bgvaughan
Occasional Visitor
I've been trying to get OpenVPN working, and I've run into a few issues. One is that there seems to be an interaction between DDNS and OpenVPN, and DDNS doesn't quite work for my configuration. I hope what I describe below is clear, as I'm describing an interaction between different problems.
I've been using Hurricane Electric's free DNS service, which now allows DDNS. The menu for DDNS on the RT-N66U includes a listing for www.tunnelbroker.net, which is the domain name for a different, related service offered by Hurricane Electric. Despite entering the correct information, DDNS fails to update. Note that the log shows that ddns tried to contact ipv4.tunnelbroker.net:
However, from Hurricane Electric's instructions, the host for DDNS is, is dyn.dns.he.net, which resolves to 184.105.242.3 and 2001:470:0:193::3000.
I normally use a script in /etc/cron.daily to update Hurricane Electric's dynamic DNS service, and the domain name I use for my router correctly resolves, as I can confirm with my ISP's DNS, and with public DNS, such as Google's at 8.8.8.8.
Despite failing to connect to Hurricane Electric's service, the Network Map page for the RT-N66U shows my domain name when I have DDNS enabled on the WAN - DDNS page, and a link to that page when it is disabled.
When configuring OpenVPN, I found that, on a client device:
If I entered the domain name for my router, and DDNS was disabled on my router, the client would quickly fail to connect;
If I entered the domain name for my router, and DDNS was enabled on my router, the client would begin negotiations, and fail to connect after about a minute;
If I entered the current IP address for my router, the client would begin negotiations, and fail to connect after about a minute.
This was puzzling because, on the one hand, DDNS on the router was failing to connect to Hurricane Electric's DDNS server; and on the other hand, my router's domain name was resolvable.
The instructions for Hurricane Electric's dynamic DNS can be read at https://dns.he.net/ (but only if you're not logged in to your HE account, confusingly). Here's an excerpt:
I've been using Hurricane Electric's free DNS service, which now allows DDNS. The menu for DDNS on the RT-N66U includes a listing for www.tunnelbroker.net, which is the domain name for a different, related service offered by Hurricane Electric. Despite entering the correct information, DDNS fails to update. Note that the log shows that ddns tried to contact ipv4.tunnelbroker.net:
[noparse]Sep 21 17:57:48 notify_rc : restart_ddns
Sep 21 17:57:48 ddns: clear ddns cache file for server setting change
Sep 21 17:57:48 ddns update: connected to ipv4.tunnelbroker.net (64.62.200.2) on port 80.
Sep 21 17:57:48 ddns update: bad request: Invalid API key or password[/noparse]
Sep 21 17:57:48 ddns: clear ddns cache file for server setting change
Sep 21 17:57:48 ddns update: connected to ipv4.tunnelbroker.net (64.62.200.2) on port 80.
Sep 21 17:57:48 ddns update: bad request: Invalid API key or password[/noparse]
However, from Hurricane Electric's instructions, the host for DDNS is, is dyn.dns.he.net, which resolves to 184.105.242.3 and 2001:470:0:193::3000.
I normally use a script in /etc/cron.daily to update Hurricane Electric's dynamic DNS service, and the domain name I use for my router correctly resolves, as I can confirm with my ISP's DNS, and with public DNS, such as Google's at 8.8.8.8.
Despite failing to connect to Hurricane Electric's service, the Network Map page for the RT-N66U shows my domain name when I have DDNS enabled on the WAN - DDNS page, and a link to that page when it is disabled.
When configuring OpenVPN, I found that, on a client device:
If I entered the domain name for my router, and DDNS was disabled on my router, the client would quickly fail to connect;
If I entered the domain name for my router, and DDNS was enabled on my router, the client would begin negotiations, and fail to connect after about a minute;
If I entered the current IP address for my router, the client would begin negotiations, and fail to connect after about a minute.
This was puzzling because, on the one hand, DDNS on the router was failing to connect to Hurricane Electric's DDNS server; and on the other hand, my router's domain name was resolvable.
The instructions for Hurricane Electric's dynamic DNS can be read at https://dns.he.net/ (but only if you're not logged in to your HE account, confusingly). Here's an excerpt:
Here are a few examples to get you started
[noparse]http://[your domain name]:[your password]@dyn.dns.he.net/nic/update?hostname=[your domain name]
Autodetect my IPv4/IPv6 address:
% curl -4 "http://dyn.example.comassword@dyn.dns.he.net/nic/update?hostname=dyn.example.com"
% curl -6 "http://dyn.example.comassword@dyn.dns.he.net/nic/update?hostname=dyn.example.com"
Specify my IPv4/IPv6 address:
% curl "http://dyn.example.comassword@dyn.dns.he.net/nic/update?hostname=dyn.example.com&myip=192.168.0.1"
% curl "http://dyn.example.comassword@dyn.dns.he.net/nic/update?hostname=dyn.example.com&myip=2001:db8:beef:cafe::1"[/noparse]
Here are a couple more examples that allow sending the password in the URL
[noparse]Note: The username is also the hostname. The password is sent using 'password='. This skips HTTP basic auth.
Authentication and Updating using GET
% curl "https://dyn.dns.he.net/nic/update?hostname=dyn.example.com&password=password&myip=192.168.0.1"
% curl "https://dyn.dns.he.net/nic/update?hostname=dyn.example.com&password=password&myip=2001:db8:beef:cafe::1"
Authentication and Updating using a POST
% curl "https://dyn.dns.he.net/nic/update" -d "hostname=dyn.example.com" -d "password=password" -d "myip=192.168.0.1"
% curl "https://dyn.dns.he.net/nic/update" -d "hostname=dyn.example.com" -d "password=password" -d "myip=2001:db8:beef:cafe::1"[/noparse]