Double NAT custom DDNS script

[Steffe]

Double NAT custom DDNS script

I have made a double NAT custom DDNS script for asus router (and possibly others as well) working for DDNS provider NOIP. The issues with double NAT is that our asus router does not report the external IP, only the ip reported for the WAN interface. For that reason it is necessary to perform a lookup on an external site (http://icanhazip.com/ and http://ipv4.myip.dk for backup).
Other examples of this script might be found here https://github.com/RMerl/asuswrt-merlin/wiki/Custom-DDNS, but a couple of users contacted me for help, and that is why I post my script and how to use it here. Also, supporting and adding features is easier through posts the forum. The script is free for use and feel free to implement modifications. I was also asked to add a donation link, which can be found on my profile - thank you very much.

Finally, I would like to give @Tanner Harman a huge thanks for his extensive testing and @Pila for great ideas.

Features:

• External IP lookup
• Only perform DDNS update if external IP has changed
• Automatically detect Carrier grade NAT(https://en.wikipedia.org/wiki/Carrier-grade_NAT) and perform external lookup
• Logging to Asus log, or logfile
• Custom update rate, i.e. possible check if external IP has changed each 10 mins instead for daily.

A typical example of the Asus log:

Aug 24 20:11:31 custom script: Running /jffs/scripts/ddns-start (args: 123.123.123.123)
Aug 24 20:11:31 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Aug 24 20:11:31 admin: CustomUpdateDDNS: Reported asus router ip: 123.123.123.123
Aug 24 20:11:31 admin: CustomUpdateDDNS: External ip detected
Aug 24 20:11:31 admin: CustomUpdateDDNS: (nochange) External IP address is current: 123.123.123.123
Aug 24 20:11:31 admin: CustomUpdateDDNS: Update not needed
Aug 24 20:11:32 ddns: Completed custom ddns update
Aug 24 20:11:32 admin: CustomUpdateDDNS: DDNS update complete

How to use:

1. Remember to enable custom scripts (https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts)
2. Add the script below to /jffs/scripts/ddns-start and make it executable chmod +x ddns-start
3. Enable the custom script in the DDNS setting i asus webui.

Change log:

Version 2.4: First public release

Script:

Find it at https://github.com/Meliox/Utils/blob/master/ddns-start/ddns-start

 

[Tanner Harman]

This Script really amazing. Works like a charm and I was able to use Merlin instead of ddwrt because of it! Thanks @Steffe!

 

[tangsten]

Many thanks, works beautifully so far. Will continue to test.

Jul 31 19:00:20 custom script: Running /jffs/scripts/ddns-start (args: 10.0.1.127)
Jul 31 19:00:20 netadmin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Jul 31 19:00:20 netadmin: CustomUpdateDDNS: Reported asus router ip: 10.0.1.127
Jul 31 19:00:20 netadmin: CustomUpdateDDNS: Local ip detected
Jul 31 19:00:21 netadmin: CustomUpdateDDNS: Found external ip: 45.28.131.183
Jul 31 19:00:21 netadmin: CustomUpdateDDNS: (nochange) External IP address is current: 45.28.131.183
Jul 31 19:00:21 netadmin: CustomUpdateDDNS: Update not needed
Jul 31 19:00:21 ddns: Completed custom ddns update
Jul 31 19:00:21 netadmin: CustomUpdateDDNS: DDNS update complete


/* with custom update rate*/
Jul 31 19:00:20 custom script: Running /jffs/scripts/ddns-start (args: 10.0.1.127)
Jul 31 19:00:20 netadmin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Jul 31 19:00:20 netadmin: CustomUpdateDDNS has been added to cron (x 10 mins)
Jul 31 19:00:20 netadmin: CustomUpdateDDNS: Reported asus router ip: 10.0.1.127
Jul 31 19:00:20 netadmin: CustomUpdateDDNS: Local ip detected
Jul 31 19:00:21 netadmin: CustomUpdateDDNS: Found external ip: 45.28.131.183
Jul 31 19:00:21 netadmin: CustomUpdateDDNS: (nochange) External IP address is current: 45.28.131.183
Jul 31 19:00:21 netadmin: CustomUpdateDDNS: Update not needed
Jul 31 19:00:21 ddns: Completed custom ddns update
Jul 31 19:00:21 netadmin: CustomUpdateDDNS: DDNS update complete
.
.
.
Sep 10 23:10:01 crond[421]: crond: USER netadmin pid 863 cmd /jffs/scripts/ddns-start
Sep 10 23:10:02 netadmin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Sep 10 23:10:02 netadmin: CustomUpdateDDNS: Reported asus router ip: 10.0.1.127
Sep 10 23:10:02 netadmin: CustomUpdateDDNS: Local ip detected
Sep 10 23:10:02 netadmin: CustomUpdateDDNS: Found external ip: 45.28.131.183
Sep 10 23:10:02 netadmin: CustomUpdateDDNS: (nochange) External IP address is current: 45.28.131.183
Sep 10 23:10:02 netadmin: CustomUpdateDDNS: Update not needed
Sep 10 23:10:02 ddns: Completed custom ddns update
Sep 10 23:10:02 netadmin: CustomUpdateDDNS: DDNS update complete

 

[tomsk]

if i use this script with my VPN client running then icanhazip.com will natrually report back the VPN providers server IP. If i am running a VPN server then i want the DDNS to direct to the IP given by my ISP, otherwise i am running a tunnel through another tunnel. Can we modify this script to handle that?

 

[maurer]

if i use this script with my VPN client running then icanhazip.com will natrually report back the VPN providers server IP. If i am running a VPN server then i want the DDNS to direct to the IP given by my ISP, otherwise i am running a tunnel through another tunnel. Can we modify this script to handle that?

it's very simple - just replace:

curl -s http://icanhazip.com/

and

curl -s http://ipv4.myip.dk/api/info/IPv4Address

with:

curl -s --interface ppp0 http://icanhazip.com/
curl -s --interface ppp0 http://ipv4.myip.dk/api/info/IPv4Address

just replace ppp0 with the name of your wan interface (wan0, eth1...etc)

 

[tomsk]

How do i determine my wan interface? i plugged the values into the script as you suggested using wan0 as the name of the interface, but the website still returns the VPN IP

 

[Steffe]

Try ifconfig and post the content here.

 

[tomsk]

Try ifconfig and post the content here.

br0        Link encap:Ethernet  HWaddr   
           inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:2288765 errors:0 dropped:0 overruns:0 frame:0
           TX packets:27708187 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:277136750 (264.2 MiB)  TX bytes:35655008282 (33.2 GiB)

br0:pixelserv Link encap:Ethernet  HWaddr 
           inet addr:192.168.2.3  Bcast:192.168.2.255  Mask:255.255.255.0
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1

eth0       Link encap:Ethernet  HWaddr   
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:36607815 errors:0 dropped:0 overruns:0 frame:0
           TX packets:33467746 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:2921165839 (2.7 GiB)  TX bytes:2029812631 (1.8 GiB)
           Interrupt:181 Base address:0x6000

eth1       Link encap:Ethernet  HWaddr   
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:6069087 errors:1 dropped:0 overruns:0 frame:9064032
           TX packets:7829789 errors:22 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:1141371455 (1.0 GiB)  TX bytes:578372747 (551.5 MiB)
           Interrupt:163

eth2       Link encap:Ethernet  HWaddr   
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:2159357 errors:0 dropped:0 overruns:0 frame:2134179
           TX packets:2727552 errors:72 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:322432468 (307.4 MiB)  TX bytes:2309526927 (2.1 GiB)
           Interrupt:169

lo         Link encap:Local Loopback 
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:354768 errors:0 dropped:0 overruns:0 frame:0
           TX packets:354768 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:88899700 (84.7 MiB)  TX bytes:88899700 (84.7 MiB)

ppp5       Link encap:Point-to-Point Protocol 
           inet addr:10.0.0.21  P-t-P:10.0.0.1  Mask:255.255.255.255
           UP POINTOPOINT RUNNING MULTICAST  MTU:1400  Metric:1
           RX packets:10740331 errors:0 dropped:0 overruns:0 frame:0
           TX packets:6467460 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:1153164291 (1.0 GiB)  TX bytes:1194250389 (1.1 GiB)

vlan1      Link encap:Ethernet  HWaddr   
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:9082516 errors:0 dropped:0 overruns:0 frame:0
           TX packets:15131347 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:696774154 (664.4 MiB)  TX bytes:20617460750 (19.2 GiB)

vlan2      Link encap:Ethernet  HWaddr   
           inet addr:192.168.1.150  Bcast:192.168.1.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:52900444 errors:0 dropped:0 overruns:0 frame:0
           TX packets:18336442 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:70532063835 (65.6 GiB)  TX bytes:2203088419 (2.0 GiB)

Her you go

 

[Steffe]

Try curl with br0. Or one of the other listed here.

 

[maurer]

no , it's "vlan2" - that's your wan interface

curl -s --interface vlan2 http://icanhazip.com/
curl -s --interface vlan2 http://ipv4.myip.dk/api/info/IPv4Address

 

[tomsk]

Thanks Maurer...i guess you see its the wan interface because the ifconfig showed
inet addr:192.168.1.150 Bcast:192.168.1.255 which is the main routers subnet.
I tried --interface vlan2 in the script but i get an error with

Sep 17 20:42:48 custom script: Running /jffs/scripts/ddns-start (args: 192.168.1.150)
Sep 17 20:42:48 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Sep 17 20:42:48 admin: CustomUpdateDDNS: Reported asus router ip: 192.168.1.150
Sep 17 20:42:48 admin: CustomUpdateDDNS: Local ip detected
Sep 17 20:43:17 watchdog: start ddns.
Sep 17 20:43:17 rc_service: watchdog 462:notify_rc start_ddns
Sep 17 20:43:17 rc_service: waitting "start_ddns" via watchdog ...
Sep 17 20:43:47 rc_service: skip the event: start_ddns.

in the log.
Must need something else to work i guess..

 

[maurer]

post output of "route" command

LE - not needed.
so it's seems it's not possible if you use vpn.
https://curl.haxx.se/docs/faq.html#Can_I_make_libcurl_fake_or_hide
the only option i see in your case is to use ddns on first NAT box (dsl modem or whatever)

 

[Steffe]

What do you get if you type this in a terminal to your router?

curl -s --interface vlan2 http://icanhazip.com/
curl -s --interface vlan2 http://ipv4.myip.dk/api/info/IPv4Address

edit: Tried myself. Seems like the request just times out.

I don't know how the routing is being made... Seems to be the issue.

 

[Steffe]

route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 vlan2
94.12.345.678 192.168.1.1 255.255.255.255 UGH 0 0 0 vlan2
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 ppp5
default 192.168.1.1 0.0.0.0 UG 1 0 0 vlan2

What about a route that bypasses the VPN?

Edit: Ok, a route seems to work.

ip route add 104.28.7.4/32 via 192.168.1.1 dev vlan2

Before: (with VPN)
curl -s http://ipv4.myip.dk/api/info/IPv4Address
"94.2x.xxx.xx"

After: (with VPN and route)
curl -s http://ipv4.myip.dk/api/info/IPv4Address
"95.16x.xx.xxx"

 

[tomsk]

Thanks Steffe. Im assuming that 104.28.7.4/32 is the address of website we are looking for and i would need another static route for icanhazip.com.
I see in the documentation there is a -host option. Does this mean i can plug the website name into the route command and the DNS will resolve it?

 

[Steffe]

Yes, indeed. It would probably be best to curl the ip as well, the DNS also resolves fine. However, I'm not sure whether this will leak your ip etc.
It would be easy to add vpn handling using this to the script.

 

[tomsk]

so would it be a smart thing to have the script add the route(s) prior to executing the curl command, and then remove it once we are done with it?

 

[Steffe]

Well you could do that. I have no experience with routing, so I don't know what the effect of this route is.

 

[Alfsu]

@tomsk

Are you routing all your LAN traffic to the VPN?
You could use routing rules and route traffic from the router itself to go through the WAN instead of the VPN.
Then the original script should be good as gold!
Good luck.

 

[tomsk]

@Alfsu
Yes all traffic is running through my VPN. Merlins openVPN client has routing policy in the GUI which makes it easier to determine what goes through the tunnel. Unfortunately i have to use PPTP as my ISP is blocking openVPN protocol. A static route as we have been discussing is one way but not sure how that exposes me. Not sure how else to do it.... thanks for the input!