (17), length 28)
    rs1.node.check-host.net.45247 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.481982 IP (tos 0x48, ttl 49, id 5232, offset 0, flags [DF], proto UDP (17), length 28)
    customer.frntdeu1.pop.starlinkisp.net.30166 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.482551 IP (tos 0x28, ttl 45, id 42532, offset 0, flags [DF], proto UDP (17), length 28)
    tr2.node.check-host.net.37968 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.486763 IP (tos 0x48, ttl 51, id 29052, offset 0, flags [DF], proto UDP (17), length 28)
    tr1.node.check-host.net.49001 > 38.64.XXX.XXX.5121: UDP, length 0
09:05:39.494515 IP (tos 0x28, ttl 53, id 25141, offset 0, flags [DF], proto UDP (17), length 28)
^C    lt1.node.check-host.net.40130 > 38.64.XXX.XXX.5121: UDP, length 0

I am using the parameters that the ISP gave me. It allows me to connect to the internet. So I guess its correct :man_shrugging:

Great. Then remove or disable DDNS client in OpenWrt and statically configure your static IP on dynu web site. Run nslookup {your hostname} from any PC and see if the address is correct.
Once the address is correct, test from outside using WG client.

You can observe WG network activity with tcpdump -v -i eth1 udp port 51820

Not really sure how to statically configure my static IP on the dynu web site. I am about to leave for work in 30 minutes and don't want to mess up changing things around in the dynu website :confused:

Navigate to https://www.dynu.com/en-US/ControlPanel/DDNS then click on Edit icon then write down your IPv4 address and click Save.

Did it the dynu part.

When I run the tcpdump -v -i eth1 udp port 51810 command and try to connect I tried connecting my WG from my phone but do not get any response on the CLI with the tcpdump -v -i eth1 udp port 51810 command

On the WG peer app on my android phone under the transfer the rx shows 0 B and the tx does have a few Kib so I guess it is not making the connection

I use port 51810 instead of 51820

Try using IP address instead of hostname in the Android app.

tried change the hostname to the ip address on the android app but same result

That's weird... You should be able to see the connection attempt in tcpdump even if firewall is not configured properly.
Test this port 51810/UDP from the external web site I mentioned and see if tcpdump can catch it.

ok it started showing the tcpdump out of nowhere

tcpdump -v -i eth1 udp port 51810
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
09:46:32.473963 IP (tos 0x48, ttl 54, id 27019, offset 0, flags [DF], proto UDP (17), length 284)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 256
09:46:32.582000 IP (tos 0x0, ttl 64, id 20514, offset 0, flags [none], proto UDP (17), length 156)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 128
09:46:32.582587 IP (tos 0x0, ttl 64, id 20515, offset 0, flags [none], proto UDP (17), length 124)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 96
09:46:32.603865 IP (tos 0x48, ttl 54, id 27050, offset 0, flags [DF], proto UDP (17), length 140)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 112
09:46:32.606417 IP (tos 0x0, ttl 64, id 20516, offset 0, flags [none], proto UDP (17), length 172)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 144
09:46:32.609906 IP (tos 0x0, ttl 64, id 20517, offset 0, flags [none], proto UDP (17), length 124)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 96
09:46:32.615661 IP (tos 0x48, ttl 54, id 27053, offset 0, flags [DF], proto UDP (17), length 108)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 80
09:46:32.617765 IP (tos 0x48, ttl 54, id 27054, offset 0, flags [DF], proto UDP (17), length 108)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 80
09:46:32.633884 IP (tos 0x48, ttl 54, id 27057, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.636072 IP (tos 0x48, ttl 54, id 27058, offset 0, flags [DF], proto UDP (17), length 108)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 80
09:46:32.642889 IP (tos 0x0, ttl 64, id 20518, offset 0, flags [none], proto UDP (17), length 124)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 96
09:46:32.676961 IP (tos 0x48, ttl 54, id 27060, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.684988 IP (tos 0x48, ttl 54, id 27062, offset 0, flags [DF], proto UDP (17), length 636)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 608
09:46:32.693955 IP (tos 0x0, ttl 64, id 20521, offset 0, flags [none], proto UDP (17), length 124)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 96
09:46:32.697733 IP (tos 0x48, ttl 54, id 27065, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.700162 IP (tos 0x0, ttl 64, id 20522, offset 0, flags [none], proto UDP (17), length 172)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 144
09:46:32.722735 IP (tos 0x48, ttl 54, id 27067, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.724589 IP (tos 0x0, ttl 64, id 20523, offset 0, flags [none], proto UDP (17), length 124)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 96
09:46:32.757731 IP (tos 0x48, ttl 54, id 27069, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.760744 IP (tos 0x0, ttl 64, id 20527, offset 0, flags [none], proto UDP (17), length 1340)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 1312
09:46:32.760792 IP (tos 0x0, ttl 64, id 20528, offset 0, flags [none], proto UDP (17), length 284)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 256
09:46:32.760837 IP (tos 0x0, ttl 64, id 20529, offset 0, flags [none], proto UDP (17), length 1340)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 1312
09:46:32.762730 IP (tos 0x48, ttl 54, id 27070, offset 0, flags [DF], proto UDP (17), length 636)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 608
09:46:32.764447 IP (tos 0x0, ttl 64, id 20530, offset 0, flags [none], proto UDP (17), length 124)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 96
09:46:32.765309 IP (tos 0x0, ttl 64, id 20531, offset 0, flags [none], proto UDP (17), length 332)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 304
09:46:32.766699 IP (tos 0x0, ttl 64, id 20532, offset 0, flags [none], proto UDP (17), length 284)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 256
09:46:32.788702 IP (tos 0x48, ttl 54, id 27072, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.797759 IP (tos 0x48, ttl 54, id 27073, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.801814 IP (tos 0x48, ttl 54, id 27075, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.801815 IP (tos 0x48, ttl 54, id 27074, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.801815 IP (tos 0x48, ttl 54, id 27076, offset 0, flags [DF], proto UDP (17), length 124)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 96
09:46:32.805714 IP (tos 0x48, ttl 54, id 27077, offset 0, flags [DF], proto UDP (17), length 188)
    24.114.67.6.54208 > 38.64.XXX.XXX.51810: UDP, length 160
09:46:32.806783 IP (tos 0x0, ttl 64, id 20535, offset 0, flags [none], proto UDP (17), length 1340)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 1312
09:46:32.808030 IP (tos 0x0, ttl 64, id 20536, offset 0, flags [none], proto UDP (17), length 300)
    38.64.XXX.XXX.51810 > 24.114.67.6.54208: UDP, length 272
09:46:32.832865 IP (tos 0x48, ttl 54, id 27078, offset 0, flags [DF], proto UDP (17), length 252)

This is with the DDNS disable on the OpenWrt and manually configuring the static IP on the dynu wesite

This happens :wink: