What's new

Solved [ASK] DDNS for ISP that using private IP Address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

adzie

Occasional Visitor
Hi Expert,

just wondering is there anyway or addons that can be working for using DDNS under private IP Address from the ISP? below is simple network setup

1626722399686.png


using DDNS feature that comes in the firmware is not working, since my WAN IP Address is private IP or commonly said double NAT.

thank you in advance for all the advices.
 
It works with Asuswrt-Merlin, it detects the external IP address. With Asuswrt you have to set DDNS on the ISP router.
 
Using the "Method to retrieve WAN IP = External" option should register a public IP address with a DDNS service of your choice.

When you say it's "not working" what exactly is not working. DDNS doesn't magically forward unsolicited incoming connections through your ISP equipment.
 
Using the "Method to retrieve WAN IP = External" option should register a public IP address with a DDNS service of your choice.

When you say it's "not working" what exactly is not working. DDNS doesn't magically forward unsolicited incoming connections through your ISP equipment.
This did not work for me a few months ago. I don't know whether I had a double NAT or not, but on my Zyxel modem I had to put it in bridge mode from an SSH connection. ISP kept telling me "it should just work" but .......
 
Last edited:
Having the DDNS report the real public IP is just one part of the solution. You also need to have traffic forwarded from that public IP to your private IP. If it's a double NAT caused by your modem, then you need to forward ports in it. If it's CGNAT from your ISP, then not much you can do about it.
 
My ISP, like many smaller ones, have run out of IPv4 space and implement Carrier Grade NATing (CGNAT), so you share Public IPv4 with others. (Like Merlin said) It doesn't sound like your case but this will cause issues with port forwarding. I could see some really small ISPs go as far as offering private addresses to customers before things get better.

Some ISP will upsell a static (while they last) to get you out of the CGNAT range.

Just my $0.02.
 
Using the "Method to retrieve WAN IP = External" option should register a public IP address with a DDNS service of your choice.

When you say it's "not working" what exactly is not working. DDNS doesn't magically forward unsolicited incoming connections through your ISP equipment.

this is the syslog from the router

Code:
### DDNS Record Update ###
Jul 20 14:12:24 kernel: [Tue Jul 20 14:12:24 GMT 2021]
Jul 20 14:12:24 kernel: Getting webroot for domain='afhe.asuscomm.com'
Jul 20 14:12:25 kernel: [Tue Jul 20 14:12:25 GMT 2021] Adding txt value: xxxxxx for domain:  _acme-challenge.afhe.asuscomm.com
Jul 20 14:12:25 kernel: [Tue Jul 20 14:12:25 GMT 2021] Adding record
Jul 20 14:12:25 rc_service: service 19547:notify_rc start_ddns
Jul 20 14:12:25 custom_script: Running /jffs/scripts/service-event (args: start ddns)
Jul 20 14:12:25 start_ddns: update WWW.ASUS.COM update@asus.com, wan_unit 0
Jul 20 14:12:25 kernel: Done.
Jul 20 14:12:25 kernel: [Tue Jul 20 14:12:25 GMT 2021] Wait DDNS service ...20
Jul 20 14:12:25 inadyn[19588]: In-a-dyn version 2.8.1 -- Dynamic DNS update client.
Jul 20 14:12:26 inadyn[19588]: Update forced for alias afhe.asuscomm.com, new IP# 103.xx.xx.xx
Jul 20 14:12:27 inadyn[19588]: alias address=<103.xx.xx.xx>
Jul 20 14:12:28 inadyn[19588]: Remove old cache file /var/cache/inadyn for afhe.asuscomm.com
Jul 20 14:12:28 inadyn[19588]: Updating cache for afhe.asuscomm.com

### Certificate Update Successfull ###
Jul 20 14:12:59 kernel: Cert success.
Jul 20 14:12:59 kernel: cat: write error: Invalid argument
Jul 20 14:12:59 kernel: [Tue Jul 20 14:12:59 GMT 2021]
Jul 20 14:12:59 kernel: Your cert is in  /jffs/.le/afhe.asuscomm.com/afhe.asuscomm.com.cer
Jul 20 14:12:59 kernel: [Tue Jul 20 14:12:59 GMT 2021]
Jul 20 14:12:59 kernel: Your cert key is in  /jffs/.le/afhe.asuscomm.com/afhe.asuscomm.com.key
Jul 20 14:12:59 kernel: [Tue Jul 20 14:12:59 GMT 2021]
Jul 20 14:12:59 kernel: The intermediate CA cert is in  /jffs/.le/afhe.asuscomm.com/ca.cer
Jul 20 14:12:59 kernel: [Tue Jul 20 14:12:59 GMT 2021]
Jul 20 14:12:59 kernel: And the full chain certs is there:  /jffs/.le/afhe.asuscomm.com/fullchain.cer
Jul 20 14:12:59 kernel: [Tue Jul 20 14:12:59 GMT 2021]
Jul 20 14:12:59 kernel: Installing key to:/jffs/.le/afhe.asuscomm.com/domain.key
Jul 20 14:13:00 kernel: [Tue Jul 20 14:12:59 GMT 2021]
Jul 20 14:13:00 kernel: Installing full chain to:/jffs/.le/afhe.asuscomm.com/fullchain.pem
Jul 20 14:13:06 rc_service: le_acme 16705:notify_rc restart_httpd
Jul 20 14:13:06 custom_script: Running /jffs/scripts/service-event (args: restart httpd)
Jul 20 14:13:06 RT-AX56U: start https:8443
Jul 20 14:13:06 RT-AX56U: start httpd:80
Jul 20 14:13:06 httpd: Succeed to init SSL certificate...80
Jul 20 14:13:06 httpd: Succeed to init SSL certificate...8443

as we can see from the log it is said successful and DDNS script getting MY Public IP which is shared with many other customer also

Jul 20 14:12:26 inadyn[19588]: Update forced for alias afhe.asuscomm.com, new IP# 103.xx.xx.xx
Jul 20 14:12:27 inadyn[19588]: alias address=<103.xx.xx.xx>

the traceroute also confirming

Tracing route to afhe.asuscomm.com [103.xx.xx.xx]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms brooklyn.pahlevi.co [192.168.0.1] => AsusWRT Merlin
2 1 ms 6 ms 1 ms 192.168.1.1 => Router from ISP
3 3 ms 3 ms 3 ms 10.15.112.1 => ISP Private IP Gateway
4 3 ms 3 ms 3 ms 103.xx.xx.xx => My Public IP Address

however it is not accessible from internet. I suspect my ISP is blocking all inbound port. I was tried to setup port fwd on Router ISP (No 2) towards my AsusWRT Merlin, however is still not working

looks like My ISP is doing double or multiple NAT somewhere in between the public towards private IP Gateway hence setup port fwd from router No 2 to AsusWRT merlin is still not working.

seems need to have public IP or VPN to resolve this case
 
Having the DDNS report the real public IP is just one part of the solution. You also need to have traffic forwarded from that public IP to your private IP. If it's a double NAT caused by your modem, then you need to forward ports in it. If it's CGNAT from your ISP, then not much you can do about it.
yes correct Master Merlin... seems I need to ask my ISP to get public IP with extra cost :D :D
 
So this is not a DDNS issue. DDNS is working fine.

The 103.x.x.x address is not a private or CG-NAT address. So to forward incoming connections from the internet you need to be able to configure the "ISP router" in your diagram to forward the required ports.
 
Indeed. So this is not a DDNS issue. DDNS is working fine.

The 103.x.x.x address is not a private or CG-NAT address. So to forward incoming connections from the internet you need to be able to configure the "ISP router" in your diagram to forward the required ports.
yes sorry if my question little bit incorrect. DDNS was working fine, however the connectivity cannot reach the internet due to my device were located under private IP.

thanks a lot @ColinTaylor @RMerlin for the enlightenment ...
 
Do you have admin access to the ISP router. The solution is to either put that router into "bridge" or "passthrough" mode, or to put the WAN IP of the Asus into its DMZ.
 
Do you have admin access to the ISP router. The solution is to either put that router into "bridge" or "passthrough" mode, or to put the WAN IP of the Asus into its DMZ.
yes I have access to the router. I was looking for that but couldn't find the menu to change the operating menu.

I was trying to put my AsusWRT WAN IP which is 192.168.1.2 into the ISP Router DMZ's but still failed to reach it from Internet...

seems the only way is to get the public IP from my ISP.
 
Some ISP will upsell a static (while they last) to get you out of the CGNAT range.
Exactly. My ISP offers home customers a static public IP per 2.40eur/month.
 
Old thread I know but I just wanted to add that I couldn't find the “Method to retrieve WAN IP” under DDNS (maybe Merlin changed something in his newer firmwares?), but what solved it for me was to put my ISP modem into Bridge mode as suggested by @ColinTaylor. Now OpenVPN works again on my AX86U. Thank you 🙏

Background: I moved to a new apartment last week where the ISP apparantly uses Private WAN instead of Public WAN like my ISP at my previous place did. Private WAN made it impossible to connect to my router through OpenVPN. But now it works. I'm so happy for this forum ❤️
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top