Double NAT can be used for DDNS! Why not by a Router?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Pila

Regular Contributor
False commonn knowledge says that a Router behind double NAT can not be used for automatic DDNS. My Asus Router claims so at the DDNS config page. My modem is 192.168.0.1 and assigns via DHCP 192.168.0.100 to my router. My Router is 192.168.1.1 therefore sees WAN address as 192.168.0.100 (instead of atual public WAN address). Therefore, it can not be used maintain my DDNS address. That is the fact.

Here is another fact. My server (NAS) also made by Asus, has DDNS function. NAS is connected to the Switch, which is connected to the Router, which is connected to the modem. When I enter DDNS related pages in my NAS, it will show my real WAN IP address! When I configure it to update my DDNS address at twoDNS.de, it does so perfectly. So, my NAS takes care that my actual WAN adress, othervise visibile only to my modem, is correctly updated for DDNS! Works perfectly. Only downside is: my server check address only every 30 minutes for a change.

btw: noip does not work well and I must renew every month. twoDNS.de works perfectly and I do not have to do anything to keep up the account.

So, if my server can do it, why not my Router?
 

Cake

Senior Member
Your router can. I use NoIP. I am double NAT'd. Search the forums next time. Just about anything is possible it seems. Don't use the routers ddns stuff in the gui, instead follow these 5 easy steps.

1)Create account at dnsomatic.com (it will forward to noip)
2) edit or create script #vi /jffs/scripts/services-start (modify the chron to your liking)
Code:
#!/bin/sh

/usr/sbin/cru a ScheduledDDNS "12 1,5,9,13,17,21 * * * /jffs/scripts/up.sh"
3)chmod a+x /jffs/scripts/services-start
4)vi /jffs/scripts/up.sh
Code:
#!/bin/sh

while [ ! -n  "`ifconfig | grep tun11`" ]; do
    sleep 1
    done

    SERVICE="dnsomatic"
    USER="USERNAME"
    PASS="USERPASSWORD"
    HOST="all.dnsomatic.com"
    IP=$(wget -qO - http://icanhazip.com)

    ez-ipupdate -S $SERVICE -u $USER:$PASS -h $HOST -a $IP

    exit 0
5)chmod a+x /jffs/scripts/up.sh
6)manually run up.sh to see if it works. #sh up.sh

If your going to use the openvpn server, remember the ovpn file that the router creates will use your local ip, so replace it with your domain name. The above I got from other members postings a while back, still works great.
 

Pila

Regular Contributor
I knwo the situaqtion and what forums say. i stated it in my first sentence.

Thanks for a reply, it may help someone. As I said, my server does it perfectly for a double NAT.

I repeat: it should work by default, router should be able to pool external WAN if double NATed, it is one line of code (simplified):

if (WAN == privateIP) then {IP=
icanhazip.com; add the interval for polling}.

No need for complication like the above script. Most users can not do it that way. Most routers will not alllow you to do it that way.

People looking for a better firmware are not among "most users", even if they are beginners.
 

ColinTaylor

Part of the Furniture
@Pila I understand what you're saying but do not understand why you are complaining about it here. Not only is this not an official ASUS forum, it is not even the official ASUS firmware. It would seem to make more sense if you were to address your comments to the official ASUS support site.
 

RMerlin

Asuswrt-Merlin dev
It doesn't work simply because the router uses the WAN interface IP rather than rely on an external check. This is due to how it was designed and implemented by Asus. This method has both drawbacks and advantages. One advantage is that this way, it can decide which WAN IP to use when in a dual WAN situation, rather than rely on random routing.
 

sanke1

Senior Member
Does any of this stuff work in the middle of 2021 ?

I have no-ip subscription and I am having a real hard time to get around my ISP's CG-NAT to access my PC's remote desktop from outside WAN. Tailscale and other UDP hole punching VPN based services work but not at optimum speed.
 

ColinTaylor

Part of the Furniture
Does any of this stuff work in the middle of 2021 ?.
DDNS works fine now in Merlin's firmware because it has an option to detect the real external IP address rather than the NATed address.

CGNAT and/or VPNs is a completely different issue and unrelated to this thread.
 
Last edited:

itpp20

Regular Contributor
to get around my ISP's CG-NAT to access my PC's remote desktop from outside WAN.
With CG-NAT you can't get anything working directly as the real WAN address is shared among ISP customers, hence port forwarding won't work. In such cases ipv6 would work if ISP's have that service or deploy some service in the middle where both endpoints can connect to, ea. reserve ssh.
For DDNS on double NAT this works http://freedns.afraid.org/ fine.
 

sanke1

Senior Member
DDNS works fine now in Merlin's firmware because it has an option to detect the real external IP address rather than the NATed address.

CGNAT and/or VPNs is a completely different issue and unrelated to this tread.
Tried using the external option. I used No-IP, Asus DDNS and while Asus DDNS was able to successfully get a Let's Encrypted certificate and Router's GUI told me that it is possible to access router from outside WAN using my registered DDNS address, it still refused to work.

No-IP outright failed to work.
 

octopus

Very Senior Member
With CG-NAT it is NEVER going to work (remote WAN access).
Only if you can ask provider if he can open some ports for you.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top