DDNS (dynamic host names) DUC setup in OpenWrt.
For a zillion and one reasons, many of us own host "names". These might be names we registered with a domain registrar, or names we have aquired through one of the many, many dynamic hosts services, such as no-ip.com.
Mostly these hosts get used for web sites, and mostly they are hosted on regular web servers "out there". Servers with fixed IP addresses that you can always get to by that same IP address/name combo.
But many of these names need to point to services which run on our OWN machines, for example to run web or ftp servers at home, or to access your security/IP cameras when you are out and about, or for VPNs and remote logins and much, much, MUCH more.
But OUR Machines are behind NATs and inside ISP Dynamic IP Address pools and the IP Address of our "home" can quite literally change from one minute to the next, unless you are paying your ISP (handsomely) for a fixed IP, which would be mad, as we have dynamic host name providers!
When our dynamic external IP changes, for example when we reconnect our DSL, we simply let the "Dynamic DNS" (DDNS) provider know our new IP, and they instantly update the world's DNS records (it usually takes a few minutes for changes to propagate the entire planet). Problem solved.
These DDNS suppliers provide scripts, programs, apps and such to keep your current IP in sync with the corresponding host name records. If you run OpenWrt you don't need any of that extra stuff running on your machines. OpenWrt can handle every single one of your dynamic host names automatically.
When I say "automatically", I mean once it's setup correctly, which in OpenWrt can be a pain in the arse.
Hopefully this page can take away some of that pain..
Installation is simple. Either use LuCI (System >> Software) a shell, do..
opkg install ddns-scripts
If you want to use the web interface to configure your DDNS, also do..
opkg install luci-app-ddns
I'm not a fan of the web interface for configuring OpenWrt, but you can certainly use that to configure your ddns scripts. If you are creating a config in /etc/config/ddns, it might look something like this example namecheap ddns upate..
config service home option enabled 1 option name myfunkydynamicdomain.com option interface wan option check_interval 16 option check_unit minutes option domain myfunkydynamicdomain.com option force_interval 63 option force_unit hours # option ip_source script # option ip_script /usr/local/bin/myextip option ip_source web option ip_script http://icanhazip.com/ option retry_interval 60 option retry_unit seconds option service_name namecheap.com option username @ option password 6cc75a49ead92fc1d3516687b8a42c22 option use_https 1 option cacert /etc/ssl/certs
You will note I also have a "script" to determine my external IP address. It simply returns your external IP in plain text, which is precisely what the "web" option (above) does. I use the script elsewhere on the system. /usr/local/bin/myextip is simply this..
#!/bin/sh wget -qO- http://icanhazip.com/
You could also use the corz.org plain text ip service, but I'm not going to demonstrate that here.
Note, if you use SSL (as in above example) you will need to install the full version of wget..
opkg install wget
and install the proper SSL certificates..
mkdir -p /etc/ssl/certs opkg install openssl-util opkg install ca-certificates
And install valid certificates for whatever domains you plan to access with the ddns updater script using SSL. You really don't want to be throwing your domain update passwords over the internet in plain text.
Here is how to create the certificate for
https://dynamicdns.park-your-domain.com:443, the namecheap update server..
cd /etc/ssl/certs openssl s_client -connect dynamicdns.park-your-domain.com:443 < /dev/null > temporary.out openssl x509 -outform PEM < temporary.out > dynamicdns.park-your-domain.com.cer
Finally, create a valid "
.0" link using the hash value from openssl..
HASH=`openssl x509 -hash -noout -in dynamicdns.park-your-domain.com.cer`.0 ln -s dynamicdns.park-your-domain.com $HASH
Repeat for each host.
You might want to make a script for it..
#!/bin/sh # author: cor at corz dot org openssl=/usr/bin/openssl if [ ! -f $openssl ]; then echo "ERROR: Can't find $openssl. openssl-util installed?" >&2 fi domain=$1 cd $SSL_CERT_DIR openssl s_client -connect $domain:443 < /dev/null > temporary.out openssl x509 -outform PEM < temporary.out > $domain.cer HASH=`openssl x509 -hash -noout -in $domain.cer`.0 ln -s $domain $HASH rm temporary.out
Then you can simply do..
/usr/local/bin isn't in your system PATH. That is set in
/etc/profile. You will want something like..
When you are in there, don't forget to put
Up near the top somewhere.
Yup, all that to make a single https request! But it's worth it, and you should only need to do it one time.
Other Dynamic Host Providers
Most of the dynamic host providers are fairly easy to setup. The odd one is no-ip.com. There is a package you can download specifically for handling no-ip.com, but I prefer to use OpenWrt's "Custom" option, especially when updating multiple hosts, like this..
config service noip option enabled 1 option name noip option interface wan option check_interval 15 option check_unit minutes option force_interval 66 option force_unit hours option ip_source script option ip_script /usr/local/bin/myextip option retry_interval 60 option retry_unit seconds option username email@example.com option password PASSWORD-HERE option use_syslog 2 option use_logfile 1 option update_url 'http://[USERNAME]:[PASSWORD]@dynupdate.no-ip.com/nic/update?hostname=dynamic.no-ip.com,dynamic.no-ip.biz,dynamic.no-ip.org,dynamic.no-ip.info,dynamic.serveftp.com&myip=[IP]' option domain dynamic.no-ip.com option use_https 1 option cacert /etc/ssl/certs
Note the multiple hosts in the update url, separated by commas. Also note that is one single line, no matter how it looks in your browser (copy & paste will work fine).
You can test your individual configurations from the shell. This is how to test the "noip" DUC config (the name corresponds to "config service <THIS-STRING>")..
This will run the update script from the shell and you will see all the output, which is much handier for debugging. Use Ctrl+C to terminate the script after the update.
Once everything is working you can startup individual DUC services from the shell..
/usr/lib/ddns/dynamic_dns_updater.sh noip &
Finally, enable the ddns DUC service and start it up..
/etc/init.d/ddns enable /etc/init.d/ddns start
That's it. You are done!
If all goes to plan, you can now completely forget about your dynamic host names and their constantly shifting underlying IP Addresses. OpenWrt is handling it.
Apologies for the writing standard, I'll clean it up later!