1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Best way to do DDNS updates when behind another (DSL) router?

Discussion in 'Asuswrt-Merlin' started by iliyan, Feb 28, 2015.

  1. iliyan

    iliyan New Around Here

    Joined:
    Feb 28, 2015
    Messages:
    5
    Hi,

    My new awesome Asus RT-AC68U router, running Merlin 378.50, sits behind a DSL router. The DSL router is from Sky and only supports DynDNS as a DDNS service. So I must use the Asus router to do custom DDNS updates.

    I want to use afraid.org as a DNS host, so this means writing a ddns-start script. I couldn't find much info about this script in README-merlin.txt and on the Wiki, but my assumption is that it is scalled whenever the WAN IP changes. But since the Asus router is behind another one, its WAN IP is a static 192.168.0.2 address, i.e. my not real internet address (Asuswrt even warns me about this). So it seems that I can't take advantage of this machinery.

    My guess is that the next best way to do my custom dynamic DNS updates is via a cron job. Am I right? If so, what's the best reading resource to help me set this up and make it persistent when rebooting the router? Or is there an easier way?

    Thanks much in advance. I love my new Asus router and Merlin :)
     
    Last edited: Feb 28, 2015
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Nullity

    Nullity Very Senior Member

    Joined:
    Jul 17, 2014
    Messages:
    1,640
    Location:
    Appalachia
  4. iliyan

    iliyan New Around Here

    Joined:
    Feb 28, 2015
    Messages:
    5
    Thanks for your reply!

    I'm not that much concerned about obtaining the external IP. I know this can be done in many ways. I'm more concerned about *when* the DDNS record will be updated. This should ideally happen when the external IP changes, but in my case the DSL router is responsible for that. So I dint't expect the Asu router to get notified when this occurs. The only solution I can thus think of is to check for external IP changes periodically. And I wonder what the best way to do this is.


    Sent from my iPhone using Tapatalk
     
  5. Nullity

    Nullity Very Senior Member

    Joined:
    Jul 17, 2014
    Messages:
    1,640
    Location:
    Appalachia
    Are you running the RT-AC68U as a router or an Access Point?

    Running a router behind a router (double NAT) is usually a bad idea.
     
  6. Nullity

    Nullity Very Senior Member

    Joined:
    Jul 17, 2014
    Messages:
    1,640
    Location:
    Appalachia
    Ah... cron seems like the only way then.

    Unless you put your DSL router into bridge mode and let the Asus do the PPP authentication and routing. Then it will know when the WAN/DSL status changes.
     
  7. iliyan

    iliyan New Around Here

    Joined:
    Feb 28, 2015
    Messages:
    5

    Well, I'm no networking expert, so forgive my ignorance in the terminology. I need to use DSL router, obviously, because that's how I get my internet connection. But I've connected the Asus router to the DSL one via a cable and have assigned a static IP internal to it and set forwarding for all ports. All my devices are connected to the Asus router.


    Oh, that bridge mode sounds interesting! Any idea for a nice tutorial how to do this? I guess it depends on the DSL router, but some settings should also be tweaked on the Asus side?

    By the way, my (shitty) DSL router is from Sky (UK).
     
    Last edited: Feb 28, 2015
  8. Nullity

    Nullity Very Senior Member

    Joined:
    Jul 17, 2014
    Messages:
    1,640
    Location:
    Appalachia
    Yes, you need your DSL modem but you do not need to use it's router capabilities if yuou have your own router.


    In the Adminitration tab you will find an Operation Mode tab. With your current setup you should be using AP mode. Read about it before switching though.



    Lol. What a coincidence, my ISP is shitty too! (though, they are definitely improving)


    Bridge-mode can be tricky to trouble-shoot, if it does not work. I downloaded the manual for my ADSL modem and followed the directions. In my case, the easiest method was to find the QuickBridge button in the modem's GUI. DSLReports.com's forums are a great resource.



    My point is that you do not need 2 routers. It would be best if you disabled the routing capabilities in one of the devices, either by bridging the modem or by configuring the RT-AC68U as an AP.
     
  9. Cake

    Cake Senior Member

    Joined:
    Jun 20, 2014
    Messages:
    249
    Here is what I am using if you decide or can not get bridge to work,

    Files in the /jffs/scripts folder:

    services-start
    Code:
    #!/bin/sh
    
    /usr/sbin/cru a ScheduledReboot "0 7 * * * reboot"
    /usr/sbin/cru a ScheduledDDNS "5 1,3,5,7,9,11,13,15,17,19,21,23 * * * /jffs/scripts/up.sh"
    
    
    up.sh
    Code:
    #!/bin/sh
    
    while [ ! -n  "`ifconfig | grep tun11`" ]; do
        sleep 1
        done
    
        SERVICE="dnsomatic"
        USER="username"
        PASS="password"
        HOST="all.dnsomatic.com"
        IP=$(wget -qO - http://icanhazip.com)
    
        ez-ipupdate -S $SERVICE -u $USER:$PASS -h $HOST -a $IP
    
        exit 0
    
    This works for me, gets my wan ip, updates noip, runs every 2 hours regardless if I am using the vpn or not. I know there is a easier way to simplfy the chron job then how I did it. lol As you can see I also have my router set to reboot everyday @7. You may want to del that line. ps don't forget to chmod the scripts like me.

    edit:fixed typo in code /jffs/scipts/up.sh to /jffs/scripts/up.sh
     
    Last edited: Mar 12, 2015
  10. iliyan

    iliyan New Around Here

    Joined:
    Feb 28, 2015
    Messages:
    5
    Thanks for all the helpful replies, guys!

    I ended up creating a cron job that updates the DDNS records every hour. I use afraid.org which provides you with a simple URL that you just need to access and it automatically get the IP from the request and updates the host.

    @Cake, I see you've added the "cru" commands in an init-start script, which according to the doc is executed "right after jffs is mounted, before any of the services get started". It works fine (rebotted the router to test), but I wonder if your approach with "services-start" is better.
     
  11. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,433
    Location:
    Canada
    Updating every hour will most likely result in the DDNS provider banning your account. You should check if the IP has changed before forcing an update.
     
  12. iliyan

    iliyan New Around Here

    Joined:
    Feb 28, 2015
    Messages:
    5
    Good point, Merlin! I thought about this but went the lazy way. I now realize that it'd be much more efficient to store the external IP in a shell variable, check every 10 min or so if it's changed, and only then performing the DDNS update if necessary.
     
  13. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,433
    Location:
    Canada
    Correct. Or, you can store it in a temporary nvram value if you want it to be available between each cron run of your script. Just don't do a "commit" to ensure it only gets written to the RAM copy of nvram rather than have the flash overwritten every time. Use something like "wan_last_ip" as a variable name.
     
  14. Cake

    Cake Senior Member

    Joined:
    Jun 20, 2014
    Messages:
    249
    I would like to do as RMerlin suggests, I just don't know how. I am good with functions in spreadsheets, so maybe I will take some time one of these days; learn scripting for linux. In light of the every hour is too much I will change mine to update 4 times a day then. I did try to use the new ddns-update script in jffs folder, but my log was filling up fast with stuff related to it, so I went back to old faithful rather then spend half a day troubleshooting. Thank you RMerlin for all your time making the firmware better. Salute
     
  15. 18days

    18days New Around Here

    Joined:
    May 20, 2014
    Messages:
    5
    I have the same set up. I am using my rt-ac68u behind a huawei 4g router.
    Currently i have a dmz forwarding all my traffic from router 1 which is connected to the wan going through to my rt-ac68u.

    It works, but not great. I also have the ip address problem noted above, but luckily i have a sticky ip, so its not the end of the world.

    I can not get my NEST thermostat to work correctly. I am wondering if i set up a cron job it would resolve some of my issues.

    Is anyone able to advise or give me a link so that i can set my router up like what has been done in log 8 above. I have a dnsomatic account, so i think it is just the cron that needs doing.

    If i telnet into my router, this is the output i have.


    ASUSWRT-Merlin RT-AC68U_3.0.0.4 Sat Dec 27 18:21:23 UTC 2014

    [email protected]:/tmp/home/root#
     
  16. Cake

    Cake Senior Member

    Joined:
    Jun 20, 2014
    Messages:
    249
    hmmm, Is the Ethernet wire coming from your huawei router plugged into the wan port of your Asus router? I am just asking because I haven't needed to use dmz at all, I am double NAT'd as well. I could post you a example/screen shot of the settings in my wan section. To be honest reading on the internet everybody says its bad idea, but I like it a little, a bit more security I think.

    To use scripts, you need to log into your router (Asus) go into the Administration, then system tab of your Asus router, and put everything under the jffs section to yes. Then reboot your router.

    When you telnet into your router like you mentioned type:
    cd /jffs/scripts

    Then type:
    vi services-start
    Hit the insert key and paste from example you find, you may wish to modify it to meet your needs, also I had to google vi to figure out how it works. When finished hit escape key, then type: :x (hit enter)
    Do the same for up.sh
    vi up.sh
    Press insert key and paste contents. Don't use windows text editor unless its notepad++ or similar.
    When your finished, and still in telnet or putty (ssh) type: chmod a+rx /jffs/scripts/*
    Also make sure to your script starts with shebang aka:
    #!/bin/sh

    I am a newbie, I hope this helps you. I should have thrown windows out along time ago, and stuck with linux. Wish i was more proficient.
     
  17. oversim

    oversim Regular Contributor

    Joined:
    Aug 1, 2013
    Messages:
    136
    And what about asus ddns provider? :)
     
  18. RogueSpear

    RogueSpear Occasional Visitor

    Joined:
    Aug 4, 2008
    Messages:
    31
    Location:
    Buffalo, NY
    After enough screwing around, I finally just configured DynDNS updating on an old Linksys WRT610N running DD-WRT. For some reason DD-WRT is smart enough to obtain your public IP, while Asus can't seem to figure that one out. Another option would be to use an old Android phone without a contract. Servers Ultimate has a DDNS updater client that works through a double NAT just fine. I'm sure there are countless other apps that do as well. I'm not entirely certain why it's a bad idea to be double NAT, except for performance issues perhaps, but I can tell you that some folks have little choice in the matter. I have Verizon Fios and their lousy ActionTech doesn't allow bridge mode. Additionally, the DDNS updater in that doorstop doesn't work with DynDNS anymore (as of maybe 18 months ago). I think Dyn made some kind of change and Verizon/ActionTech didn't see fit to update their DDNS routine.
     
  19. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    1,530
    FIOS did break DynDNS but there is a fix for it. I got it working again on my Actiontec. Unfortunately I don't remember what I had to do. If I can find the details again I will post them.

    Also also being on FIOS I have run double NATed behind the Actiontec using my ASUS and have run my ASUS as the only router and didn't see any change in performance.

    I am running Tomato on my ASUS router which is currently double NATed and Tomat0 has the feature allowing my ASUS to pull the actual WAN public IP.
     
  20. Hello World

    Hello World Occasional Visitor

    Joined:
    Jul 18, 2014
    Messages:
    29
    Hi Merlin, is there a templated script that you can offer up? I'm a script idiot, so whatever you can give us that will automatically check for an ip change would be appreciated. Thanks
     
  21. buddyp

    buddyp Occasional Visitor

    Joined:
    Jan 6, 2015
    Messages:
    38
    Location:
    Washington DC
    This script is for Google DNS. Most of them are similar. Change the Google URL to the URL for your DDNS service. It also assumes you have entware (or entware-ng) installed for the root certs so SSL works. If you don't have the root certs installed and don't want to, you can add --no-check-certificate to the wget command to connect to your provider insecurely.

    Create a file called /jffs/scripts/dns-update.sh with this in it. Chmod it 700. Add it to cron with this command "cru a dnsupdate 0 * * * * /jffs/scripts/dns-update-ip.sh"

    Code:
    #!/bin/sh
    
    /usr/bin/logger -t $(basename $0) "started [[email protected]]"
    
    # Define these variables for your system
    username=YOUR USERNAME
    password=YOUR PASSWORD
    hostname=YOUR DOMAIN NAME
    
    # Define path to certs so HTTPS works in wget
    # Certificates are installed using 'opkg install ca-certificates'
    export SSL_CERT_DIR=/opt/etc/ssl/certs
    
    # Get our public IP address from ICanHazIP.com
    # Force use of IPv4 since IPv6 might be broken
    ip=`wget -4 -q http://icanhazip.com -O -`
    
    # Compare IP address in DNS to current one
    dns_ip=`nslookup $hostname 8.8.8.8|grep ^Address|grep -v 8.8.8.8|grep -v ::1|awk -F: '{print $2}'|awk '{print $1}'`
    if [ "$dns_ip" = "$ip" ]; then
        /usr/bin/logger -t $(basename $0) "completed, no change [[email protected]]"
        exit 0
    fi
    
    # Make sure we use SSL enabled wget
    # the wget in the flash has ssl now (hmmm...) so no need for this anymore
    #wget=/opt/bin/wget
    wget=/usr/sbin/wget
    
    # Register our new IPv4 address with Google
    # Force use of IPv4 since we know for sure IPv6 tunnel is broken now
    $wget -4 -q "https://$username:[email protected]/nic/update?hostname=$hostname&ip=$ip" -O /tmp/g.log
    
    /usr/bin/logger -t $(basename $0) "Updated IP to $ip [[email protected]]"
    
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!