User Tools

Site Tools


doc:howto:ddns.client

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:ddns.client [2014/08/23 14:41]
charles_brown add info about noip account confirmation
doc:howto:ddns.client [2015/07/07 11:25] (current)
chris5560 [Alerting]
Line 1: Line 1:
 +<​html>​
 +<table class="​inline"​ style="​width:​70%;​ margin-left:​5%">​
 +  <tr>
 +    <td style="​border-left:​6px solid #d3bc00; vertical-align:​middle">​
 +      <img src="/​_media/​meta/​icons/​tango/​48px-construction.svg.png"​ alt=""​ style="​float:​left;​ margin-right:​0.5em"​ />
 +      <​strong>​Under Construction!</​strong><​br />
 +      This page is currently under (re-)construction. You can <a href="?​do=edit">​edit</​a>​ the article to help completing it.
 +    </td>
 +  </tr>
 +</​table>​
 +</​html>​
 +
 ====== DDNS Client ====== ====== DDNS Client ======
 If you want to set up a DDNS Server instead, please see [[doc:​howto:​ddns.server]]. If you want to set up a DDNS Server instead, please see [[doc:​howto:​ddns.server]].
 +
 +:!: **During reconstruction you will find the old wiki text [[#​old_wiki_text|here.]]** :!:
 +
 +===== Introduction =====
 +
 +DDNS stands for [[wp>​Dynamic_DNS|Dynamic DNS]]. Simply put, using this service gives a name to your IP. So if you're hosting something on your line, people would not have to bother typing your IP. They can just type in your domain name! It also helps when your IP changes. Users won't need to discover what your new IP is, they can simply type your domain name. 
 +
 +This guide will help you configure your DDNS service, so that your router auto-updates your IP to your DDNS provider. The simplest method possible would be through LuCI (the default webUI for OpenWrt).
 +
 +OpenWrt uses //​ddns-scripts//​ which are [[wp>​Bourne_shell|Bourne shell]] scripts.\\
 +There are other scripts and programs available in the web, also some DDNS providers offer their own programs.\\
 +All of them are currently not ported and tested on OpenWrt.
 +
 +:!: **Inside OpenWrt two package versions are available:​**\\
 +up to Barrier Breaker 14.07 it's //​ddns-scripts//​ version 1.x\\
 +since Chaos Calmer 15.05 it's //​ddns-scripts//​ version 2.x with IPv6 support and many other extensions\\
 +the corresponding LuCI application //​luci-app-ddns//​ is also available.
 +
 +**Without any annotation the description works for all //​ddns-scripts//​ versions.**
 +
 +===== Requirements =====
 +
 +First of all, you'll need to pick and register a DNS name with a compatible DynamicDNS service provider.\\
 +For a list of DDNS providers, see:
 +  * https://​www.google.de/​search?​q=dynamic+dns+provider+list
 +  * http://​www.dmoz.org/​Computers/​Internet/​Protocols/​DNS/​DNS_Providers/​Dynamic_DNS/​
 +  * http://​dnslookup.me/​dynamic-dns/​
 +
 +//​ddns-scripts//​ support the following services out of the box:\\
 +^  since 10.03\\ ver. 1.0.0-17 ​ ^  added in AA 12.09\\ ver. 1.0.0-21 ​ ^  added in BB 14.07\\ ver. 1.0.0-23 ​ ^  added in CC 15.05\\ ver. 2.4.3-1 ​ ^  added in trunk\\ ver. 2.4.3-1 ​ ^
 +|  changeip.com ​ |  3322.org ​ |  ddns.com.br ​ |  BIND nsupdate <​sup>​IPv6</​sup>​ (<​sup>​3 4</​sup>​) | |
 +|  dnsdynamic.org ​ |  dnsomatic.com ​ |  duiadns.net ​ |  cloudflare.com <​sup>​IPv6</​sup>​ (<​sup>​2</​sup>​) ​ | |
 +|  dnsexit.com ​ |  easydns.com ​ |  mythic-beasts.com ​ |  domains.google.com ​ | |
 +|  dnsmax.com / thatip.com ​ |  namecheap.com ​ |  spdns.de <​sup>​IPv6</​sup> ​ |  loopia.se <​sup>​IPv6</​sup> ​ | |
 +|  dyndns.org ​ |  ovh.com ​ | |  mydns.jp <​sup>​IPv6</​sup> ​ | |
 +|  free.editdns.net ​ | | |  no-ip.com / noip.com (<​sup>​1</​sup>​) ​ | |
 +|  freedns.afraid.org <​sup>​IPv6</​sup> ​ | | |  no-ip.pl <​sup>​IPv6</​sup> ​ | |
 +|  he.net <​sup>​IPv6</​sup> ​ | | |  selfhost.de ​ | |
 +|  no-ip.com / noip.com (<​sup>​1</​sup>​) ​ | | |  twodns.de ​ | |
 +|  zoneedit.com ​ | |
 +(<​sup>​1</​sup>​) **since CC 15.05** require additional package //​ddns-scripts_no-ip_com//​ to be installed.\\
 +(<​sup>​2</​sup>​) needs additional package //​ddns-scripts_cloudflare//​ to be installed.\\
 +(<​sup>​3</​sup>​) directly updates a PowerDNS (or maybe bind server) via nsupdate.\\
 +(<​sup>​4</​sup>​) needs additional package //​ddns-scripts_nsupdate//​ and ''​bind-client''​ to be installed.\\
 +<​sup>​IPv6</​sup>​ **since CC 15.05** support IPv6
 +
 +If you have picked a DDNS service provider and create your host/domain name you need to note additional your username and password.\\
 +Now you need to decide if you want to use secure communication with your DDNS provider or not.\\
 +Some provider require secure ([[wp>​HTTPS|HTTPS]]) communication. Read their help pages for details and also read provider specific informations below.
 +
 +
 +===== Support =====
 +If you need support, found an issue or only want to request a new extension for the next release, please post your questions/​issues/​requests here: **(Don'​t forget to post informations about your used software versions.)**
 +   * [[https://​forum.openwrt.org/​|OpenWrt Forum]]
 +   * [[https://​github.com/​openwrt/​packages|Github-OpenWrt-Packages]] for //​ddns-scripts//​
 +   * [[https://​github.com/​openwrt/​luci|Github-OpenWrt-LuCI]] for //​luci-app-ddns//​
 +A full list of supported settings (some not supported by LuCI webUI):
 +   * UCI documentation -> [[doc:​uci:​ddns|Dynamic DNS Client configuration]]
 +The source code is maintained at GitHub:
 +   * [[https://​github.com/​openwrt/​packages/​tree/​master/​net/​ddns-scripts|ddns-scripts]]
 +   * [[https://​github.com/​openwrt/​luci/​tree/​master/​applications/​luci-app-ddns|luci-app-ddns]]
 +
 +===== Installation =====
 +==== using LuCI ====
 +Login into your router through your browser.\\
 +From the menu select '''​System'''​ -> '''​Software'''​\\
 +Press button [Update Lists] to update internal lists of available packages.\\
 +Filter for //ddns// and install //​luci-app-ddns//​ package.
 +
 +Installing the package //​luci-app-ddns//​ will automatically install the package //​ddns-scripts//​.\\
 +:!: **since CC 15.05** you might need to install provider specific packages //​ddns-scripts_xxxxx//​ and LuCI language packages //​luci-i18n-ddns-xx//​.
 +
 +After luci-app-ddns (and other packages) are installed, just press any other menu entry on the Openwrt LuCI webUI, and the page will refresh itself and it will appear in the menu under '''​Services'''​ -> '''​%%Dynamic DNS%%'''​.
 +
 +==== via Console ====
 +To install //​ddns-scripts//​ use the [[doc:​techref:​opkg|OPKG Package Manager]] \\
 +:!: **since CC 15.05** you might need to install provider specific packages
 +<​code>​
 +opkg update
 +opkg install ddns-scripts
 +opkg install ddns-scripts_xxxxx
 +</​code>​
 +
 +==== SSL support ====
 +
 +By default //​ddns-scripts//​ uses BusyBox buildin ''​wget''​ for DDNS updates over http, which does not support https (SSL). \\ 
 +To perform DDNS updates over https (SSL), you will need to install the ''​wget''​ or ''​curl''​ package, and add the appropriate root certificate for your ddns provider.\\
 +:!: **including AA 12.09** only ''​curl''​ is supported. To use ''​wget''​ look at [[wget-ssl-certs|SSL and Certificates in wget]].\\
 +:!: **since BB 14.07** If both ''​wget''​ and ''​curl''​ packages are installed, //​ddns-scripts//​ will use ''​wget''​ for communication.\\
 +:!: **since CC 15.05** If both packages installed you can configure which one to prefere. Default is ''​wget''​.
 +
 +:!: **since BB 14.07** installation is simple by installing ''​wget''​ or ''​curl''​ plus ''​ca-certificates''​ packages.
 +
 +<​code>​
 +opkg update
 +opkg install wget     # normally you only need
 +opkg install curl     # either wget or curl
 +opkg install ca-certificates
 +</​code>​
 +
 +For older OpenWrt versions install ''​curl''​ using description below. FIXME \\
 +or follow the instructions at: [[wget-ssl-certs|SSL and Certificates in wget]].\\
 +
 +==== other functions ====
 +
 +:!: **since CC 15.05** //​ddns-scripts//​ support other special communication functions to be used:
 +  * Set proxy with/​without authenfication for http/https requests
 +  * Set DNS server to use other than system default
 +  * Binding to specific network if ''​wget''​ or to specific interface if ''​curl''​ installed.
 +  * Force the usage of either IPv4 or IPv6 communication only. Require either ''​wget''​ or ''​curl''​ AND ''​bind-host''​ !
 +  * DNS requests via TCP. Require either ''​wget''​ or ''​curl''​ AND ''​bind-host''​ !
 +
 +===== Configuration =====
 +==== Basics ====
 +ddns-scripts are designed to update one host per configuration/​section.\\
 +To update multiple hosts or providers or IPv4 and IPv6 for the same host you need to define separate configurations/​sections.\\
 +Some provider offer to update multiple host within one update request. A possible solution for this option is to use ''​--custom--''​ service name settings.\\
 +Have a look at [[#​provider_specifics|Provider specifics]].
 +
 +The main settings you need to set are (all other normally work fine with the defaults):​\\
 +|  Service name | the DDNS service provider to use  |
 +|  Host/Domain | your [[wp>​Fully_qualified_domain_name|FQDN]] you want to update (used by //​ddns-scripts//​ using nslookup to check if update has happen) ​ |
 +|  Username | username or other parameter to use as username ​ |
 +|  Password | password or other parameter to use as password\\ :!: **including BB 14.07** Ensure this password does not have "​$1"​ or $ with any number following in it, as this breaks the script. ​ |
 +|  Interface | network name (i.e. wan, wan6) used by OpenWrt hotplug event system to start //​ddns-scripts// ​ |
 +
 +After fresh installation a configuration/​section '''​myddns'''​ and **since CC 15.05** '''​myddns_ipv4'''​ and '''​myddns_ipv6'''​ exists ready to be modified for your needs.\\
 +You could delete them and define your own.\\
 +
 +{{:​meta:​icons:​tango:​dialog-warning.png?​nolink&​32x32}} ​ **Please heed the following important hints:**
 +  *** It is NOT allowed to use ''​dash''​-sign "​-"​ inside configuration/​section names.**
 +  ***A full list of supported settings (some not supported by LuCI webUI) you will find in [[doc:​uci:​ddns|UCI documentation]]!**
 +  ***Always keep in mind the [[#​provider_specifics|Provider specific]] settings if there are any!**
 +  ***Don'​t forget to enable your configuration/​section!**
 +  ***You need minimum one enabled configuration/​section for //ddns// service to start!**
 +  ***since BB 14.07 you need to enable //ddns// service to enable updates being send on reboot and hotplug events!**
 +  ***__//​Although described elsewhere, it is not recommended to change the files '''/​usr/​lib/​ddns/​services'''​ or '''/​usr/​lib/​ddns/​services_ipv6'''​ because they will be overwritten during updates!//​__**
 +==== using LuCI ====
 +Login into your router through your browser.\\
 +From the menu select '''​Services'''​ -> '''​%%Dynamic DNS%%'''​.\\
 +Navigate to the configuration/​section you like to change.\\
 +Modify the fields you need to change.\\
 +Don't forget to check the '''​Enabled'''​ option!\\
 +Click [Save & Apply] button to save changes.
 +
 +To add a new configuration/​section:​\\
 +Type the new name into the text entry box at the bottom of the page next to [Add] button.\\
 +:!: **Do not use a ''​dash''​ character "​-"​ in configuration/​section name!**\\
 +Click [Add] button.\\
 +Modify the fields you need to change.\\
 +Don't forget to check the '''​Enabled'''​ option!\\
 +Click [Save & Apply] button to save changes.
 +
 +:!: **since CC 15.05** '''​Username'''​ and '''​Password'''​ fields are required fields. If your provider do not require one or both of them, simply put in a character of your choise.
 +
 +:!: ** since BB 14.07 you need to enable ddns service!**\\
 +From the menu select '''​System'''​ -> '''​Startup'''​.\\
 +Set //ddns// service to enabled.
 +
 +=== SSL Support ===
 +:!: **including BB 14.07** it is not possible to configure SSL-Support (using HTTPS) via LuCI webUI. You need to configure [[#​ssl_support2|via console]]!\\
 +:!: ** since CC 15.05** Options to configure HTTPS communication are only available if ''​wget''​ or ''​curl''​ package is installed. (See ''​Hints''​ if shown.)
 +
 +Check '''​Use HTTP Secure'''​ option.\\
 +Additional field '''​Path to CA-Certificate'''​ is shown with it's default setting.\\
 +If you have installed ''​ca-certificate''​ package leave the shown default! (''/​etc/​ssl/​certs''​)\\
 +If you like to use other certificate you need to set here the full path to the certificate including file name. (''/​path/​to/​file.crt''​)\\
 +If your certificates are stored in a different path, set here the path where your certificates are located. (''/​path/​to/​files''​)\\
 +Click [Save & Apply] button to save changes.
 +
 +=== Custom Service ===
 +If you want to use a DDNS provider currently not listed or you want to update multiple hosts within one configuration/​section then you should do the following:​\\
 +Choose '''​--custom--'''​ as service.\\
 +Additional field '''​%%Custom update-URL%%'''​ is shown.\\
 +Fill in the URL you like to use. :!: Please read URL syntax description [[#​custom_service1|below]].\\
 +Also have a look at [[#​provider_specifics|Provider specifics]].\\
 +Click [Save & Apply] button to save changes.
 +
 +:!: **If you found a DDNS provider not listed or with additional IPv6 support or with changed update URL please open an issue at [[https://​github.com/​openwrt/​packages|Github-OpenWrt-Packages]] so it can be included with the next release.**
 +==== via Console ====
 +
 +The easiest way to configure //​ddns-scripts//​ via console is to edit the file ''/​etc/​config/​ddns''​ directly using build-in [[wp>​Vi|vi editor]] or any other editor you prefer. Other editors as ''​vi''​ needs to be installed separately.
 +
 +A configuration/​section looks like:
 +<​code>​
 +config service "​myddns"​
 + option service_name "​example.org"​
 + option domain "​yourhost.example.org"​
 + option username "​your_username"​
 + option password "​your_password"​
 + option interface "​wan"​
 + option ip_source "​network"​
 + option ip_network "​wan"​
 +</​code>​
 +
 +Alternatively you can use [[doc:​uci#​command_line_utility|UCI command line interface]].\\
 +Example input:
 +<​code>​
 +uci set ddns.myddns.service_name="​ddnsprovider.com"​ #​ only use names listed in /​usr/​lib/​ddns/​services ​
 + # or /​usr/​lib/​ddns/​services_ipv6 (since CC 15.05)
 +uci set ddns.myddns.domain="​host.yourdomain.net"​
 +uci set ddns.myddns.username="​your_user_name"​
 +uci set ddns.myddns.password="​p@ssw0rd"​
 +uci set ddns.myddns.interface="​wan"​ #​ network interface that should start this configuration/​section
 +uci set ddns.myddns.enabled="​1"​
 +uci commit ddns # don't forget this, otherwise data not written to configuration file
 +</​code>​
 +
 +''​ddns.myddns.enabled="​1"''​ means:
 +  * ''​ddns''​ is the configuration file to change (here ''/​etc/​config/​ddns''​)
 +  * ''​myddns''​ is the configuration/​section to change
 +  * ''​enabled''​ is the option to set/change
 +  * behind the ''​equal''​-sign is the value to set. :!: Set ''​single''​- or ''​double''​-quotes around the value and no space or whitespace around the ''​equal''​-sign.
 +
 +Example to create/add a new configuration/​section "​newddns":​
 +<​code>​
 +uci set ddns.newddns="​service"​
 +uci set ddns.newddns.service_name="​ddnsprovider.com"​ #​ only use names listed in /​usr/​lib/​ddns/​services
 + # or /​usr/​lib/​ddns/​services_ipv6 (since CC 15.05)
 +uci set ddns.newddns.domain="​host.yourdomain.net"​
 +uci set ddns.newddns.username="​your_user_name"​
 +uci set ddns.newddns.password="​p@ssw0rd"​
 +uci set ddns.newddns.interface="​wan"​ #​ network interface that should start this configuration/​section
 +uci set ddns.newddns.enabled="​1"​
 +uci commit ddns # don't forget this, otherwise data not written to configuration file
 +</​code>​
 +
 +:!: **since BB 14.07 you need to enable //ddns// service by:**
 +<​code>​
 +/​etc/​init.d/​ddns enable
 +</​code>​
 +
 +=== SSL Support ===
 +To enable SSL-Support edit '''/​etc/​config/​ddns'''​ file and add the following options:
 +<​code>​
 +config service "​myddns"​
 + ...
 + option use_https "​1"​
 + option cacert "/​etc/​ssl/​certs"​ #​ default if ca-certificates package installed
 +</​code>​
 +or via UCI command line interface:
 +<​code>​
 +uci set ddns.myddns.use_https="​1"​
 +uci set ddns.myddns.cacert="/​etc/​ssl/​certs"​
 +uci commit ddns # don't forget this, otherwise data not written to configuration file
 +</​code>​
 +
 +'''​option cacert'''​ settings:\\
 +If you have installed ca-certificate package leave the shown default! (/​etc/​ssl/​certs)\\
 +If you like to use other certificate you need to set here the full path to the certificate including file name. (/​path/​to/​file.crt)\\
 +If your certificates are stored in a different path, set here the path where your certificates are located. (/​path/​to/​files)
 +
 +:!: **including AA 12.09** additionally follow instructions to install curl using description below. FIXME\\
 +or follow the instructions at [[wget-ssl-certs|SSL and Certificates in wget]].
 +
 +=== Custom Service ===
 +Following changes need to be done if you use a DDNS provider currently not listed or to update multiple hosts within one configuration/​section.\\
 +Edit '''/​etc/​config/​ddns'''​
 +<​code>​
 +config service "​myddns"​
 + ...
 +# option service_name "​example.org"​ #​ comment out "#"​ or delete
 + option update_url "​http://​your.update.url...[USERNAME]...[PASSWORD]...[DOMAIN]...[IP]"​
 +</​code>​
 +or use UCI command line interface
 +<​code>​
 +uci delete ddns.myddns.service_name
 +uci set ddns.myddns.update_url="​http://​your.update.url...[USERNAME]...[PASSWORD]...[DOMAIN]...[IP]"​
 +uci commit ddns # don't forget this, otherwise data not written to configuration file
 +</​code>​
 +== URL Syntax ==
 +:!: It's not needful to set '''​https:​%%//​%%'''​. If SSL support is activated '''​http:​%%//​%%'''​ is replaced automatically.\\
 +:!: The entries [USERNAME] [PASSWORD] [DOMAIN] [IP] are replaced by //​ddns-scripts//​ just before update.\\
 +[USERNAME] is replaced by content of '''​option username'''​ from configuration file.\\
 +[PASSWORD] is replaced by content of '''​option password'''​ from configuration file.\\
 +[DOMAIN] is replaced by content of '''​option domain'''​ from configuration file.\\
 +[IP] is replaced by the current IP address of your OpenWrt system.
 +
 +:!: carefully set '''​option domain'''​ in your configuration. This option is also used to detect if the update was successfully done.\\ :!: This entry is the DNS name your OpenWrt system will be reachable from the internet.\\
 +:!: Have a look at [[#​provider_specifics|Provider specifics]] for samples.\\
 +
 +:!: **If you found a DDNS provider not listed or with additional IPv6 support or with changed update URL please open an issue at [[https://​github.com/​openwrt/​packages|Github-OpenWrt-Packages]] so it can be included with the next release.**
 +
 +===== Utilization =====
 +
 +|  {{:​meta:​icons:​tango:​48px-emblem-important.svg.png?​nolink&​32x32}} ​ | **Enable minimum one configuration/​section !\\ since BB 14.07 you need to enable ddns service !**  |
 +
 +==== Basics ====
 +Normally no user actions are required because //​ddns-scripts//​ starts when hotplug ''​ifup''​ event happens. This will happen automatically at system startup when the named interface comes up. Event ''​ifup''​ also happen when a dialup network comes up.\\
 +//​ddns-scripts//​ regularly check if there is a difference between your IP address at DNS and your interface. If different an update request is send to DDNS provider.\\
 +**since CC 15.05** whenever you [Save & Apply] an ''​Enabled''​ configuration/​section from LuCI webUI the corresponding script is automatically restarted.
 +
 +To check if //​ddns-scripts//​ are running you could check inside LuCI via '''​Status'''​ -> '''​Processes'''​\\ or via console running <​code>​ps -w | grep ddns</​code>​
 +You should find something like '''​{dynamic_dns_upd} /bin/sh /​usr/​lib/​ddns/​dynamic_dns_updater.sh **myddns** 0'''​\\
 +for every configuration/​section you configured and enabled, where **myddns** shows your configuration/​section name.
 +
 +**since CC 15.05** inside LuCI also exists a section '''​Dynamic DNS'''​ at '''​Status'''​ -> '''​Overview'''​ showing the current status of your DDNS configurations.
 +==== Run manually ====
 +=== using LuCI ===
 +To **check** running //​ddns-scripts//​ processes from the menu goto '''​Status'''​ -> '''​Processes'''​.\\
 +Look for something like '''​{dynamic_dns_upd} /bin/sh /​usr/​lib/​ddns/​dynamic_dns_updater.sh **myddns** 0'''​.\\
 +To **stop** a desired process press the [Terminate] or [Kill] button.\\
 +The process should remove from the list.
 +
 +**including AA 12.09**\\ //​ddns-scripts//​ can only be started creating an '''​ifup'''​ hotplug event by restarting the desired interface.\\
 +:!: Keep in mind that also other service processes (i.e. firewall) might be (re-)started via '''​ifup'''​ hotplug event!\\
 +From the menu select '''​Network'''​ -> '''​Interfaces'''​. Select the desired interface and press [Connect] button.
 +
 +**since BB 14.07**\\ You could enable/​disable and start/stop //​ddns-scripts//​ from '''​System'''​ -> '''​Startup'''​.\\
 +Look for service '''​ddns'''​ and press the button for the desired action.
 +
 +**since CC 15.05**\\ You could enable/​disable and start/stop individual configuration/​section from '''​Overview'''​-page at '''​Services'''​ -> '''​%%Dynamic DNS%%'''​.
 +
 +
 +=== via Console ===
 +From console command line you could create an '''​ifup'''​ hotplug event for the desired network interface. This will start all enabled ddns configurations/​sections monitoring this interface.\\
 +:!: Keep in mind that also other service processes (i.e. firewall) might be (re-)started via '''​ifup'''​ hotplug event!\\
 +For INTERFACE, type the specified //​ddns-scripts//​ interface name (the interface name from /​etc/​config/​network,​ usually '​wan'​)
 +<​code>​
 +ACTION=ifup INTERFACE=wan /​sbin/​hotplug-call iface
 +</​code>​
 +To **start** only one ddns configuration/​section (here '''​myddns'''​) line:
 +<​code>​
 +/​usr/​lib/​ddns/​dynamic_dns_updater.sh myddns 0 &
 +</​code>​
 +To **stop** one configuration/​section you need to list running ddns processes with:
 +<​code>​
 +ps -w | grep ddns
 +</​code>​
 +you will get something like:
 +<​code>​
 +2493 root      1440 R    {dynamic_dns_upd} /bin/sh /​usr/​lib/​ddns/​dynamic_dns_updater.sh myddns_1 0
 +2494 root      1440 R    {dynamic_dns_upd} /bin/sh /​usr/​lib/​ddns/​dynamic_dns_updater.sh myddns_2 0
 +</​code>​
 +now you need to kill every running process ('''​killall'''​ might not be available on all systems)
 +<​code>​
 +kill 2493 # to kill one process
 +kill 2493 2494 # to kill multiple processes
 +killall dynamic_dns_updater.sh #​ if command available
 +</​code>​
 +**since BB 14.07** you could ''​enable/​disable''​ and ''​start/​stop/​restart''​ all enabled ddns configuration/​section like every other service:
 +<​code>​
 +/​etc/​init.d/​ddns enable
 +/​etc/​init.d/​ddns start
 +/​etc/​init.d/​ddns stop
 +</​code>​
 +==== Debugging ====
 +{{:​meta:​icons:​tango:​48px-emblem-progress.svg.png?​nolink}}
 +==== Alerting ====
 +:!: **Including AA 12.09** there is no ''​syslog''​ support implemented in //​ddns-scripts//​.\\
 +To get an output to ''​syslog''​ you need to do the following modifications.\\
 +Edit '''/​etc/​config/​ddns'''​ and insert the new '''​option use_syslog'''​ to each configuration/​section:​
 +<​code>​
 +config service "​myddns"​
 + ...
 + option use_syslog "​1"​
 +</​code>​
 +Edit '''/​usr/​lib/​ddns/​dynamic_dns_functions.sh'''​ and append the following lines:
 +<​code>​
 +syslog_echo()
 +{
 + if [ "​$use_syslog"​ = 1 ]
 + then
 + echo $1|logger -t ddns-scripts-$service_id
 + fi
 +}
 +</​code>​
 +Edit '''/​usr/​lib/​ddns/​dynamic_dns_updater.sh'''​ and add the following lines:\\
 +:!: **for 10.03**
 +<​code>​
 +260 time_since_update=$(($current_time - $last_update))
 +261
 +262
 + syslog_echo "​Running IP check ..." # add this line
 +263 verbose_echo "​Running IP check..."​
 +</​code><​code>​
 +291 update_output=$( $retrieve_prog "​$final_url"​ )
 +292
 + syslog_echo "​Update returned: $update_output"​ #​ add this line
 +293 verbose_echo "​Update Output:"​
 +</​code>​
 +:!: **for AA 12.09**
 +<​code>​
 +284 time_since_update=$(($current_time - $last_update))
 +285
 +286
 + syslog_echo "​Running IP check ..." # add this line
 +287 verbose_echo "​Running IP check..."​
 +288 verbose_echo "​current system ip = $current_ip"​
 +289 verbose_echo "​registered domain ip = $registered_ip"​
 +</​code><​code>​
 +316 if [ $? -gt 0 ]
 +317 then
 + syslog_echo "​update failed, retrying in $retry_interval_seconds seconds"​ #​ add this line
 +318 verbose_echo "​update failed"​
 +319 sleep $retry_interval_seconds
 +320 continue
 +321 fi
 +322
 + syslog_echo "​Update successful"​ #​ add this line
 +323 verbose_echo "​Update Output:"​
 +</​code>​
 +
 +:!: **for BB 14.07**\\
 +Output to syslog is already supported by //​ddns-scripts//​ but you need to edit '''/​etc/​config/​ddns'''​ via console because LuCI does not support setting:
 +<​code>​
 +config service "​myddns"​
 + ...
 + option use_syslog "​1"​
 +</​code>​
 +
 +:!: **since CC 15.05** the '''​option use_syslog'''​ (also in LuCI) allow to define the level of events logged to syslog:
 +^  Value  ^ Reporting ​ ^
 +|  0  | disable ​ |
 +|  1  | info, notice, warning, errors ​ |
 +|  2  | notice, warning, errors ​ |
 +|  3  | warning, errors ​ |
 +|  4  | errors ​ |
 +|  :!: Critical errors forcing //​ddns-scripts//​ to break (stop) are always logged to syslog. :!:  ||
 +
 +**===========================================================================================================**
 +===== - =====
 +===== OLD WIKI TEXT =====
  
   * Tested with:   * Tested with:
     * OpenWrt Attitude Adjustment 12.09     * OpenWrt Attitude Adjustment 12.09
-    * OpenWrt Barrier Breaker ​r37816 +    * OpenWrt Barrier Breaker ​14.07 
 +  * New Version (2.x) with IPv6 support and many other options availible since: 
 +    * Chaos Calmer
 ===== Introduction ===== ===== Introduction =====
  
Line 18: Line 454:
 Here is a list of suggested DDNS providers. Here is a list of suggested DDNS providers.
  
-  * http://​freedns.afraid.org :!: free +  * http://​freedns.afraid.org :!: free - but currently a [[https://​dev.openwrt.org/​ticket/​10192|workaround]] is needed - FIXME 
-  * http://​noip.com :!: free but requires annoying account confirmation every 30 days+  * http://​noip.com :!: free but requires annoying account confirmation every 30 days - FIXME
   * http://​changeip.com :!: free   * http://​changeip.com :!: free
-  * http://​duckdns.org :!: free - generated config on site+  * http://​duckdns.org :!: free - generated config on site, or see the updated, [[doc:​howto:​ddns.client:​duckdns|sample config]] here.
   * http://​system-ns.com :!: free   * http://​system-ns.com :!: free
   * https://​dns.he.net/​ :!: free - if you have your own domain name, [[doc/​howto/​ddns.client/​hurricaneelectricfreedns]].   * https://​dns.he.net/​ :!: free - if you have your own domain name, [[doc/​howto/​ddns.client/​hurricaneelectricfreedns]].
   * http://​dnsdynamic.org ​ :!: free   * http://​dnsdynamic.org ​ :!: free
-  * http://​zoneedit.com :!: non-free (dns update by https required, curl needed. See [[http://​wiki.openwrt.org/​doc/​howto/​ddns.client#​ssl.support|SSL support]].)+  * http://​zoneedit.com :!: non-free (dns update by https required, curl needed. See [[http://​wiki.openwrt.org/​doc/​howto/​ddns.client#​ssl_support|SSL support]].)
   * http://​dyndns.org :!: non-free except if you donated in 1998-2001. 30-day free trial needs credit card number.   * http://​dyndns.org :!: non-free except if you donated in 1998-2001. 30-day free trial needs credit card number.
   * http://​dyndns.fr :!: non-free   * http://​dyndns.fr :!: non-free
   * Any other service that can update when some URL is accessed. ​ The script is quite versatile.   * Any other service that can update when some URL is accessed. ​ The script is quite versatile.
 +
 +A list of currently supported DDNS providers by ddns-scripts:​
 +  * **IPv4:** [[https://​github.com/​openwrt/​packages/​blob/​master/​net/​ddns-scripts/​files/​services|/​usr/​lib/​ddns/​services]]
 +  * **IPv6:** [[https://​github.com/​openwrt/​packages/​blob/​master/​net/​ddns-scripts/​files/​services_ipv6|/​usr/​lib/​ddns/​services_ipv6]] - :!: needs ddns-scripts V 2.x
  
 For a longer list of additional DDNS providers, see: For a longer list of additional DDNS providers, see:
Line 44: Line 484:
 Installing the package ''​luci-app-ddns''​ will automatically install the package ''​ddns-scripts'',​ which contains the scripts that actually update the dynamic DNS name (see below). Installing the package ''​luci-app-ddns''​ will automatically install the package ''​ddns-scripts'',​ which contains the scripts that actually update the dynamic DNS name (see below).
  
-After ''​luci-app-ddns''​ is installed, just press any other link on the Openwrt LuCI WebUI, and the page will refresh itself and Dynamic DNS will appear under Services > Dynamic DNS. If those tabs don't show up, run ''/​etc/​init.d/​uhttpd restart''​ or reboot the router.+After ''​luci-app-ddns''​ is installed, just press any other link on the Openwrt LuCI WebUI, and the page will refresh itself and Dynamic DNS will appear under Services > Dynamic DNS. If those tabs don't show up, run ''/​etc/​init.d/​uhttpd restart'',​ delete ''/​tmp/​luci-indexcache''​ or reboot the router
 + 
 +Beginning ddns-scripts Version 1.0.0-23 you need to enable ''​ddns''​ service in "​System"​-"​Startup"​ or run: ''/​etc/​init.d/​ddns enable''​ to enable updates being send on reboot and hotplug events.
  
 ==== Step 2: Configuration ==== ==== Step 2: Configuration ====
Line 58: Line 500:
 | Hostname | The DNS name to update (this name must already be registered with the the DDNS service) | your.domain.name | | Hostname | The DNS name to update (this name must already be registered with the the DDNS service) | your.domain.name |
 | Username | Username of your DDNS service account | yourusername | | Username | Username of your DDNS service account | yourusername |
-| Password | Password of your DDNS service account ​(ensure ​this password does not have "​$1"​ or $ with any number following in it, as this breaks the script| yourpassword |+| Password | Password of your DDNS service account. Ensure ​this password does **not** have "​$1"​ or $ with any number following in it, as this **breaks** the script. **For freedns.afraid.org,​ [[ddns.client#​Specific settings for freedns.afraid.org|read below]]**. ​| yourpassword |
 | Source of IP address | This tells the script how to determine your interface external IP address. See below for a description. | Usually "​network"​ | | Source of IP address | This tells the script how to determine your interface external IP address. See below for a description. | Usually "​network"​ |
 | Network/​Interface/​URL | This will be named based on the section of "​Source of IP address"​. Select the network, interface physical name, or type in the URL to use to determine the external IP address. | Usually "​wan"​ | | Network/​Interface/​URL | This will be named based on the section of "​Source of IP address"​. Select the network, interface physical name, or type in the URL to use to determine the external IP address. | Usually "​wan"​ |
-| Check for changed IP every | Self Explanatory | 10 |+| Check for changed IP every | Self Explanatory. Checks below 5 minutes make no sence because from testing, it takes this time until the global DNS servers be in sync | 10 |
 | Check-time unit | The unit for the value above | min | | Check-time unit | The unit for the value above | min |
 | Force update every | Even if the detected external IP address has not changed, update the DDNS name anyway after this time interval | 72 | | Force update every | Even if the detected external IP address has not changed, update the DDNS name anyway after this time interval | 72 |
Line 68: Line 510:
 Click "Save & Apply" to save changes. Click "Save & Apply" to save changes.
  
-=== Further details ​=== +=== Specific settings for freedns.afraid.org ​=== 
-  * freedns.afraid.org ​specific settings: +    You must **NOT** set your account password in the "​password"​ field. On the contrary, go to http://freedns.afraid.org/dynamic/, login, click "​Direct URL". On the location bar of your browser, copy the the authorisation tokenthe part after http://​freedns.afraid.org/​dynamic/​update.php? ​url. and paste it in the password field.
-    * put the authorisation token from the update url (the part after http://​freedns.afraid.org/​dynamic/​update.php?​in the password field.+
     * DO enter the host into the Hostname field. Although it is not used for the update, it //is// used to check the host's current IP address (via ''​nslookup''​).     * DO enter the host into the Hostname field. Although it is not used for the update, it //is// used to check the host's current IP address (via ''​nslookup''​).
 +
 +=== Further details ===
 +  * **A full list of supported settings (some not supported by LuCI WebUI) and their description you will find [[doc:​uci:​ddns|in UCI documentation]].**
   * Source of IP address ("​ip_source"​ in the configuration file)   * Source of IP address ("​ip_source"​ in the configuration file)
     * The "​ip_source"​ option can be "​network",​ "​interface",​ "​script"​ or "​web",​ with "​network"​ as the default     * The "​ip_source"​ option can be "​network",​ "​interface",​ "​script"​ or "​web",​ with "​network"​ as the default
Line 77: Line 521:
     * If "​ip_source"​ is "​interface"​ you specify a hardware interface (e.g. "​eth1"​) and whatever the current ip of this interface is will be associated with the domain when an update is performed.     * If "​ip_source"​ is "​interface"​ you specify a hardware interface (e.g. "​eth1"​) and whatever the current ip of this interface is will be associated with the domain when an update is performed.
     * If "​ip_source"​ is "​script"​ you specify a script to obtain ip address. The "​ip_script"​ option should contain path to your script. This option is not available through the LuCI web interface.     * If "​ip_source"​ is "​script"​ you specify a script to obtain ip address. The "​ip_script"​ option should contain path to your script. This option is not available through the LuCI web interface.
-    * The last possibility is that "​ip_source"​ is "​web",​ which means that in order to obtain our ip address we will connect to a website (specified in the URL field), and use the first valid ip address listed on that page. Use this option ​of the OpenWrt device is behind a NAT device and does not have a real external IP address assigned to the WAN interface being monitored. The correct URL will depend on the DDNS service being used. Check with the service'​s documentation to determine if they offer this feature and, if so, what the correct URL is.+    * The last possibility is that "​ip_source"​ is "​web",​ which means that in order to obtain our ip address we will connect to a website (specified in the URL field), and use the first valid ip address listed on that page. Use this option ​if the OpenWrt device is behind a NAT device and does not have a real external IP address assigned to the WAN interface being monitored. The correct URL will depend on the DDNS service being used. Check with the service'​s documentation to determine if they offer this feature and, if so, what the correct URL is.
       * For the DynDNS service, the URL is [[http://​checkip.dyndns.org]]       * For the DynDNS service, the URL is [[http://​checkip.dyndns.org]]
       * Multiple URLs can be used by separating the entries with a space.       * Multiple URLs can be used by separating the entries with a space.
Line 86: Line 530:
   * The simplest option is to reboot the router. This will automatically start the scripts as part of the normal interface startup process.   * The simplest option is to reboot the router. This will automatically start the scripts as part of the normal interface startup process.
   * If a reboot should be avoided, the scripts can be started manually by generating a hotplug event from the command line (see below for details)   * If a reboot should be avoided, the scripts can be started manually by generating a hotplug event from the command line (see below for details)
 +  * Beginning ddns-scripts Version 1.0.0-23 you need to enable //​**ddns**//​ service in "​System"​-"​Startup"​ to enable updates being send on reboot and hotplug events.
 +  * You can also start/​stop/​restart the service without reboot or generating a hotplug event.
  
 ==== Step 4: You're done! ==== ==== Step 4: You're done! ====
Line 179: Line 625:
 root@OpenWrt:​~#​ uci set ddns.myddns.enabled=1 root@OpenWrt:​~#​ uci set ddns.myddns.enabled=1
 root@OpenWrt:​~#​ uci commit ddns root@OpenWrt:​~#​ uci commit ddns
-</​code>​ 
- 
-=== Configuration for duckdns.org === 
-== Add Duck DNS to ''​services''​ == 
-The reason you want to add Duck DNS to the ''​services''​ file is because this will allow you to configure other ddns services if needed, and it allows for proper https usage with ''​curl''​. 
-Edit ''/​usr/​lib/​ddns/​services''​ and add this to the end of the file: 
-<​code>​ 
-# Duck DNS 
-"​duckdns.org" ​         "​http://​www.duckdns.org/​update?​domains=[DOMAIN]&​token=[PASSWORD]&​ip=[IP]"​ 
-</​code>​ 
-== Duck DNS https (SSL) Support == 
-[[duckdns.org]] uses a CA that is either self-signed,​ or not listed in the Curl CA bundle. ''​curl''​ will throw error 60 when trying to update over https. The only way I was able to get ''​curl''​ to update Duck DNS over https was to have ''​curl''​ ignore certificate checks with ''​curl -k''​. Modify ''/​usr/​lib/​ddns/​dynamic_dns_updater.sh''​ as follows: 
- 
-Find this string of code: 
-<​code>​ 
-retrieve_prog="​${retrieve_prog}--cacert $cacert " 
-</​code>​ 
-Replace it with this: 
-<​code>​ 
-retrieve_prog="​${retrieve_prog}-k " 
-</​code>​ 
-Find this string of code: 
-<​code>​ 
-retrieve_prog="​${retrieve_prog}--capath $cacert " 
-</​code>​ 
-Replace it with this: 
-<​code>​ 
-retrieve_prog="​${retrieve_prog}-k " 
-</​code>​ 
- 
-== Duck DNS ddns-scripts ''​config''​ example == 
-Uncomment use_https and cacert if you want to use https (SSL). 
-<​code>​ 
-config service "​myddns"​ 
-        option enabled ​         "​1"​ 
-        option interface ​       "​wan"​ 
-        option service_name ​    "​duckdns.org"​ 
-        option domain ​          "​DOMAIN"​ 
-        option username ​        "​LEAVE BLANK" 
-        option password ​        "​xxxxxxx-your-token-xxxx-xxxxxxxxxxxx"​ 
-        option force_interval ​  "​12"​ 
-        option force_unit ​      "​hours"​ 
-        option check_interval ​  "​10"​ 
-        option check_unit ​      "​minutes"​ 
-        option ip_source ​       "​web"​ 
-        option ip_url ​          "​http://​wtfismyip.com/​text"​ 
-       #​option use_https ​       "​1"​ 
-       #​option cacert ​          "/​etc/​ssl/​certs/​cacert.pem"​ 
 </​code>​ </​code>​
  
Line 301: Line 699:
 Look at the return XML and see that the Error Count is 0 to validate a successful update. Check each record, one at a time. Use <​Ctrl-C>​ to kill the test daemons. Look at the return XML and see that the Error Count is 0 to validate a successful update. Check each record, one at a time. Use <​Ctrl-C>​ to kill the test daemons.
  
 +Example for the LUCI form :
 +<​code>​
 +Enable = <​checked>​
 +Hostname = '​example.com'​
 +username = '​www'​
 +password = '​xxx-your-specific-ddns-pass-xx'​
 +Source of IP address = '​URL'​
 +URL = '​http://​dynamicdns.park-your-domain.com/​update?'​
 +</​code>​
  
 ===== Manually starting ddns-scripts ===== ===== Manually starting ddns-scripts =====
Line 321: Line 728:
 start_daemon_for_all_ddns_sections "​wan"​ start_daemon_for_all_ddns_sections "​wan"​
 exit exit
 +</​code>​
 +
 +  * Beginning ddns-scripts Version 1.0.0-23
 +    * simply enable/​disable start/​stop/​restart like every other service
 +
 +<​code>​
 +root@OpenWrt:​~#​ /​etc/​init.d/​ddns enable
 +root@OpenWrt:​~#​ /​etc/​init.d/​ddns start
 </​code>​ </​code>​
  
Line 340: Line 755:
     * For ddns-scripts ver. 1.0.0-21 (the version OpenWrt Attitude Adjustment 12.09), the line numbers to look for are after original lines 294 and 325     * For ddns-scripts ver. 1.0.0-21 (the version OpenWrt Attitude Adjustment 12.09), the line numbers to look for are after original lines 294 and 325
     * If OpenWrt is configured to send syslog output to a remote syslog server (see [[doc/​howto/​log.overview]]),​ that server can be configured to perform various alerting actions     * If OpenWrt is configured to send syslog output to a remote syslog server (see [[doc/​howto/​log.overview]]),​ that server can be configured to perform various alerting actions
 +  * For Barrier Breaker: Since Marius Gedminas'​s post isn't available anymore at the link above, here is an alternative solution:
 +    * open file /​usr/​lib/​ddns/​dynamic_dns_functions.sh for editing
 +    * insert a new if condition into verbose_echo() function
 +    * if [ -n "​$ddns_logfile"​ ]; then
 +    *      echo $1 >> $ddns_logfile
 +    * fi
 +    * modify the ddns config file via UCI:
 +    * uci set ddns.myddns.ddns_logfile=/​var/​log/​ddns.log
 +    * uci commit ddns
 +    * /​etc/​init.d/​ddns restart
 +  * For Chaos Calmer: ddns has been completely rewritten, now it supports loggig:
 +    * the logdir variable can be specified in global section of config file, the default value is /​var/​log/​ddns/​
  
 ===== Debugging ===== ===== Debugging =====
Line 359: Line 786:
 </​code>​ </​code>​
  
-===== Tweaks ​=====+===== Provider specifics ​=====
  
-Full API documentation available here: https://​www.dyndns.com/developers/specs/syntax.html+==== duckdns.org ==== 
 +Inside LuCI web UI select **--custom--** and fill in the other options accordingly\\ 
 +:!: Be sure to install the ssl certificates in /​etc/​ssl/​certs/​ca-bundle.pem as stated in the instructions for openwrt on https://​duckdns.org/​install.jsp \\ 
 +If duckdns'​ instructions still say download ca-bundle.crt,​ replace '​crt'​ with '​pem'​. ca-bundle.crt doesn'​t exist.\\ 
 +Additional use update_url and settings from below because otherwise updates fails.\\ 
 +Last tested: 2015-03-16 
 + 
 +<​code>​ 
 +# option service_name ​ ''​ 
 +option update_url ​   'http://www.duckdns.org/update?​domains=[USERNAME]&​token=[PASSWORD]&​ip=[IP]'​ 
 +option domain ​       '[Your FQDN]'​ 
 +option username ​     '[Your Host without "​.duckdns.org"​]'​ 
 +option password ​     '[Your token]'​ 
 +option use_https ​    '​1'​ 
 +option cacert ​       '/etc/ssl/​certs/​cacert.pem' 
 +</​code>​
  
 +==== other ====
 To enable wildcard domains (*.foo.dyndns.org) on dyndns.org, replace the line in ''/​usr/​lib/​ddns/​services''​ with:<​code>​ To enable wildcard domains (*.foo.dyndns.org) on dyndns.org, replace the line in ''/​usr/​lib/​ddns/​services''​ with:<​code>​
 "​dyndns.org" ​           "​http://​[USERNAME]:​[PASSWORD]@members.dyndns.org/​nic/​update?​wildcard=ON&​hostname=[DOMAIN]&​myip=[IP]"​ "​dyndns.org" ​           "​http://​[USERNAME]:​[PASSWORD]@members.dyndns.org/​nic/​update?​wildcard=ON&​hostname=[DOMAIN]&​myip=[IP]"​
Line 396: Line 839:
  ​with:<​code>​  ​with:<​code>​
 "​no-ip.org" ​           "​http://​[USERNAME]:​[PASSWORD]@dynupdate.no-ip.com/​nic/​update?​hostname=[DOMAIN]&​myip=[IP]"​ "​no-ip.org" ​           "​http://​[USERNAME]:​[PASSWORD]@dynupdate.no-ip.com/​nic/​update?​hostname=[DOMAIN]&​myip=[IP]"​
-</​code>​ 
- 
-To add dyndns protocol compatible services like duckdns.org,​ add a line in ''/​usr/​lib/​ddns/​services''​ 
- ​with:<​code>​ 
-"​duckdns.org" ​         "​http://​www.duckdns.org/​update?​domains=[DOMAIN]&​token=[PASSWORD]&​ip=[IP]"​ 
 </​code>​ </​code>​
  
Line 424: Line 862:
 ===== SSL support ===== ===== SSL support =====
  
-By default ''​ddns-scripts''​ uses ''​wget''​ for DNS updates over http, and ''​curl''​ for DNS updates over https (SSL). ​In order for ''​ddns-scripts''​ to perform DNS updates over https (SSL), you will need to install the ''​curl''​ package, and add the appropriate root certificate for your ddns provider.+By default ''​ddns-scripts''​ uses BusyBox buildin ​''​wget''​ for DNS updates over http, it does not support ​https (SSL). ​\\  
 +To perform DNS updates over https (SSL), you will need to install the ''​wget''​ or ''​curl''​ package, and add the appropriate root certificate for your ddns provider. ​\\ 
 +If both //''​wget''//​ and //''​curl''//​ packages are installed, ddns-scripts will use //''​wget''//​ for communication. 
 +You can either follow the instructions at [[wget-ssl-certs|SSL and Certificates in wget]] or install ''​curl''​ and see the correct way below. \\ \\ 
 +:!: since Barrier Breaker 14.07 you can simplify installation using: 
 +  * //''​wget''//​ - Version >= 1.16-1 **OR**  
 +  * //''​curl''//​ - Version >= 7.38.0-1 **AND**  
 +  * //''​ca-certificates''//​ - Version >= 20141019 
 +packages. Inside DDNS configuration you need (LuCI accordingly):​ \\ 
 +<​code>​ 
 +option use_https '​1'​ 
 +option cacert ​   '/​etc/​ssl/​certs'​ 
 +</​code>​
  
-Busybox provides its own version of ''​wget'';​ however, it does not support https (SSL). You can either follow the instructions at [[wget-ssl-certs|SSL and Certificates in wget]] or install ''​curl''​ and see the correct way below. 
  
 ====The correct way using curl ==== ====The correct way using curl ====
 +(  :!: This curl section didn't work for me, I've created a description of what worked for me here:​[[https://​forum.openwrt.org/​viewtopic.php?​id=55599|Setup DDNS with GratisDNS]])
 +
 There is no need to modify ''/​usr/​lib/​ddns/​services''​. Automatic change of URI scheme from ''​http''​ to ''​https''​ is controlled by the ''​use_https''​ variable. Install ''​curl''​ and add the following to ''/​etc/​config/​ddns''​ (replace ''​cacert''​ path to the correct one, either a file or a directory): There is no need to modify ''/​usr/​lib/​ddns/​services''​. Automatic change of URI scheme from ''​http''​ to ''​https''​ is controlled by the ''​use_https''​ variable. Install ''​curl''​ and add the following to ''/​etc/​config/​ddns''​ (replace ''​cacert''​ path to the correct one, either a file or a directory):
  
Line 470: Line 921:
 </​code>​ </​code>​
  
-If your ddns provider uses a self-signed certificate,​ or if the certificate issuer is not listed in the curl CA bundle, ''​curl''​ will throw error code 60 and not open a connection to the ddns provider. To fix this, you must modify ''/​usr/​lib/​ddns/​dynamic_dns_updater.sh''​ as such:+If your ddns provider uses a self-signed certificate,​ or if the certificate issuer is not listed in the curl CA bundle, ''​curl''​ will throw error code 60 and not open a connection to the ddns provider. To fix this, demand your ddns provider to send you the right certificate
  
-**Warning:​** This allows ''​curl''​ to connect to https sites without SSL certificates. Only do this if no other options are available, and if you ultimately trust your ddns provider.+If you don't care, you can break curl to accept any certificate by editing ''/​usr/​lib/​ddns/​dynamic_dns_updater.sh''​. 
 + 
 +**Warning:​** This allows ''​curl''​ to connect to https sites without SSL certificates. Only do this if no other options are available, and if you ultimately trust your ddns provider ​and everyone else on the internet (DONT DO IT, YOU BREAK CURL and could use http without ssl just the same. COMMENT: This section on breaking curl should be deleted, it is not good advice. I edited it instead of deleting it because I just registered and don't dare to correct/​delete too much at once. Please also note the last sentence below the instructions on what breaking curl's ssl support means.)
  
 Find this string of code: Find this string of code:
Line 493: Line 946:
 retrieve_prog="​${retrieve_prog}-k " retrieve_prog="​${retrieve_prog}-k "
 </​code>​ </​code>​
 +
 +Curl's https support is now broken and you can send your password to everyone claiming to be your ddns provider. This will also affect all other https communications from your router that use curl aside from ddns.
  
 ====Using wget==== ====Using wget====
doc/howto/ddns.client.1408797709.txt.bz2 · Last modified: 2014/08/23 14:41 by charles_brown