Differences

This shows you the differences between two versions of the page.

doc:howto:ddns.client [2012/10/13 08:46]
insanid
doc:howto:ddns.client [2014/11/05 11:46] (current)
marco.sulla
Line 2: Line 2:
If you want to set up a DDNS Server instead, please see [[doc:howto:ddns.server]]. If you want to set up a DDNS Server instead, please see [[doc:howto:ddns.server]].
-===== Using LuCI =====+  * Tested with: 
 +    * OpenWrt Attitude Adjustment 12.09 
 +    * OpenWrt Barrier Breaker r37816
-DDNS stands for Dynamic DNS. Simply put, using this service gives a name to your ip. So if you're hosting something on your line, people wouldn't have to bother typing your IP. They can just type in your domain name! It also helps when your ip changes. Users won't need to discover what your new ip is, they can simply type your domain name. +===== Introduction =====
-First of all, you'll need to register to a DDNS. See the [[http://wiki.openwrt.org/doc/howto/ddns.client#requirements]] section below for a list of suggested DDNS providers.+DDNS stands for [[https://en.wikipedia.org/wiki/Dynamic_DNS|Dynamic DNS]]. Simply put, using this service gives a name to your ip. So if you're hosting something on your line, people wouldn't have to bother typing your IP. They can just type in your domain name! It also helps when your ip changes. Users won't need to discover what your new ip is, they can simply type your domain name.
This guide will help you configure your ddns service, so that your router auto-updates your ip to your ddns. The simplest method possible would be through LuCI (the default webUI for openwrt). This guide will help you configure your ddns service, so that your router auto-updates your ip to your ddns. The simplest method possible would be through LuCI (the default webUI for openwrt).
-==== Step 1, install the packages ====+===== Requirements ===== 
 + 
 +First of all, you'll need to pick and register a DNS name with a compatible DDNS service. Note the DNS name, your service username and password for use below. 
 + 
 +Here is a list of suggested DDNS providers. 
 + 
 +  * http://freedns.afraid.org :!: free 
 +  * http://noip.com :!: free but requires annoying account confirmation every 30 days 
 +  * http://changeip.com :!: free 
 +  * http://duckdns.org :!: free - generated config on site 
 +  * http://system-ns.com :!: free 
 +  * https://dns.he.net/ :!: free - if you have your own domain name, [[doc/howto/ddns.client/hurricaneelectricfreedns]]. 
 +  * http://dnsdynamic.org  :!: free 
 +  * http://zoneedit.com :!: non-free (dns update by https required, curl needed. See [[http://wiki.openwrt.org/doc/howto/ddns.client#ssl.support|SSL support]].) 
 +  * http://dyndns.org :!: non-free except if you donated in 1998-2001. 30-day free trial needs credit card number. 
 +  * http://dyndns.fr :!: non-free 
 +  * Any other service that can update when some URL is accessed.  The script is quite versatile. 
 + 
 +For a longer list of additional DDNS providers, see: 
 + 
 +  * http://www.dmoz.org/Computers/Internet/Protocols/DNS/DNS_Providers/Dynamic_DNS/ 
 +  * http://dnslookup.me/dynamic-dns/ 
 + 
 +===== Using LuCI ===== 
 + 
 +==== Step 1: Install the Packages ====
Login into your router through your browser. Go to Administration (top right) > System (top left) > Software > Update Package Lists Login into your router through your browser. Go to Administration (top right) > System (top left) > Software > Update Package Lists
-Let it update, go back to Software. Find luci-app-ddns. Install it, then when it says the installation is finished, it's installed!+Let it update, go back to Software. Find ''luci-app-ddns'' and install the package.
-Just press any other link at the openwrt WebUI, and the WebUI will refresh itself and Dynamic DNS will appear under Services > Dynamic DNS+Installing the package ''luci-app-ddns'' will automatically install the package ''ddns-scripts'', which contains the scripts that actually update the dynamic DNS name (see below).
-==== Step 2, configuration ====+After ''luci-app-ddns'' is installed, just press any other link on the Openwrt LuCI WebUI, and the page will refresh itself and Dynamic DNS will appear under Services > Dynamic DNS. If those tabs don't show up, run ''/etc/init.d/uhttpd restart'' or reboot the router. 
 + 
 +Beginning ddns-scripts Version 1.0.0-23 you need to enable ''ddns'' service in "System"-"Startup" or run: ''/etc/init.d/ddns enable'' to enable updates being send on reboot and hotplug events. 
 + 
 +==== Step 2: Configuration ==== 
 + 
 +In LuCI, go to Services > Dynamic DNS. 
 + 
 +There is a default configuration called "MYDDNS" ready to edited.
^ Variable ^ Description ^ Example ^ ^ Variable ^ Description ^ Example ^
-| enable | Self explanatory | none +| Enable | Self-explanatory | check this to enable this configuration | 
-| Service | Which DDNS do you use? Choose one | dyndns | +| Event interface | The DDNS scripts use the Linux hotplug events system. When this specified network interface comes up, a related ifup hotplug event will cause DDNS script to start to monitor (and update) the external IP address of . Select the WAN interface that will have the external IP address to use in the DDNS registration. | wan
-| use_https | If set to 1 DDNS updates use SSL |  | +| Service | Which DDNS online service do you use? Choose one | dyndns.org
-| Host | The DNS name of the ip, as configured in the DDNS site | your.domain.name | +| Hostname | The DNS name to update (this name must already be registered with the the DDNS service) | your.domain.name | 
-| Username | Username of your DDNS | yourusername | +| Username | Username of your DDNS service account | yourusername | 
-| Password | Password of your DDNS | yourpassword | +| Password | Password of your DDNS service account. Ensure this password does **not** have "$1" or $ with any number following in it, as this **breaks** the script. **For freedns.afraid.org, [[ddns.client#Specific settings for freedns.afraid.org|read below]]**. | yourpassword | 
-| Source of IP-address | This tells the router where to look for your actual WAN IP Address | Usually at 'Network' +| Source of IP address | This tells the script how to determine your interface external IP address. See below for a description. | Usually "network"
-| Network/Interface/URL | If you choose Network, it would be the one negotiating your connection, in this case, the wan | wan | +| Network/Interface/URL | This will be named based on the section of "Source of IP address". Select the network, interface physical name, or type in the URL to use to determine the external IP address. | Usually "wan"
-| Check for changed IP every | Self Explanatory | 10 |+| Check for changed IP every | Self Explanatory. Checks below 5 minutes make no sence because from testing, it takes this time until the global DNS servers be in sync | 10 |
| Check-time unit | The unit for the value above | min | | Check-time unit | The unit for the value above | min |
-| Force Update every | Self explanatory | 72 | +| Force update every | Even if the detected external IP address has not changed, update the DDNS name anyway after this time interval | 72 | 
-| Force-time unit | Unit for the value above | hr |+| Force-time unit | Unit for the value above | h |
 +Click "Save & Apply" to save changes.
 +=== Specific settings for freedns.afraid.org ===
 +    * You must **NOT** set your account password in the "password" field. On the contrary, go to http://freedns.afraid.org/dynamic/, login, click "Direct URL". On the location bar of your browser, copy the the authorisation token, the part after http://freedns.afraid.org/dynamic/update.php? url. and paste it in the password field.
 +    * DO enter the host into the Hostname field. Although it is not used for the update, it //is// used to check the host's current IP address (via ''nslookup'').
-==== Step 3, You're done! ====+=== Further details === 
 +  * **A full list of supported settings (some not supported by LuCI WebUI) and their description you will find [[doc:uci:ddns|in UCI documentation]].** 
 +  * Source of IP address ("ip_source" in the configuration file) 
 +    * The "ip_source" option can be "network", "interface", "script" or "web", with "network" as the default 
 +    * If "ip_source" is "network" you specify a network section in your /etc/network config file (e.g. "wan", which is the default) with the "ip_network" option.  If you specify "wan", you will update with whatever the ip for your wan is. 
 +    * If "ip_source" is "interface" you specify a hardware interface (e.g. "eth1") and whatever the current ip of this interface is will be associated with the domain when an update is performed. 
 +    * If "ip_source" is "script" you specify a script to obtain ip address. The "ip_script" option should contain path to your script. This option is not available through the LuCI web interface. 
 +    * The last possibility is that "ip_source" is "web", which means that in order to obtain our ip address we will connect to a website (specified in the URL field), and use the first valid ip address listed on that page. Use this option if the OpenWrt device is behind a NAT device and does not have a real external IP address assigned to the WAN interface being monitored. The correct URL will depend on the DDNS service being used. Check with the service's documentation to determine if they offer this feature and, if so, what the correct URL is. 
 +      * For the DynDNS service, the URL is [[http://checkip.dyndns.org]] 
 +      * Multiple URLs can be used by separating the entries with a space.
-That's all you need to do! First update takes as long as the force update option is set to.+==== Step 3: Start ddns-scripts ====
-If the wan interface changes its address, the DDNS account is updated automatically. +  * Normally, the DDNS scripts are automatically started through a hotplug event. The very first time they are configured, there is no ifup event to start them. 
-Additionally an unconditional update is sent periodically. The interval is specified by the force update option.+  * The simplest option is to reboot the router. This will automatically start the scripts as part of the normal interface startup process. 
 +  * If a reboot should be avoided, the scripts can be started manually by generating a hotplug event from the command line (see below for details) 
 +  * Beginning ddns-scripts Version 1.0.0-23 you need to enable //**ddns**// service in "System"-"Startup" to enable updates being send on reboot and hotplug events. 
 +  * You can also start/stop/restart the service without reboot or generating a hotplug event.
-After initial configuration the ''ifup wan'' command can be used to force a DDNS update. Or, for Backfire, the following commands. +==== Step 4: You're done! ====
-<code> +
-. /etc/profile # That's a period followed by a space +
-ifup wan +
-</code>+
-===== Using ddns-scripts =====+  * If the wan interface changes its address, the DDNS account is updated automatically. 
 +  * Additionally, an unconditional update is sent periodically. The interval is specified by the force update option.
-OpenWrt uses the package <code>ddns-scripts</code> +==== Additional DDNS registration entries ====
- for providing DDNS service.+
-==== Requirements ==== +In LuCI, go to Services &gt; Dynamic DNS.
-  * A recent OpenWrt version. This howto was written for the 'Kamikaze 7.07' and later releases. +
-  * An account with a compatible DDNS service, currently: +
-  * http://dyndns.org  :!: needs credit card number, even for "Trial&quot; Account. +
-  * http://changeip.com :!: non-free +
-  * http://zoneedit.com :!: non-free +
-  * http://no-ip.com    still free =) +
-  * http://freedns.afraid.org +
-  * http://dnsdynamic.org +
-  * Any other service that can update when some URL is accessed.  The script is quite versatile.+
-For a longer list of additional DDNS providers, see:+  * Use the text entry box and "Add" button to add additional DDNS configurations 
 +    * Do not use a - character in the DDNS configuration name
-  * http://www.dmoz.org/Computers/Internet/Protocols/DNS/DNS_Providers/Dynamic_DNS/ +===== Using ddns-scripts directly =====
-  * http://dnslookup.me/dynamic-dns/+
-==== Installation ==== +The ddns-scripts package can be installed and used on its own without luci-app-ddns. No web GUI will be available in this case. This section describes how to use the command line to use ddns-script directly. 
-Install the ddns-scripts package.+ 
 +==== Step 1: Installation ==== 
 +Install the ''ddns-scripts'' package.
<code> <code>
Line 77: Line 117:
</code> </code>
-If you like to configure <code>ddns-scripts</code> +==== Step 2: Configuration ==== 
- using the LuCI WebUI also install this package:+The configuration is stored in ''/etc/config/ddns'' which contains more thorough documentation.
-<code> +In order to enable Dynamic DNS you need at least one section, and in that section the ''enabled'' variable must be set to ''"1"''.
-opkg update +
-opkg install luci-app-ddns +
-</code> +
- +
-==== Configuration ==== +
-The configuration is stored in /etc/config/ddns which contains more thorough documentation. +
- +
-In order to enable Dynamic DNS you need at least one section, and in that section the "enabled" option must be set to one.+
Each section represents an update to a different service.  This sections specifies several things: Each section represents an update to a different service.  This sections specifies several things:
Line 95: Line 127:
  * domain (set this to all.dnsomatic.com for DNS-o-Matic)   * domain (set this to all.dnsomatic.com for DNS-o-Matic)
  * username   * username
-  * password +  * password (sometimes it is the api token, not your login password) 
-  * IP source (wan, eth0, web) +  * ip_source (wan, eth0, web) 
-Optionally, thse following may be specified:+ 
 +Optionally, the following may be specified:
-  * option update_url (needed if the service isn't supported by /usr/lib/ddns/services)+  * update_url (needed if the service isn't supported by /usr/lib/ddns/services)
  * check_interval   * check_interval
  * force_interval   * force_interval
-Use the "check_interval" to specify how often to check whether an update is necessary, and the "force_interval" option to specify how often to force an update.  Specify the units for these values with the "check_unit" and the "force_unit" options.  Units can be "days", "hours", "minutes" or "seconds". The default force_unit is hours and the default check_unit is seconds.  The default check_interval is 600 seconds, or ten minutes. The default force_interval is 72 hours or 3 days.+ 
 +Use the ''check_interval'' variable to specify how often to check whether an update is necessary, and the ''force_interval'' variable to specify how often to force an update.  Specify the units for these values with the ''check_unit'' and ''force_unit'' variables.  Units can be ''"days"'', ''"hours"'', ''"minutes"'' or ''"seconds"''. The default value for ''check_interval'' is ''"600"'', and the default value for ''check_unit'' is ''"seconds"'' (''check_interval'' = 10 minutes). The default value for ''force_interval'' is ''"72"'', and the default value for ''force_unit'' is ''"hours"'' (''force_interval'' = 72 hours). 
 + 
 +=== Default configuration === 
 + 
 +This is the default configuration in /etc/config/ddns as of OpenWrt Attitude Adjustment 12.09.
<code> <code>
config service "myddns" config service "myddns"
        option enabled          "0"         option enabled          "0"
 +        option interface        "wan"
 +
        option service_name    "dyndns.org"         option service_name    "dyndns.org"
        option domain          "mypersonaldomain.dyndns.org"         option domain          "mypersonaldomain.dyndns.org"
        option username        "myusername"         option username        "myusername"
        option password        "mypassword"         option password        "mypassword"
-        option ip_source        "network" +
-        option ip_network      "wan"+
        option force_interval  "72"         option force_interval  "72"
        option force_unit      "hours"         option force_unit      "hours"
        option check_interval  "10"         option check_interval  "10"
        option check_unit      "minutes"         option check_unit      "minutes"
 +        option retry_interval  "60"
 +        option retry_unit      "seconds"
 +
 +        #option ip_source      "network"
 +        #option ip_network      "wan"
 +
        #option ip_source      "interface"         #option ip_source      "interface"
        #option ip_interface    "eth0.1"         #option ip_interface    "eth0.1"
-        #option ip_source      "web+ 
-        #option ip_url         "http://automation.whatismyip.com/n09230945.asp"+        #option ip_source      "script
 +        #option ip_script      "path to your script" 
 + 
 +        option ip_source        "web" 
 +        option ip_url           "http://checkip.dyndns.com/" 
        #option update_url      "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]"         #option update_url      "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]"
</code> </code>
-A short example for a dyndns.org service to configure via UCI CLI:+=== Configuration using the uci program === 
 + 
 +A short example for a **dyndns.org** service to configure via UCI CLI:
<code> <code>
Line 133: Line 185:
root@OpenWrt:~# uci set ddns.myddns.enabled=1 root@OpenWrt:~# uci set ddns.myddns.enabled=1
root@OpenWrt:~# uci commit ddns root@OpenWrt:~# uci commit ddns
 +</code>
 +
 +=== Configuration for duckdns.org ===
 +== Add Duck DNS to ''services'' ==
 +The reason you want to add Duck DNS to the ''services'' file is because this will allow you to configure other ddns services if needed, and it allows for proper https usage with ''curl''.
 +Edit ''/usr/lib/ddns/services'' and add this to the end of the file:
 +<code>
 +# Duck DNS
 +"duckdns.org"          "http://www.duckdns.org/update?domains=[DOMAIN]&token=[PASSWORD]&ip=[IP]"
 +</code>
 +== Duck DNS https (SSL) Support ==
 +[[duckdns.org]] uses a CA that is either self-signed, or not listed in the Curl CA bundle. ''curl'' will throw error 60 when trying to update over https. The only way I was able to get ''curl'' to update Duck DNS over https was to have ''curl'' ignore certificate checks with ''curl -k''. Modify ''/usr/lib/ddns/dynamic_dns_updater.sh'' as follows:
 +
 +Find this string of code:
 +<code>
 +retrieve_prog="${retrieve_prog}--cacert $cacert "
 +</code>
 +Replace it with this:
 +<code>
 +retrieve_prog="${retrieve_prog}-k "
 +</code>
 +Find this string of code:
 +<code>
 +retrieve_prog="${retrieve_prog}--capath $cacert "
 +</code>
 +Replace it with this:
 +<code>
 +retrieve_prog="${retrieve_prog}-k "
 +</code>
 +
 +== Duck DNS ddns-scripts ''config'' example ==
 +Uncomment use_https and cacert if you want to use https (SSL).
 +<code>
 +config service "myddns"
 +        option enabled          "1"
 +        option interface        "wan"
 +        option service_name    "duckdns.org"
 +        option domain          "DOMAIN"
 +        option username        "LEAVE BLANK"
 +        option password        "xxxxxxx-your-token-xxxx-xxxxxxxxxxxx"
 +        option force_interval  "12"
 +        option force_unit      "hours"
 +        option check_interval  "10"
 +        option check_unit      "minutes"
 +        option ip_source        "web"
 +        option ip_url          "http://wtfismyip.com/text"
 +      #option use_https        "1"
 +      #option cacert          "/etc/ssl/certs/cacert.pem"
 +</code>
 +
 +=== Configuration for namecheap.com ===
 +
 +An example for a **namecheap.com** domain with an A-record with name '@'.
 +
 +<code>
 +config service 'myddns'
 +        option enabled '1'
 +        option interface 'wan'
 +        option force_interval '72'
 +        option force_unit 'hours'
 +        option check_interval '10'
 +        option check_unit 'minutes'
 +        option retry_interval '60'
 +        option retry_unit 'seconds'
 +        option service_name 'namecheap.com'
 +        option domain 'yourdomain.info'
 +        option username '@'
 +        option password 'xxxxxxx-your-token-xxxx-xxxxxxxxxxxx'
 +        option ip_source 'network'
 +        option ip_network 'wan'
 +        #option use_https '1'
 +        #option cacert '/etc/ssl/certs/cacert.pem'
 +</code>
 +
 +Note that with the namecheap protocol, the ''username'' option is translated to the ''host'' argument in the update request.  Therefore, it should be the hostname on the DNS record, **not** the username that you use to log into the namecheap.com site.  In this example, the script will update the '@' (full domain) DNS A-record.  To update a subdomain A-record, enter the name of the subdomain instead.  To get your password, log into the namecheap.com site, enter the management console for the domain, and click the ''Dynamic DNS'' menu option. 
 +
 +Make a record for each subdomain.  Using Luci, enter a label for the subdomain into the Add field (near lower left of page)and click the (+), or hand edit the /etc/config/ddns file and add a new stanza. 
 +
 +Example /etc/config/ddns records to update two subdomains at namecheap:
 +<code>
 +config service 'myddns'
 +        option interface 'wan'
 +        option force_unit 'hours'
 +        option check_interval '20'
 +        option check_unit 'minutes'
 +        option retry_interval '60'
 +        option retry_unit 'seconds'
 +        option password 'YourNamecheapDDNSpassword'
 +        option enabled '1'
 +        option ip_source 'interface'
 +        option ip_interface 'pppoe-wan'
 +        option service_name 'namecheap.com'
 +        option force_interval '72'
 +        option domain 'Your.Domain'
 +        option username 'www'
 +
 +config service 'mail'
 +        option interface 'wan'
 +        option force_unit 'hours'
 +        option check_interval '20'
 +        option check_unit 'minutes'
 +        option retry_interval '60'
 +        option retry_unit 'seconds'
 +        option password 'YourNamecheapDDNSpassword'
 +        option enabled '1'
 +        option ip_source 'interface'
 +        option ip_interface 'pppoe-wan'
 +        option service_name 'namecheap.com'
 +        option force_interval '24'
 +        option domain 'Your.Domain'
 +        option username 'mail'
 +
 +</code>
 +
 +You can hand test the records for 'www' and 'mail', labeled 'myddns' and 'mail' with:
 +<code>
 +/usr/lib/ddns/dynamic_dns_updater.sh myddns
 +/usr/lib/ddns/dynamic_dns_updater.sh mail
 +</code>
 +
 +Look at the return XML and see that the Error Count is 0 to validate a successful update. Check each record, one at a time. Use <Ctrl-C> to kill the test daemons.
 +
 +
 +===== Manually starting ddns-scripts =====
 +
 +The ddns-scripts monitoring script starts when hotplug ifup event happens. This will happen automatically at system startup when the named interface comes up. The simplest way to start ddns-scripts is to reboot, but to avoid a reboot, it can be started manually from the command line.  After setting "enabled" to 1 and configuring other settings as above, manually generate an ifup hotplug event for the desired interface.
 +
 +  * This will case the the hotplug script /etc/hotplug.d/25-ddns to run
 +    * For INTERFACE, type the specified ddns-scripts interface name (the interface name from ''/etc/config/network'', usually 'wan')
 +
 +<code>
root@OpenWrt:~# ACTION=ifup INTERFACE=wan /sbin/hotplug-call iface root@OpenWrt:~# ACTION=ifup INTERFACE=wan /sbin/hotplug-call iface
</code> </code>
-==== Trying it out ==== +  * As an alternative, ddns-scripts can be called at a lower level 
-The script runs when hotplug events happen or a monitored IP address changes, so initially, you have to start it manually.  After setting "enabled" to 1, run the following:+    * type the specified ddns-scripts interface name (the interface name from ''/etc/config/network'', usually 'wan')
<code> <code>
Line 145: Line 328:
exit exit
</code> </code>
-,where "wan" is the name of the interface from ''/etc/config/ddns'', which also has to match an interface from ''/etc/config/network''. At this point you can verify that the dynamic DNS updater service is running by calling '# ps' from the command line and looking for '/usr/lib/ddns/dynamic_dns_updater.sh myddns 0' process.  
-You can also simulate a hotplug event to trigger a DDNS update manually:+  * Beginning ddns-scripts Version 1.0.0-23 
 +    * simply enable/disable start/stop/restart like every other service
<code> <code>
-root@OpenWrt:~# ACTION=ifup INTERFACE=wan /sbin/hotplug-call iface +root@OpenWrt:~# /etc/init.d/ddns enable 
-</code>where 'wan' is the interface name from ''/etc/config/network''.+root@OpenWrt:~# /etc/init.d/ddns start 
 +</code>
-==== Debugging ==== +===== Verification ===== 
-If something goes wrong, you can see what is happenning by calling+ 
 +  * Verify the ddns-scripts interface monitor script is running 
 +  * One instance of this script should be running for each ddns-scripts configuration defined 
 + 
 +<code> 
 +ps | grep dynamic_dns_updater.sh 
 +</code> 
 + 
 +  * Verify the correct IP address by pinging the dynamic DNS name 
 + 
 +===== Alerting ===== 
 + 
 +  * ddns-scripts does not send any alerts when it detects or updates the DDNS IP address 
 +  * Marius Gedminas posted a two-line patch to ddns-scripts available at [[http://patchwork.openwrt.org/patch/1072/]]. This change adds syslog output when an IP change is detected. It can be manually added to /usr/lib/ddns/dynamic_dns_updater.sh. 
 +    * For ddns-scripts ver. 1.0.0-21 (the version OpenWrt Attitude Adjustment 12.09), the line numbers to look for are after original lines 294 and 325 
 +    * If OpenWrt is configured to send syslog output to a remote syslog server (see [[doc/howto/log.overview]]), that server can be configured to perform various alerting actions 
 + 
 +===== Debugging ===== 
 + 
 +If something goes wrong, you can see a log of activity by calling
<code> <code>
/usr/lib/ddns/dynamic_dns_updater.sh myddns /usr/lib/ddns/dynamic_dns_updater.sh myddns
</code> </code>
Note: //myddns// is the name of the service config entry in ///etc/config/ddns// file. Note: //myddns// is the name of the service config entry in ///etc/config/ddns// file.
 +
 +If you only see the update_url= output you forgot the enable flag for the service.
For example if you see //badauth// in //Update Output//, you have to change your password which contains only letters and numbers. Because busybox's (v1.15.3) wget implementation has an issue handling encoded URLs. For example if you see //badauth// in //Update Output//, you have to change your password which contains only letters and numbers. Because busybox's (v1.15.3) wget implementation has an issue handling encoded URLs.
-==== Tweaks ====+Sometimes the scripts mess up and many instances of the updater will be fired. In this case, use this command to kill them all and start again 
 +<code> 
 +root@OpenWrt:~# ps | grep dynami[c] | awk '{print $1}' | xargs kill 
 +root@OpenWrt:~# ACTION=ifup INTERFACE=wan /sbin/hotplug-call iface 
 +</code> 
 + 
 +===== Tweaks =====
Full API documentation available here: https://www.dyndns.com/developers/specs/syntax.html Full API documentation available here: https://www.dyndns.com/developers/specs/syntax.html
Line 173: Line 384:
with:<code> with:<code>
"dyndns.org"            "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?wildcard=NOCHG&hostname=[DOMAIN]&myip=[IP]" "dyndns.org"            "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?wildcard=NOCHG&hostname=[DOMAIN]&myip=[IP]"
 +</code>
 +
 +To add dyndns protocol compatible services like dyndns.fr, add a line in ''/usr/lib/ddns/services''
 + with:<code>
 +"dyndns.fr"            "http://[DOMAIN]:[PASSWORD]@dyndns.dyndns.fr/update.php?hostname=[DOMAIN]&myip=[IP]"
 +</code>
 +
 +To add dyndns protocol compatible services like dyndnspro.com, add a line in ''/usr/lib/ddns/services''
 + with:<code>
 +"dyndnspro.com"            "http://[DOMAIN]:[PASSWORD]@dyndns.dyndnspro.com/update.php?hostname=[DOMAIN]&myip=[IP]"
 +</code>
 +
 +To add dyndns protocol compatible services like dynamicdomain.net, add a line in ''/usr/lib/ddns/services''
 + with:<code>
 +"dynamicdomain.net"            "http://[DOMAIN]:[PASSWORD]@dyndns.dynamicdomain.net/update.php?hostname=[DOMAIN]&myip=[IP]"
</code> </code>
Line 179: Line 405:
"dyndns.it"            "http://[USERNAME]:[PASSWORD]@dyndns.it/nic/update?hostname=[DOMAIN]&myip=[IP]" "dyndns.it"            "http://[USERNAME]:[PASSWORD]@dyndns.it/nic/update?hostname=[DOMAIN]&myip=[IP]"
</code> </code>
 +
To add dyndns protocol compatible services like no-ip.com, add a line in ''/usr/lib/ddns/services'' To add dyndns protocol compatible services like no-ip.com, add a line in ''/usr/lib/ddns/services''
Line 185: Line 412:
</code> </code>
 +To add dyndns protocol compatible services like duckdns.org, add a line in ''/usr/lib/ddns/services''
 + with:<code>
 +"duckdns.org"          "http://www.duckdns.org/update?domains=[DOMAIN]&token=[PASSWORD]&ip=[IP]"
 +</code>
-==== SSL support ====+To add dyndns protocol compatible services like system-ns.com, add a line in ''/usr/lib/ddns/services'' 
 + with:<code> 
 +"system-ns.com"          "http://system-ns.com/api?type=dynamic&domain=[DOMAIN]&command=set&token=[PASSWORD]&ip=[IP]" 
 +</code>
-By default ''ddns-scripts'' uses the wget program for DNS updates. Busybox provides its own version of ''wget'', which does not support SSL. In order to use SSL (https) for updating the DNS info, you can either follow the instructions at [[wget-ssl-certs|SSL and Certificates in wget]] or install ''curl'' and see the correct way below. You will need to add the appropriate root certificate for your ddns provider.+To add dyndns protocol compatible services like two-dns.de, add a line in ''/usr/lib/ddns/services'' 
 + with:<code> 
 +"two-DNS"          "http://[USERNAME]:[PASSWORD]@update.twodns.de/update?hostname=[DOMAIN]&ip=[IP]" 
 +# with https Support 
 +"two-DNS_https"          "https://[USERNAME]:[PASSWORD]@update.twodns.de/update?hostname=[DOMAIN]&ip=[IP]" 
 +# needs: 
 +# option use_https        1 
 +# option cacert          /etc/ssl/certs/Example_CA.pem 
 +# and install curl 
 +# as shown below 
 +</code>
-===Adding ddns ssl services=== 
-Edit ''/usr/lib/ddns/services'' and add "dnydns.org (SSL)" 
-<code bash># DDNS supporting HTTPS connections requires wget or curl with SSL/HTTPS support 
-"dyndns.org (SSL)"      "https://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]"</code> 
-At this point you may use either either The Correct Method using curl or Using Wget.  
-===The correct way=== + 
-Install curl and add the following to /etc/config/ddns (replace cacert path to the correct one, either a file or a directory):+===== SSL support ===== 
 + 
 +By default ''ddns-scripts'' uses ''wget'' for DNS updates over http, and ''curl'' for DNS updates over https (SSL). In order for ''ddns-scripts'' to perform DNS updates over https (SSL), you will need to install the ''curl'' package, and add the appropriate root certificate for your ddns provider. 
 + 
 +Busybox provides its own version of ''wget''; however, it does not support https (SSL). You can either follow the instructions at [[wget-ssl-certs|SSL and Certificates in wget]] or install ''curl'' and see the correct way below. 
 + 
 +====The correct way using curl ==== 
 +There is no need to modify ''/usr/lib/ddns/services''. Automatic change of URI scheme from ''http'' to ''https'' is controlled by the ''use_https'' variable. Install ''curl'' and add the following to ''/etc/config/ddns'' (replace ''cacert'' path to the correct one, either a file or a directory):
<code> <code>
Line 203: Line 449:
option cacert          /etc/ssl/certs/Example_CA.pem option cacert          /etc/ssl/certs/Example_CA.pem
</code> </code>
-Note that you need to download a Certificate Authority bundle as curl's pre-packaged bundle is out of date. Curl does maintain a current CA bundle here: http://curl.haxx.se/ca/ +Note that you need to download a Certificate Authority bundle as curl's pre-packaged bundle is out of date. Curl does maintain a current CA bundle here: http://curl.haxx.se/ca/ 
 + 
 +Use the following commands to download the Curl CA bundle: 
 + 
 +<code> 
 +root@OpenWrt:~# mkdir -p /etc/ssl/certs/ 
 +root@OpenWrt:~# wget -P /etc/ssl/certs/ http://curl.haxx.se/ca/cacert.pem 
 +</code>
===Curl SSLv2,3 Support=== ===Curl SSLv2,3 Support===
If your DDNS provider is using SSLv2 or SSLv3 Curl will throw error code 35 because it can't connect unless you specify the correct SSL version. If your DDNS provider is using SSLv2 or SSLv3 Curl will throw error code 35 because it can't connect unless you specify the correct SSL version.
-To fix this, you must modify /usr/lib/ddns/dynamic_dns_updater.sh as such:+To fix this, you must modify ''/usr/lib/ddns/dynamic_dns_updater.sh'' as such:
For SSLv2 replace --sslv3 with --sslv2 For SSLv2 replace --sslv3 with --sslv2
Line 231: Line 484:
</code> </code>
-===Using wget===+If your ddns provider uses a self-signed certificate, or if the certificate issuer is not listed in the curl CA bundle, ''curl'' will throw error code 60 and not open a connection to the ddns provider. To fix this, you must modify ''/usr/lib/ddns/dynamic_dns_updater.sh'' as such: 
 + 
 +**Warning:** This allows ''curl'' to connect to https sites without SSL certificates. Only do this if no other options are available, and if you ultimately trust your ddns provider. 
 + 
 +Find this string of code: 
 +<code> 
 +retrieve_prog="${retrieve_prog}--cacert $cacert " 
 +</code> 
 + 
 +Replace it with the following: 
 +<code> 
 +retrieve_prog="${retrieve_prog}-k " 
 +</code> 
 + 
 +Find this string of code: 
 +<code> 
 +retrieve_prog="${retrieve_prog}--capath $cacert " 
 +</code> 
 + 
 +Replace it with the following: 
 +<code> 
 +retrieve_prog="${retrieve_prog}-k " 
 +</code> 
 + 
 +====Using wget====
If you want to stick to wget, then you should set SSL_CERT_DIR variable in ''/usr/lib/ddns/dynamic_dns_functions.sh'' before calling ''/usr/lib/ddns/dynamic_dns_updater.sh'' because ''/etc/profile'' is not sourced in daemon mode. If you want to stick to wget, then you should set SSL_CERT_DIR variable in ''/usr/lib/ddns/dynamic_dns_functions.sh'' before calling ''/usr/lib/ddns/dynamic_dns_updater.sh'' because ''/etc/profile'' is not sourced in daemon mode.
-===Self-Signed certificates===+=== Using wget with self-signed SSL certificates===
//Note: this is also a workaround for the wget ssl bug mentioned on [[wget-ssl-certs#A.Caveat|SSL and Certificates in wget#A Caveat]]// //Note: this is also a workaround for the wget ssl bug mentioned on [[wget-ssl-certs#A.Caveat|SSL and Certificates in wget#A Caveat]]//
Line 248: Line 525:
retrieve_prog="/usr/bin/curl"; retrieve_prog="/usr/bin/curl";
</code> </code>
- 
===== Using webif ===== ===== Using webif =====
Line 270: Line 546:
  * [[http://forum.openwrt.org/viewtopic.php?id=14040|exobyte's Kamikaze dyndns.org script (based of JimWright's)]]   * [[http://forum.openwrt.org/viewtopic.php?id=14040|exobyte's Kamikaze dyndns.org script (based of JimWright's)]]
  * run nsupdate from /etc/udhcpc.user to update an authoritative master configured for DDNS.   * run nsupdate from /etc/udhcpc.user to update an authoritative master configured for DDNS.
- 

Back to top

doc/howto/ddns.client.1350110810.txt.bz2 · Last modified: 2012/10/13 08:46 by insanid