What's new

Setting up VPN server - DDNS (DNS-Omatic) not working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ascent

Occasional Visitor
I'm following x3mtek's guide (https://x3mtek.com/openvpn-server-setup-instructions-for-asuswrt-merlin/) to setup a VPN server. I made an account with DNS-omatic but am not able to get it registered in my WAN>DDNS GUI. After I enter my info and click apply, "DDNS Registration Result" reads "Request error! Please try again"

This is in my system log:
Apr 7 12:10:22 inadyn[15965]: In-a-dyn version 2.8.1 -- Dynamic DNS update client.
Apr 7 12:10:22 inadyn[15965]: Update forced for alias all.dnsomatic.com, new IP#
Apr 7 12:10:24 inadyn[15965]: Fatal error in DDNS server response:
Apr 7 12:10:24 inadyn[15965]: [200 OK] nohost
Apr 7 12:10:24 inadyn[15965]: Unrecoverable error 47, exiting ...
Apr 7 12:10:24 inadyn[15965]: Error code 47: Unknown error
Apr 7 12:10:52 inadyn[16077]: In-a-dyn version 2.8.1 -- Dynamic DNS update client.
Apr 7 12:10:52 inadyn[16077]: Update forced for alias all.dnsomatic.com, new IP#
Apr 7 12:10:54 inadyn[16077]: Fatal error in DDNS server response:
Apr 7 12:10:54 inadyn[16077]: [200 OK] nohost
Apr 7 12:10:54 inadyn[16077]: Unrecoverable error 47, exiting ...
Apr 7 12:10:54 inadyn[16077]: Error code 47: Unknown error
Apr 7 12:11:22 inadyn[16172]: In-a-dyn version 2.8.1 -- Dynamic DNS update client.
Apr 7 12:11:22 inadyn[16172]: Update forced for alias all.dnsomatic.com, new IP#
Apr 7 12:11:24 inadyn[16172]: Fatal error in DDNS server response:
Apr 7 12:11:24 inadyn[16172]: [200 OK] nohost
Apr 7 12:11:24 inadyn[16172]: Unrecoverable error 47, exiting ...
Apr 7 12:11:24 inadyn[16172]: Error code 47: Unknown error

I double checked my password, and tried using both my username and email used to setup the DNS omatic account.

I'm running AX88u with merlin f/w 386.1_2, with skynet, diversion, unbound, x3mRouting, connmon and using VPN client 1.

Thoughts?
 
DDNS stopped working for me to DNS-O-Matic in one of the recent releases on four routers I support. I think it was 384.19. I fixed it by selecting the option to use certificate from Let's Encrypt. See if that help you.
 
Using the Let's Encrypt certificate gives me the same result. I found an old post somewhere from another forum where some people had issues with DNS-O-Matic as well. One person fixed it by changing their password from using a special character to no special character. However, OPN DNS requres a special character in your password now so that can't be it.

Is there something else I could try to get this to work, or would you suggest I try a different DNS service provider?
 
dns-o-matic works for me on 8 different routers (ac86u/ac86u/ac88u/ax88u) to this day (all on fw3.86.2) without any problems.
Method to retrieve WAN IP =external.
Lets-encrypt enable.
For this, it is necessary to forward port 80 and 443 from their modem/DSL router to the Asus router via port forwarding.
Capture.JPG
 
Last edited:
test them with this script...
Code:
#!/bin/sh

# Update the following variables:
# username/pw from dns-o-matic
USERNAME=xxxx.yyyyy@gmail.com
PASSWORD=zzzzzzyyyyyyvvvvvv
# provider ddnss
HOSTNAME=yourdomain.ddnss.eu

/usr/sbin/curl -k --silent -u "$USERNAME:$PASSWORD" "https://updates.dnsomatic.com/nic/update?hostname=$HOSTNAME" > /dev/null

if [ $? -eq 0 ]; then
/sbin/ddns_custom_updated 1
else
/sbin/ddns_custom_updated 0
fi
 
Last edited:
The custom script worked.

Now I'm on to the next part with yDNS. I signed up for an account, then started to add a host.

The drop down choices for "Domain" has only one choice (ydns.eu)

For "Name", I just chose something and got the green check mark so I assume that's okay,

Then I put "0.0.0.0" in the "Content" field as shown in the guide. This gave me the error "Blocked. If you feel this is an error, please contact our support team.". I assume it is needing an IP address here but I'm not sure which or why?

I don't have the fourth field "Type" as shown in the guide.

I did a quick search and didn't find any help for what I should put in the Content field. Meanwhile, I have a domain with Namecheap so I started to try to use that instead. I wasn't quite sure how to go about it, but I got something to put in as a service in my DNS-O-Matic account, however it says it is "waiting for first update" and I kind of doubt I did it correctly.

So, any help with setting up yDNS with my issues above?

Or if anyone is familiar with Namecheap, I wouldn't mind going that route but I need to figure it out!
 
I ended up going with FreeDNS from afraid.org

I think I set that up correctly and copy/pasted the key to the DNS-O-Matic add service page. However, it still shows "waiting for first update" under status.

Meanwhile, I went through the rest of the steps to set up my VPN server. I tested this with the Open VPN app for Android, but has not been able to connect (waiting server response). I assume this is due to DNS -O - Matic not receiving the update from afraid yet?

Might need to change my thread title at this point!
 
..then please try it directly, without dns-o-matic....
dyndns.jpg
 
Last edited:
I made some further progress now. I appreciate the help thus far, but still not quite there yet.

Here's where I am at:

I successfully set up the DDNS using just one account (afraid.org). I chose the Let's Encrypt certificate, but it shows it is still authorizing (is this a problem, should I switch to no certificate?).

I set up the VPN server according to Xentrk's guide.

To test if the VPN server is working, I loaded the config file on my android phone using the Open VPN for Android app and switched to mobile data to stay off my home network. At first, I had my old config file from when I tried to use DNS-O-Matic as my DDNS. The Open VPN app would not connect at all. After I updated the config file to the current DDNS (afraid), it looks like it almost was able to connect but got this error message in the app's logs:

"Cannot resolve host address: (my DDNS address is here):1194 (No Address associated with hostname)"

I tried to search for that error code but it seems a lot of the discussions are geared towards VPN providers rather than personal VPN servers?

I'm wondering if I need to do some more setup with my afraid.org account? Or is it some firewall/port settings I need to open on the router?

One other question, should I be using a different port than the default for security reasons? I only know a basic understanding of ports, but never have opened or changed any before.
 
ok.
1. which operating system do you use windows or linux (computer)?
2. do you install openvpn-client on it?
3. export the ovpn file from the router and import it into the installed client.
4. try an "internal" connect. (adjust ovpn.conf: edit, remote "internal router-ip" 1194

...if this connect works, we'll keep looking, O.k

...do you have ssh access to your router?, preferably via winscp client...
 
Ah, got it now! The config file created by the router did not create the address for my domain with afraid.org correctly. I just had to edit the config file manually with the correct address and now I can connect.

Now I have the next part to figure out... I might have wrongly assumed that once I connect to my home VPN server, I'd be able to do things as if I was at home and directly connected to my router as normal.

But I can't see my IP cameras, log in to my router GUI, see my attached network drives, etc. I'll have to look into this later but if it's something easy to explain or point me in the right direction it would be much appreciated!

For reference, I am just running the Open VPN (for android) on my phone for now to connect to my VPN server.
 
optimise your vpn server, see pictures...
...then export your new ovpn.conf and import it into your smartphone....

s2.png

s1.jpg
 
#ovpn-conf-client

remote your-dyndns-domain 1194

# for tests local with router-ip
#remote 192.168.0.x 1194

client
dev tun
proto udp

#pull-filter ignore redirect-gateway active=no INet-Access, local only lan-access
#pull-filter ignore redirect-gateway

# your router-ip-address
dhcp-option DNS 192.168.0.x

pull
script-security 2
# comp-lzo #old#
reneg-sec 0
float
keepalive 15 60

# classic dsl-mtu
mssfix 1432

#compress lz4 #unsafe#
resolv-retry infinite
nobind
persist-key
persist-tun

cipher AES-128-GCM
auth none
tls-client
remote-cert-tls server
# ns-cert-type server #is old#

auth-user-pass
# no safe pw
auth-nocache

# your certs:#
 
Last edited:
Cool, thanks for the help. I did that and can now connect to my router via VPN.

However, the other apps I'd like to use still cannot connect. I think those apps require my phone's IP to look like 192.168.1.x, but it shows up as 10.8.0.2. Could that be the issue and is there a way to fix it? If there's nothing obvious that I missed then I will go back and double check all settings.

Also, in your code above, for "dhcp-option DNS 192.168.0.x", I wasn't sure what that should be so I used the IP of my router. Is that correct?

Also, I wasn't sure what dls-mtu was and did a quick search. Should that number work for me/everyone or do I need to find out the optimal setting for my network?

For reference, I am trying to use the VPN server so I can connect to my IP cameras via Blue Iris and access my attached hard drive on my router. I don't have access to either right now, just access to my router. When I try to access Blue Iris, it stats "LAN access only", which I know I can change settings in Blue Iris, but I would like the VPN to work so that everything works as if I was at home.
 
yes: dhcp-option DNS 192.168.0.x is your router-ip

10.8.0.2 is a address from your vpn-network for your phone

if you come from network 10.xx.xx.xx (vpn-network, see jpeg s2) and want to go to network 192.168.xx.xx, i.e. local (blue-iris probably), then you have to configure blue-iris accordingly so that it allows it...

...it's difficult, because i don't have blue-iris cameras and their app, so i can't recreate it...

...i have complete access to my network with the suggested settings, incl. nas (internal firewall adjusted accordingly for network 10.110.4.0, screenshot s2)....

with you, it's a bit like looking for a needle in a haystack, because more detailed information is missing or cannot be posted for security reasons....

for mtu: How to find the correct MTU and MRU of your link | Hamy - The IT Guy
 
Last edited:
I see, I might have wrongly assumed what I'd be able to do once I get VPN server setup and connected to it. I thought when I would connect to the server, it would appear as if I was connected directly to the LAN and everything would work as such.

I'll keep looking, I saw some more about this push command in the config file I might need to use.

To explain blue iris I'm trying to connect to... Blue Iris is just an IP camera software running on a windows machine on my LAN. I can connect to the user interface to see all my cameras/etc, by going to the IP address of the windows machine followed by a port number. This works only when on LAN, there are settings in Blue Iris to work with WAN but I wanted to go the VPN server route.

thanks again for the help, don't think I'd get this far without it
 
Thanks...

I have read up on blue-iris...

it is a web server on a windows client

questions:

does this client have a fixed ip address?
can you reach this client via ping (consider windows firewall)?
establish the vpn-connection at home on wlan (see conf-file: #remote 192.168.0.x 1194, enter your router address and remove the # instead of the dyn-dns-address and remove the dyndns-address via #.

do the same test by dyn-dns address ) turn off wifi on smartphone...

Results: do I reach the client?, after that we dedicate ourselves to the software/web server...

best regards
 
Thanks...

I have read up on blue-iris...

it is a web server on a windows client

questions:

does this client have a fixed ip address?
can you reach this client via ping (consider windows firewall)?
establish the vpn-connection at home on wlan (see conf-file: #remote 192.168.0.x 1194, enter your router address and remove the # instead of the dyn-dns-address and remove the dyndns-address via #.

do the same test by dyn-dns address ) turn off wifi on smartphone...

Results: do I reach the client?, after that we dedicate ourselves to the software/web server...

best regards

I'll try that, thanks! May be a few days before i can get to it but I'll report back anyways in case this helps someone else
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top