DS-LITE and DSL-AC68U (with GNUton Merlin)

[charlie2alpha]

I find the issue... When i call the curl script, I get an IPv4 address even though I configured an AAAA ... Basically it gets overwritten to an IP v4... Any idea on how to avoid this? How do I catch the ipv6 address in the ddns-start script? Because i can pass it manually I understand..

Sent from my SM-G960F using Tapatalk

Sorry was busy with work the past few days. First of all, use the update interface from this page. The http links you find there you use them like I do in my own very simple /jffs/scripts/ddns-start script:

#!/bin/sh

/usr/sbin/curl -s https://sync.afraid.org/u/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ >/dev/null 2>&1
/usr/sbin/curl -s http://v6.sync.afraid.org/u/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvv/ >/dev/null 2>&1

if [ $? -eq 0 ]; then
    /sbin/ddns_custom_updated 1
else
    /sbin/ddns_custom_updated 0
fi

The first curl command updates the IPv4 so the http URL you put there must correspond to the A dns record. The second command updates the IPv6 so replace the http URL with the one corresponding to the AAAA record. This method has also the advantage that the IP address is being detected from the server so it doesn't care about double NAT etc, it will always detect the correct external IP.

 

[sandrodjay]

Sorry was busy with work the past few days. First of all, use the update interface from this page. The http links you find there you use them like I do in my own very simple /jffs/scripts/ddns-start script:

#!/bin/sh

/usr/sbin/curl -s https://sync.afraid.org/u/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ >/dev/null 2>&1
/usr/sbin/curl -s http://v6.sync.afraid.org/u/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvv/ >/dev/null 2>&1

if [ $? -eq 0 ]; then
    /sbin/ddns_custom_updated 1
else
    /sbin/ddns_custom_updated 0
fi

The first curl command updates the IPv4 so the http URL you put there must correspond to the A dns record. The second command updates the IPv6 so replace the http URL with the one corresponding to the AAAA record. This method has also the advantage that the IP address is being detected from the server so it doesn't care about double NAT etc, it will always detect the correct external IP.

All good - it works! I had to activate the new scripts in the freedns website (http://freedns.afraid.org/dynamic/v2/)

What I still do not get is why my AC68U router IPv6 address sometimes get the IPv6 prefix (/64) and sometimes it doesn't ... do you know why/how to handle it? does it matter?

Ciao

 

[charlie2alpha]

All good - it works! I had to activate the new scripts in the freedns website (http://freedns.afraid.org/dynamic/v2/)

What I still do not get is why my AC68U router IPv6 address sometimes get the IPv6 prefix (/64) and sometimes it doesn't ... do you know why/how to handle it? does it matter?

Ciao

Normally each address has a corresponding subnet so it should always have a prefix. If it doesn't it's some kind of bug. But if everything works now don't mess with it!

 

[sandrodjay]

Normally each address has a corresponding subnet so it should always have a prefix. If it doesn't it's some kind of bug. But if everything works now don't mess with it!

Yep - and I also managed to stream the Xbox anywhere in the globe via VPN TAP (when IPv6 is available), which is amazing I will write a tutorial soon on this forum with all the lessons learnt in this post!

I have a final question though - for example yesterday I was in Italy and they have only IPv4 (or mostly IPv4) .. do you think it would be possible to access the AC68U behind the Fritzbox via IPv4? Because at the moment the VPN TAP works flawlessly on IPv6, but with IPv4 I have obviously some issues .. so I was wondering if you manage to make it work as well (alsp because I saw you update the DDNS for the IPv4 address .. so not sure how you are using it) ..

Ciao

Sent from my SM-G960F using Tapatalk

 

[charlie2alpha]

Yep - and I also managed to stream the Xbox anywhere in the globe via VPN TAP (when IPv6 is available), which is amazing I will write a tutorial soon on this forum with all the lessons learnt in this post!

I have a final question though - for example yesterday I was in Italy and they have only IPv4 (or mostly IPv4) .. do you think it would be possible to access the AC68U behind the Fritzbox via IPv4? Because at the moment the VPN TAP works flawlessly on IPv6, but with IPv4 I have obviously some issues .. so I was wondering if you manage to make it work as well (alsp because I saw you update the DDNS for the IPv4 address .. so not sure how you are using it) ..

Ciao

Sent from my SM-G960F using Tapatalk

In my case though I have a real IPv4 address which I can use while you do not. Unfortunately in your case to access your lan remotely you need to have IPv6 on your client as well or you have no access, it's just not possible unless you manage to use some kind of tunnel service that gives you IPv6 over IPv4. It will be slower but you can try if you want to, check https://tunnelbroker.net/ to get an idea.

 

[sandrodjay]

In my case though I have a real IPv4 address which I can use while you do not. Unfortunately in your case to access your lan remotely you need to have IPv6 on your client as well or you have no access, it's just not possible unless you manage to use some kind of tunnel service that gives you IPv6 over IPv4. It will be slower but you can try if you want to, check https://tunnelbroker.net/ to get an idea.

Ok - then I have the last question it looks like my ISP is changing my ipv6 quite often and unfortunately the DDNS doesn't refresh at the same time / it takes at least 1day (setting the force DDNS update in 1day) .. do you know if anything in the script may be added to make the update more efficient? (Eg. Check every hour that the IP didn't change and in case force an update)

I also tried to unflag the option "release ipv6 prefix on exit" in the IPV6 settings, so it doesn't release the prefix when it reboots (I do it every night at 4am) .. but I am not sure if it's correct/make sense

Sent from my SM-G960F using Tapatalk

 

[charlie2alpha]

Ok - then I have the last question it looks like my ISP is changing my ipv6 quite often and unfortunately the DDNS doesn't refresh at the same time / it takes at least 1day (setting the force DDNS update in 1day) .. do you know if anything in the script may be added to make the update more efficient? (Eg. Check every hour that the IP didn't change and in case force an update)

I also tried to unflag the option "release ipv6 prefix on exit" in the IPV6 settings, so it doesn't release the prefix when it reboots (I do it every night at 4am) .. but I am not sure if it's correct/make sense

Sent from my SM-G960F using Tapatalk

I had similar problems but in my case it was worse than just my ddns not updating, the ASUS router was not getting the new prefix in time and I was losing IPv6 connectivity in my LAN. So I wrote another script to take care of that. You need two scripts. First, the /jffs/scripts/wan-start script :

#!/bin/sh

cru a check_IPv6 "*/2 * * * * sh /jffs/scripts/ipv6reset"

This setups a cron job that calls the ipv6reset script every two minutes. The /jffs/scripts/ipv6reset script is this:

#!/bin/sh

wanipv6=`ip -6 addr show dev eth0 |grep inet6 -m1| awk '{print $2}' |cut  -f 1-4 -d \:`
wanipv6pref=`nvram get ipv6_prefix| cut -f 1-4 -d \:`

wanipv62=${wanipv6%??}
wanipv6pref2=${wanipv6pref%??}


if [ $wanipv62 == $wanipv6pref2 ]; then
  echo "Strings are equal"
else
  logger -t "IPv6 check" -s "IPv6 changed, restarting odhcp6c"
  killall -sigusr2 odhcp6c
  service restart_upnp
  sleep 30
  service start_ddns
fi

It simply compares the WAN IPv6 and the IPv6 prefix the router has and if the subnets are found to be different it sends the SIGUSR2 signal to the odhcp6c which causes it to release the IPv6 prefix and request a new one. Since the Fritzbox always assigns a /62 subnet this script should work for you too, if not let me know.

 

[sandrodjay]

I had similar problems but in my case it was worse than just my ddns not updating, the ASUS router was not getting the new prefix in time and I was losing IPv6 connectivity in my LAN. So I wrote another script to take care of that. You need two scripts. First, the /jffs/scripts/wan-start script :

#!/bin/sh

cru a check_IPv6 "*/2 * * * * sh /jffs/scripts/ipv6reset"

This setups a cron job that calls the ipv6reset script every two minutes. The /jffs/scripts/ipv6reset script is this:

#!/bin/sh

wanipv6=`ip -6 addr show dev eth0 |grep inet6 -m1| awk '{print $2}' |cut  -f 1-4 -d \:`
wanipv6pref=`nvram get ipv6_prefix| cut -f 1-4 -d \:`

wanipv62=${wanipv6%??}
wanipv6pref2=${wanipv6pref%??}


if [ $wanipv62 == $wanipv6pref2 ]; then
  echo "Strings are equal"
else
  logger -t "IPv6 check" -s "IPv6 changed, restarting odhcp6c"
  killall -sigusr2 odhcp6c
  service restart_upnp
  sleep 30
  service start_ddns
fi

It simply compares the WAN IPv6 and the IPv6 prefix the router has and if the subnets are found to be different it sends the SIGUSR2 signal to the odhcp6c which causes it to release the IPv6 prefix and request a new one. Since the Fritzbox always assigns a /62 subnet this script should work for you too, if not let me know.

I think we are almost there, but there is still something wrong..
The first command of your string gets the WAN IPv6 prefix, which is correct and it is how the router is seen outside ..
The second command though gets the LAN IPv6 prefix, which is different (first three parts are the same, last is different)
.. Thus this is triggering a DDNS start every 2 minutes (now I put it every hour to don't get banned)

So - I think we need to do anyone of the following to fix the above:
(1) how do I force the LAN prefix to be the same as the WAN? or
(2) how do I store the result of your first command somewhere to then check? Eventually i just need to check if the WAN IPv6 prefix changed vs the past

Any idea/help?



Sent from my SM-G960F using Tapatalk

 

[charlie2alpha]

I think we are almost there, but there is still something wrong..
The first command of your string gets the WAN IPv6 prefix, which is correct and it is how the router is seen outside ..
The second command though gets the LAN IPv6 prefix, which is different (first three parts are the same, last is different)
.. Thus this is triggering a DDNS start every 2 minutes (now I put it every hour to don't get banned)

So - I think we need to do anyone of the following to fix the above:
(1) how do I force the LAN prefix to be the same as the WAN? or
(2) how do I store the result of your first command somewhere to then check? Eventually i just need to check if the WAN IPv6 prefix changed vs the past

Any idea/help?



Sent from my SM-G960F using Tapatalk

The LAN prefix cannot be the same as the WAN IP address as they use different subnets. In my case, the first 3 elements are the same and from the fourth the first 2 digits are the same so my script removes the last 2 digits from the last element. In order for my to help you I need a sample of your IP addresses to understand what's different. If you have privacy concerns feel free to send me a private message

 

[sandrodjay]

The LAN prefix cannot be the same as the WAN IP address as they use different subnets. In my case, the first 3 elements are the same and from the fourth the first 2 digits are the same so my script removes the last 2 digits from the last element. In order for my to help you I need a sample of your IP addresses to understand what's different. If you have privacy concerns feel free to send me a private message

Thanks - that makes sense! Where exactly your script removes the last two digits? I see a cut -f 1-4 -d /: .. but this correctly returns the first four fields .. I don't get where in the code you cut the last bit

Sent from my SM-G960F using Tapatalk

 

[charlie2alpha]

The ${wanipv6pref%??} does exactly that, removes the last 2 digits.

 

[sandrodjay]

The ${wanipv6pref%??} does exactly that, removes the last 2 digits.

OK - so I think there was one issue:

 wanipv6=`ip -6 addr show dev eth0 |grep inet6 -m1| awk '{print $2}' |cut  -f 1-4 -d \:`

Should have been like this:

 wanipv6=$(ip -6 addr show dev eth0 |grep inet6 -m1| awk '{print $2}' |cut  -f 1-4 -d \:)

Is it possible?
Finally - I put also a logger command in case that the strings are equal (why did you put an echo?), however I am not able to see it on the router log ... do you know why?

 

[charlie2alpha]

It's possible they may be some differences in how the command shell handles regular expressions as our routers are using different SDKs. My scripts are tested on my ASUS RT-AC86U. You should test the expressions and their output on the router command shell and adapt them if need too. I put an echo instead of a log command because I don't want my log too be flooded every two minutes, I only want to know the case where the script triggers the renewal process. The echo is there for when I run the script manually from the terminal for testing purposes.

 

[sandrodjay]

It's possible they may be some differences in how the command shell handles regular expressions as our routers are using different SDKs. My scripts are tested on my ASUS RT-AC86U. You should test the expressions and their output on the router command shell and adapt them if need too. I put an echo instead of a log command because I don't want my log too be flooded every two minutes, I only want to know the case where the script triggers the renewal process. The echo is there for when I run the script manually from the terminal for testing purposes.

Ok - but the sad thing is that, even putting a logger command, my console doesn't get flooded...which I fear the cran job is not working properly...it looks like it's not doing anything anymore...how can I be sure it is working?

Sent from my SM-G960F using Tapatalk

 

[charlie2alpha]

One thing you could try, put a logger command before the if. Also try to list the cron jobs with the "cru l" command.

 

[sandrodjay]

One thing you could try, put a logger command before the if. Also try to list the cron jobs with the "cru l" command.

Found it....I simply left a " in the code ad was going in error.... Now it's working many thanks for your support! Let's see if finally everything will work

Sent from my SM-G960F using Tapatalk

 

[hash2k]

Hi sandrodjay, can you post a manual how you got dslite to work? This would be very helpful