DDNS does not match with WAN IP - Instant Guard no longer wants to connect

[fanasus]

hello,
I don’t know why, it worked and now it doesn’t! First it appeared from another phone (registered guest), with as the message: "connection failed please try again". and now it’s on my phone

- here is an extract of the historical of Instant Guard:
Jul 9 18:26:30 00[DMN] Starting IKE charon daemon (strongSwan 5.9.8, Linux 4.19.183, aarch64)
Jul 9 18:26:30 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Jul 9 18:26:30 00[NET] installing IKE bypass policy failed
Jul 9 18:26:30 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Jul 9 18:26:30 00[NET] installing IKE bypass policy failed
Jul 9 18:26:30 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Jul 9 18:26:30 00[NET] installing IKE bypass policy failed
Jul 9 18:26:30 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Jul 9 18:26:30 00[NET] installing IKE bypass policy failed
Jul 9 18:26:30 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jul 9 18:26:30 00[CFG] loaded ca certificate "C=TW, O=ASUS, CN=ASUS RT-AX88U-Pro Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Jul 9 18:26:30 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jul 9 18:26:30 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jul 9 18:26:30 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jul 9 18:26:30 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jul 9 18:26:30 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jul 9 18:26:30 00[CFG] loaded IKE secret for %any

thanks !

 

[bbunge]

Does your DDNS work? I have had issues on recent firmware that the DDNS does not renew when the WAN address changes.

 

[fanasus]

Hello,
I guess so! I have a "no-ip" DDNS. I see that when I am on the site of my DDNS, the IP is not the same as the one that appears in "WAN IP" on my router (and there is an orange symbol, and sometimes it is green)

 

[bbunge]

Hello,
I guess so! I have a "no-ip" DDNS. I see that when I am on the site of my DDNS, the IP is not the same as the one that appears in "WAN IP" on my router (and there is an orange symbol, and sometimes it is green)

I have the same problem with no-ip and Asuscomm DDNS. I went back to a prior firmware version and the DDNS worked.
For now the work around is to "Apply" the DDNS settings or restart the router. I have reported the issue to Asus.

 

[fanasus]

I have the same problem with no-ip and Asuscomm DDNS. I went back to a prior firmware version and the DDNS worked.
For now the work around is to "Apply" the DDNS settings or restart the router. I have reported the issue to Asus.

I also tested with ASUS DDNS, same! but i am on "Asuswrt-Merlin 388.3_0"

 

[bbunge]

I discovered a setting in the WAN/DDNS that may be a "fix" for the DDNS failure when the WAN IP address fails.

WAN IP and hostname verification

For some reason I do not remember this setting. At least I have not used it before.

This is from the Asus firmware for my AX86U Pro but my guess is other routers have it, too.

 

[Clark Griswald]

AFAIK Only been using, since testing stages of latest RMerlin FW, and "verification" has always been there. I have not experienced any issues with disconnects or failing to update WAN IP, also using no-ip.

 

[fanasus]

I discovered a setting in the WAN/DDNS that may be a "fix" for the DDNS failure when the WAN IP address fails.

WAN IP and hostname verification

View attachment 51746

For some reason I do not remember this setting. At least I have not used it before.

This is from the Asus firmware for my AX86U Pro but my guess is other routers have it, too.

Hello, I had seen this option, and had activated it, but I don’t know if it made a difference anymore! but (i don't remenber). but I checked the option ".. certificate let'encrypt" (actually I don’t know if it’s mandatory, and best of enabled)

 

[bbunge]

Hello, I had seen this option, and had activated it, but I don’t know if it made a difference anymore! but (i don't remenber). but I checked the option ".. certificate let'encrypt" (actually I don’t know if it’s mandatory, and best of enabled)

Let's Encrypt is not mandatory on the router. I do have Lets Encrypt active on my web server running my security cam system and that is working OK.

As for the WAN IP and hostname verification, it appears to be working. I changed a router setting this morning that restarted the WAN and my router was assigned a new IP address. I checked a bit later and the new IP was registered to my domain name.

 

[fanasus]

Let's Encrypt is not mandatory on the router. I do have active on my web server running my security cam system and that is working OK.

As for the , it appears to be working. I changed a router setting this morning that restarted the WAN and my router was assigned a new IP address. I checked a bit later and the new IP was registered to my domain name.

hello, at "NO-IP", my DDNS was marked "in redemption", not understanding exactly what that means, so I switched too "freedns.afraid.org", !! but I’m not sure I registered my DDNS correctly, I chose the "subdomain" option!?
Nb: and I checked the options ""certificat lets encrypt" and "verification hote and Wan"
thanks