How to Setup DDNS with Freedns.afraid.org

[Mike S]

I am running Ver 384.18 of Asus Merlin on my router. I am trying to setup DDNS using freedns.afraid.org. I have created an account on freedns.org and have created the subdomain, but I am having a hard time understanding how to set this up on the Asus router. Specifically, what should be in the host name field?

 

[Wallace_n_Gromit]

I am running Ver 384.18 of Asus Merlin on my router. I am trying to setup DDNS using freedns.afraid.org. I have created an account on freedns.org and have created the subdomain, but I am having a hard time understanding how to set this up on the Asus router. Specifically, what should be in the host name field?

The subdomain, in my case [xxxxxxxxxx.chickenkiller.com]

 

[dosborne]

Although I'm sure the one posted above works fine, I used a different approach, one that I can also run on a number of other systems within my network (I'm also running double NAT so this works better for me)

Create a script: /jffs/scripts/ddns-start
chmod u+x /jffs/scripts/ddns-start


Contents of script (modify the "hash" to match the one for your account)

#!/bin/sh
curl --silent "https://freedns.afraid.org/dynamic/update.php?allhZmlxETkRDcEsksksXOjE5MDU5NDg5" > /jffs/scripts/ddns-start.log 2>&1
# reporting results to router
if [ $? -eq 0 ];
then
    /sbin/ddns_custom_updated 1
else
    /sbin/ddns_custom_updated 0
fi

 

[BikeHelmet]

Although I'm sure the one posted above works fine, I used a different approach, one that I can also run on a number of other systems within my network (I'm also running double NAT so this works better for me)

Create a script: /jffs/scripts/ddns-start
chmod u+x /jffs/scripts/ddns-start


Contents of script (modify the "hash" to match the one for your account)

#!/bin/sh
curl --silent "https://freedns.afraid.org/dynamic/update.php?allhZmlxETkRDcEsksksXOjE5MDU5NDg5" > /jffs/scripts/ddns-start.log 2>&1
# reporting results to router
if [ $? -eq 0 ];
then
    /sbin/ddns_custom_updated 1
else
    /sbin/ddns_custom_updated 0
fi

I just wanted to say, you're the MVP! This got around two separate DDNS issues on two separate routers. I connected over WinSCP, created the scripts and changed their permissions, then saved to Custom DDNS in the web interface. It immediately updated my IP. Works like a charm!

RT-AC3200:

Jan  3 01:49:28 inadyn: HTTP(S) Transaction failed, error 36: Temporary network error (HTTPS send)

RT-AX56U:

Jan  3 01:52:59 inadyn: => ERROR: Could not authenticate.

 

[Bitrudeuk]

I'm trying to achieve the same thing as Mike on a AX86U, running Merlin 386.5. My DDNS subdomain is registered on strangled.net and correctly entered in the DDNS Service section and my Let'sEncrypt cert is active.

For some reason though, the subdomain is timing out when I try to enter it in the URL and the old router log in is now un-certified.

My DDNS service section looks like Wallace_n_Gromit's, but something must be missing as I can't access the router via any other way than the usual "https://router.asus.com" way?

I've read elsewhere on the forum, not to "Enable Web Access from WAN", but is this why this is not working, as the Asus FAQ's seem to suggest switching this on??

I'm not able to run any scripts as my technical knowledge doesn't stretch that far yet, so any helps with the usual router interface would be gratefully received please.

The reason I went with DDNS was to allow me to run an OpenVPN server, to access my NAS when away from home. I had one running before on another router, but it lost connection, I think because the WAN IP address changed and my OpenVPN client can't see the new one? That server is currently in-accessible until I can get back to that location, so I can't review the logs to see what went wrong. A friend suggested that it was likely the WAN IP address changing and my reading up on servers lead me to setting up the DDNS... Hopefully this is correct?

Thanks in advance, though i'm sure i've missed a valuable piece of information out from above no doubt.

 

[learning_curve]

~~
My DDNS service section looks like Wallace_n_Gromit's, but something must be missing as I can't access the router via any other way than the usual "https://router.asus.com" way?

I've read elsewhere on the forum, not to "Enable Web Access from WAN", but is this why this is not working, as the Asus FAQ's seem to suggest switching this on??
~~

If you just want to access your router via your FQDN e.g. your chosen DDNS name, which does have a valid SSL Certificate (you can disable https://router.asus.com within your router's GUI pages) say from a device that's located on your own router's LAN and via https in your browser e.g. https://ddns-mydomain.tld then THIS POST will tell you how to do it. This does assume that you have NOT enabled "Enable Web Access from WAN" which is the normal recommendation made by most router users on here for security reasons. If you must access / control your router remotely, then you could / should do this via very secure VPN and/or via very secure SSH - If you still want to minimise the chances of a hack or other unsavoury remote visits to your router too.

 

[Bitrudeuk]

Thank you, reading through it though, this looks like it's getting way too technical for my liking... If I am struggling with what to enter on the GUI, I should be staying well clear of scripts for now me thinks!

I'm not enabling web access from WAN, as I would only ever access the router and my LAN via my OpenVPN server. That was the whole reason to set up the DDNS, to stop the WAN IP address changing and me losing access whilst away?

 

[learning_curve]

Thank you, reading through it though, this looks like it's getting way too technical for my liking... If I am struggling with what to enter on the GUI, I should be staying well clear of scripts for now me thinks!

Needs must sometimes!

I'm not enabling web access from WAN, as I would only ever access the router and my LAN via my OpenVPN server. That was the whole reason to set up the DDNS, to stop the WAN IP address changing and me losing access whilst away?

From that ^ It appears that you don't have a static IP address with the ISP that is providing the service on the router that you need to visit - to fix? That would have made life a lot easier for you. The same, really, on the router that you can access and are currently having DDNS issues with... A dynamic IP address is quite common, hence the domain for DDNS, but static is often easier...

Your WAN IP address is provided by your ISP and the account / setup that you have with them, determines if your IP address can / will change. Your DDNS service - if setup correctly - should provide you with a domain / link / url that doesn't change, regardless of if / when your given ISP WAN IP address is changed e.g. If you don't have a static IP address as part of your account / setup with your ISP. This is relevant to both of the routers that you've mentioned in posts above.

Your choice of DDNS service and remote access to your router / LAN via OpenVPN etc should work reasonably safely from the getgo (depending on the config that you've used...) so, putting any typos or mis-configuration errors aside, it's a bit puzzling why it hasn't done - so far.

 

[Bitrudeuk]

From that ^ It appears that you don't have a static IP address with the ISP that is providing the service on the router that you need to visit - to fix? That would have made life a lot easier for you. The same, really, on the router that you can access and are currently having DDNS issues with... A dynamic IP address is quite common, hence the domain for DDNS, but static is often easier...

You are correct, I don't have a static IP unfortunately, else this whole problem goes away right?? My ISP offers them, but only for business users it appears. My other ISP (which oddly is actually the same company as the one here, just in a different country) offers them for a cost to Private users, from what I can make out from their FAQ's...

Your choice of DDNS service and remote access to your router / LAN via OpenVPN etc should work reasonably safely from the getgo (depending on the config that you've used...) so, putting any typos or mis-configuration errors aside, it's a bit puzzling why it hasn't done - so far.

I'm as confused as you are, as I think i've set everything up correctly? My network map has the following showing "DDNS: [subdomain name].strangled.net" followed by LetsEncrypt symbol, but is not clickable like the standard https router url link was?

The Host Name on the WAN - DDNS tab is "[subdomain name].strangled.net" but does not contain https:// or the like, could this be where I am going wrong?? I was expecting it to show as "https://[subdomain name].strangled.net:[port number]" on the network map page??

My local access config on the System tab in Administration is still showing as https://router.asus.com:[port number]. Is the only way to amend this via a script, as I am assuming that should be showing as "https://[subdomain name].strangled.net:[port number]"?

When I did this previously using an Asus DDNS address, it all set up correctly on my AX88U (the router I can't access currently). So if it works for that, surely it should work for my AX86U here and using Afraid, which seems to be the popular one on the forum? I've also seen a few people of late mention that the Asus one goes down at times...

Perhaps I shall try and replicate the Asus DDNS on the AX86U and see if that loads up correctly?

 

[Jeffrey Young]

Although I'm sure the one posted above works fine, I used a different approach, one that I can also run on a number of other systems within my network (I'm also running double NAT so this works better for me)

Create a script: /jffs/scripts/ddns-start
chmod u+x /jffs/scripts/ddns-start


Contents of script (modify the "hash" to match the one for your account)

#!/bin/sh
curl --silent "https://freedns.afraid.org/dynamic/update.php?allhZmlxETkRDcEsksksXOjE5MDU5NDg5" > /jffs/scripts/ddns-start.log 2>&1
# reporting results to router
if [ $? -eq 0 ];
then
    /sbin/ddns_custom_updated 1
else
    /sbin/ddns_custom_updated 0
fi

@dosborne, thanks for sharing. Just trying to wrap my head around how the router uses the contents of the ddns-start.log. Does Merlin's DDNS service automatically read the information in the log file upon being advised of a successful update ( /sbin/ddns_custom_updated 1 ) or is the code above just a snippet?

Sorry, not at home at the moment to look at what /sbin/ddns_custom_updated does.

Cheers

 

[learning_curve]

You are correct, I don't have a static IP unfortunately, else this whole problem goes away right??

Effectively: Yes (assuming that all of your associated config / setup is correct)

~~
I'm as confused as you are, as I think i've set everything up correctly? My network map has the following showing "DDNS: [subdomain name].strangled.net" followed by LetsEncrypt symbol, but is not clickable like the standard https router url link was?

Yep, nothing wrong with that AFAIK. That's how my DDNS name is / always has been.

The Host Name on the WAN - DDNS tab is "[subdomain name].strangled.net" but does not contain https:// or the like, could this be where I am going wrong?? I was expecting it to show as "https://[subdomain name].strangled.net:[port number]" on the network map page??

Nope, nothing wrong with either AFAIK. Both of mine have always been like this and DDNS has always works perfectly for me. IPv6 DDNS is the exception here, as Asus haven't figured out how to do it properly - yet, thus Merlin can't, as there's nothing that's 100% functional to look at - yet.

My local access config on the System tab in Administration is still showing as https://router.asus.com:[port number]. Is the only way to amend this via a script, as I am assuming that should be showing as "https://[subdomain name].strangled.net:[port number]"?

Again, assuming that all of your associated config / setup is correct e.g. Things like: Redirect webui access to router.asus.com = No (shown on Administration - System) IF you want to disable that function & use your DDNS details via https:// as has been mentioned in an earlier post ^ etc etc then normally, this will show both your DDNS name & your associated SSL certificate details.
Pic of mine attached again just FWIW showing those items - Yes I have disabled router.asus.com

When I did this previously using an Asus DDNS address, it all set up correctly on my AX88U (the router I can't access currently). So if it works for that, surely it should work for my AX86U here and using Afraid, which seems to be the popular one on the forum?

Yes and Yes - IF - your associated config / setup is correct. Again just FWIW Sometime ago now I changed my DDNS provider from Afraid to NoIP for DDNS. Nothing wrong with Afraid, I just found NoIP much better (for me). I have dual DDNS as I use both Asus (comes with the router as you know) AND NoIP. How to do that is covered by Merlin on here: Updating multiple services

I've also seen a few people of late mention that the Asus one goes down at times...

Sometimes... it does timeout, that's one of the reasons I opted for Dual DDNS - just in case

Perhaps I shall try and replicate the Asus DDNS on the AX86U and see if that loads up correctly?

It's worth a shot yes, but seeing as there's a question about your Local Access Config details, in your current setup, (might be due to a mis-config?) It might be easier to re-visit that first of all?

 

[Bitrudeuk]

Thank you so much for the detailed response.

So I've triple checked everything and I can't see any issue. I was hoping it was going to be solved by a simple button click, but upon checking "Redirect webui access to router.asus.com" It was already pre-set to "No"

The only thing I can think of is to just blank all the DDNS settings and enter them again to see if that works. It worked with my VPN client settings on the AX88U when I couldn't get them to work first time round!

One question though, regardless of whether or not the router accepts the settings and actually plays ball, surely the DDNS link should work if it's set up correctly? Whether I put the URL as is, or with the port number added, it still just times out and says "This site can’t be reached". Perhaps that is where the situation lies, despite it saying it's all registered correctly?

I'm probably missing something really stupid to make it all come together! Guess my sunday is gonna be spent tinkering again...

 

[learning_curve]

~~
The only thing I can think of is to just blank all the DDNS settings and enter them again to see if that works. It worked with my VPN client settings on the AX88U when I couldn't get them to work first time round!

You could do that yes. It's annoying and technically shouldn't make any difference of course but... Sometimes it does - for no real explainable reason

You could also try the Asus DDNS option, that you previously mentioned as your "Plan B".
Presumably, your SSL Certificate correlates to the afraid subdomain? So you'd have to re-issue that with the Asus name IF you switch to Plan B & don't intend to use dual DDNS.

One question though, regardless of whether or not the router accepts the settings and actually plays ball, surely the DDNS link should work if it's set up correctly?

Which link, where?

Whether I put the URL as is, or with the port number added, it still just times out and says "This site can’t be reached".

I'm not understanding where you're entering the link and then getting that ^ resultant message when you try to access it? It can't be in a browser, as you have NOT enabled "Enable Web Access from WAN". Do you mean entering the link in your VPN Server? If so, where exactly?

Perhaps that is where the situation lies, despite it saying it's all registered correctly?
I'm probably missing something really stupid to make it all come together! Guess my sunday is gonna be spent tinkering again...

Could you post a sanitised screen grab of your Administration - System / Local Access Config area for clarity (as per the one I myself posted earlier) and maybe the WAN - DDNS page to?

 

[Bitrudeuk]

You could do that yes. It's annoying and technically shouldn't make any difference of course but... Sometimes it does - for no real explainable reason

Turn it off, turn it on again right...

I'm not understanding where you're entering the link and then getting that ^ resultant message when you try to access it? It can't be in a browser, as you have NOT enabled "Enable Web Access from WAN". Do you mean entering the link in your VPN Server? If so, where exactly?

Does that mean that I will never access the router via the Strangled URL??

Could you post a sanitised screen grab of your Administration - System / Local Access Config area for clarity (as per the one I myself posted earlier) and maybe the WAN - DDNS page to?

Attached hopefully if i've done this right??

 

[learning_curve]

Turn it off, turn it on again right...

Pretty much... If it was me (with this specific, odd issue), I'd disable the DDNS Service (Enable the DDNS Client = No - on the WAN / DDNS page), then re-boot my router. Let it settle in, then add all of my DDNS config again, from scratch. Once complete, I'd check to ensure it's all working correctly, then re-boot again, double-check and... finish. You could try your plan B - Asus DDNS option instead as part of ^ this?

Does that mean that I will never access the router via the Strangled URL??

Yes and no. Yes, because, for security, like nearly all users do, you've ensured that: Enable Web Access from WAN is set to No (within Local Access Config on Administration/System Page) so technically, just using a connected browser, on its own, and with no other ancillary support method, how could you reach it? But no, because you can circumvent that on a device that's on your own LAN, as explained in the link posted in Post #6 in this thread. That works perfectly for me every time & so I never use router.asus.com

Attached hopefully if i've done this right??

All looks fine on these images, apart from, maybe: On your current WAN - DDNS page, you have WAN IP and hostname verification set to No. FWIW: If this is set to Yes (e.g. as it is on mine) the router regularly checks to see that the hostname matches the current IP. If it doesn't, it will update it. If this is set to No, the DDNS will only be updated if/when the WAN connection state changes. So if/when you decide to re-config your DDNS - the 1st point, ^^ above - you could then decide to use the Yes option (or not) at that point.

 

[Bitrudeuk]

Thank again for all your help on this learning_curve

Apologies for the delay on an update. My kid decided to bring home some virus and give it to my wife and I...

I thought I would use my "quick" dirty upgrade to Merlin's new Firmware Version:386.5_2, as an excuse to try and set this up again! This time I got a "Successful Registration" confirmation which didn't show last time, but it is still not changing the "Access setting page" to anything other than Asus, so I am stumped and not feeling up to investigating any further right now. I'm obviously doing something wrong??

As and when I try with Strangled again though, how long should I set the timer for verification please? It defaults to 60 minutes, i'm assuming too often would spam the server, so I was thinking of extending the time, but to what is my wonder??

When I feel a bit better i'll try the Asus DDNS option and see what happens. If it did happen to go down whilst I was away, what are the potential ramifications? I'd have to be really unlucky for the IP address to change over this time right, which would then cause my OpenVPN server to lose it's handshake right?

The ultimate aim of this is to just stop my OpenVPN server from going down because of a change of IP address. Maybe changing to a provider that offers static IP's easier, is something I need to consider moving forwards.... (If only it wasn't so damn expensive)

 

[learning_curve]

Apologies for the delay on an update. My kid decided to bring home some virus and give it to my wife and I...

Get well soon!

I thought I would use my "quick" dirty upgrade to Merlin's new Firmware Version:386.5_2, as an excuse to try and set this up again! This time I got a "Successful Registration" confirmation which didn't show last time, but it is still not changing the "Access setting page" to anything other than Asus, so I am stumped and not feeling up to investigating any further right now. I'm obviously doing something wrong??

Do you mean the "Access settings page' link on here: /Advanced_System_Content.asp ? You have the correct Strangled SSL is in place (you posted an image above) and you've already disabled the Redirect webui access to router.asus.com on the same page (you've posted above) so, what do you have in the Host Name field on here: /Advanced_LAN_Content.asp and did you re-boot after the DDNS was setup?

As and when I try with Strangled again though, how long should I set the timer for verification please? It defaults to 60 minutes, i'm assuming too often would spam the server, so I was thinking of extending the time, but to what is my wonder??

Can't comment on this one, as I don't use Strangled anymore / haven't done for a long time now sorry.

When I feel a bit better i'll try the Asus DDNS option and see what happens. If it did happen to go down whilst I was away, what are the potential ramifications? I'd have to be really unlucky for the IP address to change over this time right, which would then cause my OpenVPN server to lose it's handshake right?

The normal challenges of using a Dynamic IP address If you have both DDNS (Asus / Strangled) sources enabled, can't imagine that both would fail at exactly the same time... Might be worth a think?

The ultimate aim of this is to just stop my OpenVPN server from going down because of a change of IP address. Maybe changing to a provider that offers static IP's easier, is something I need to consider moving forwards.... (If only it wasn't so damn expensive)

Yep... in a nut shell. It's a no cost option with my ISP, so... are you limited to only that ISP as a supplier?

 

[Bitrudeuk]

Apologies for the delay in coming back on this issue.... I think I've cracked it! Well, getting the DDNS to work anyway! It's via Asus, but I will take that and I trialled the OpenVPN server access recently with success. Now I just need to see if everything is maintained when the WAN IP address changes.

Next step is to try and run that script you suggested above to access the router locally via the DDNS page without the current security message. That can wait though, as I now have other fish to fry, as my laptop wifi just gave up on me

Thanks again for all your help with this @learning_curve

 

[Bitrudeuk]

@learning_curve an interesting moment this morning, I had my first VPN "killswitch" event. Loosing internet access, lost me access to the router, even though I was hard wired into it. I can only assume this was as a result of the DDNS being set up the way it is, as usually even without internet I can access the router?

On another note, i've now managed to get SSH working via Putty, so can try and map the DDNS address to the local IP like you suggested above. Along with sorting out the "security" issue, would that give access to the router on the LAN, if the above event were to happen again?

 

[learning_curve]

~ an interesting moment this morning, I had my first VPN "killswitch" event. Loosing internet access, lost me access to the router, even though I was hard wired into it. I can only assume this was as a result of the DDNS being set up the way it is, as usually even without internet I can access the router?

Depends on the setup of the specific KillSwitch / DDNS setup(s) that you've used...
What happened after the Internet connection was restored in this case?

On another note, i've now managed to get SSH working via Putty, so can try and map the DDNS address to the local IP like you suggested above. Along with sorting out the "security" issue, would that give access to the router on the LAN, if the above event were to happen again?

Again, depends, on the setup(s) of the specific KillSwitch / DDNS / Browser setups that you've used... but FWIW I can, yes. See above re: the real post internet re-connection question, but you can also simulate that, by unplugging the WAN cable from your router. Then repeat all the tests on your setup(s). Rough but quick!