OpenWrt Forum Archive

Topic: DDNS through VPN tunnel

The content of this topic has been archived on 1 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

How can I access my computer through DDNS when my IP is hidden by a VPN service?

I want the DDNS to resolve to the "anonymous" IP provided by the VPN server and not the actual (dynamic) IP of my modem router.

How would this be typically configured/implemented in technical terms?

Following are the details of my setup.

  • Modem router connected to the internet.

  • GL-AR300M smart router connected through the WAN port to the modem router. It runs an OpenVPN client connected to the tigerVPN service in order to hide my actual location and (dynamic) IP. It also runs a DDNS client which updates a service with the dynamic IP info. The DDNS name is (say) my-computer.no-ip.com. The firmware is OpenWrt.

  • My computer is connected to the LAN port of the GL-AR300M. I have configured the GL-AR300M to forward incoming traffic on port 2000 from WAN interface to my computer. I can also configure the modem router to forward incoming traffic on port 2000 to the WAN interface of the GL-AR300M.

I want to be able to access my computer from the internet by hitting my-computer.no-ip.com:2000. The my-computer.no-ip.com should be associated with the "anonymous" IP assigned by the VPN server and not the public IP of my modem router. I presume this would require some configuration on the side of the VPN server. OpenVPN is the current tunneling implementation but IPSec is also an option. The VPN server would have to be configured in a way so that it forwards incoming traffic for my "anonymous" IP on specific port to the other end of the tunnel, which is my smart router GL-AR300M. Is that correct? What's the typical setup in this case? Also, is there any documentation I could find for this use case?

First you hide your IP and now you want your hidden IP make public via DDNS !?

Have you tried to configure ddns-scripts to detect your IP using 'option ip_url'.
This should give you back the IP when you "leave" the VPN tunnel.

I was wandering whether you could get some benefits of both, with a bit of compromise: being able to access your computer from the internet via DDNS, and at the same time hiding the actual geographical location of it. For example, my computer is located in Berlin but the DDNS resolves to a London-based IP.

Is this a very unusual thing to do? Is that because of the technical difficulties to implement it or is it because there's no much value in doing it?

I haven't tried to configure the ddns-scripts yet because I firstly need to find out whether the whole solution is possible. I can manually detect the IP when I "leave" the VPN tunnel, using a tool like ip-lookup.net/. The problem is that when I try connecting to <the above IP> at port 2000 I get connection refused error instead of my smart router's response (which I explained in the original post why).

Did you check with your tunnel provider, if it's a two way tunnel ? So connections are allowed from outside in ?
Is your address at tunnel end out of "Dedicated space for carrier grade NAT deployments" 100.64.0.0/10 (RFC 6598)?
If it's not a 2-way tunnel and/or your address is out of 100.64/10 there is no way into your router through the tunnel.

That's a very good point.

I haven't looked into it further as I ended up separating the traffic of my public server from the traffic of my desktop computer.

This way, the traffic of my desktop computer, which does not require DDNS, is tunneled, while the traffic of my public server, which requires DDNS, is not tunneled.

This works for me for the time being.

Note that my original question did not include details of my use case (desktop/server) because I wanted to keep it shorter.

The discussion might have continued from here.