Need a script to reboot router if WAN address is private

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
budimanjojo
DD-WRT Novice


Joined: 12 Oct 2018
Posts: 5

PostPosted: Fri Oct 12, 2018 14:15    Post subject: Need a script to reboot router if WAN address is private Reply with quote
Hello, I'm using DDNS service on my router to connect my web server. It works fine when I'm connected to a "real public IP". But sometimes I get a private IP behind the ISP's NAT (IP starts with 172.x / 10.x) and of course I can't connect to my web server anymore unless I reboot my router until I get the real public IP (IP starts with 36.x). Is there anyway to do this automatically? Maybe a script or there's a built-in feature for this? Something like this one I found on Mikrotik forums: https://forum.mikrotik.com/viewtopic.php?t=107231
Thanks before.
Sponsor
budimanjojo
DD-WRT Novice


Joined: 12 Oct 2018
Posts: 5

PostPosted: Sun Oct 21, 2018 18:03    Post subject: Reply with quote
So, just an update what have I done. This is the script I made for my use case.
Code:
#!/bin/sh

#Get the WAN IP Address
WANIP=$(nvram get wan_ipaddr)

case $WANIP in
  180.*|172.*|10.*|192.*)
    echo "Private IP, let's get a new one"
    stopservice pppoe
    startservice pppoe
    sleep 180;;
  36.*)
    echo "Public IP, yay";;
  *)
    echo "Unknown IP, let's get another one"
    stopservice pppoe
    startservice pppoe
    sleep 180;;
esac

I put the script in /jffs/etc/config/reconpppoe.prewall (is this the right way?). My problems:
1. Sometimes, nvram get wan_ipaddr command give me an echo of "Public IP, yay" even though my WAN IP is 0.0.0.0
2. I don't know if this is a problem in DD-WRT v3.0-r37442 std (10/19/1Cool but there's something wrong with pppoe service. This is what I got whenever I do "stopservice pppoe && startservice pppoe" command:
Code:
Caught SIGSEGV (11) at 0x76fb2d88
Fault at memory location 0xc8c781ec due to address not mapped to object (1).
Thread 7236: startservice
=== Context:
   TRAPNO:0000000e   ERRCODE:00000005   OLDMASK:00000000        R0:c8c781ec
       R1:c8c781ec        R2:c8c781ec        R3:c8c781ec        R4:fefefeff
       R5:49d4c7c0        R6:7ef2b9f0        R7:c8c781ec        R8:0001b108
       R9:7ef2bacc       R10:76e9916f        FP:7ef2ba54        IP:76f5f0cc
       SP:7ef2b9a8        LR:80808080        PC:76fb2d88      CPSR:60000010
FAULTADDR:c8c781ec
=== Backtrace:
Segmentation fault

But if I do another startservice pppoe, then the error is gone (so I need to do startservice pppoe twice?
3. Is there another elegant way of restarting pppoe? I've tried:
- "stopservice wan && startservice wan" but it never auto connect pppoe service for me immediately, I have to wait like 3 minutes?
- "killall _HUP pppd" and it just shows me "killall: pppd: no process killed"
- "stopservice pppoe && startservice pppoe" the one I'm currently using but it shows weird segfault above.

Can I know what command should I use to make it behave like the actual Connect button press in "Status>WAN>Login Status"? Because it doesn't just restart the service, but actually disconnecting all the clients connected to DD-WRT and do a reconnect to the PPPOE and it works perfectly. Thank you.
portsup
DD-WRT User


Joined: 20 Oct 2018
Posts: 210

PostPosted: Tue Oct 23, 2018 23:51    Post subject: Reply with quote
could you just keep renew the ip address on the interface till you get the one you want?

like here https://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/
jackykoning
DD-WRT User


Joined: 15 May 2013
Posts: 243
Location: The Nederlands

PostPosted: Wed Oct 24, 2018 2:41    Post subject: Reply with quote
Try this command instead.
Code:
rc restart


Alternatively you could try
Code:
restart wan


The first one restarts "all" services and this is basically pressing apply on the Services or Management page.
The second one restarts the wan service meaning it will refresh the external IP and apply iptables rules. It will also run the firewall script. (rc restart does all of this too.)

depending on your need I think either of these will work.

You did say restarting wan does not have the desired effect so I would try the first one.

_________________
Hi Smile
2x Netgear R7800
budimanjojo
DD-WRT Novice


Joined: 12 Oct 2018
Posts: 5

PostPosted: Wed Oct 24, 2018 7:25    Post subject: Reply with quote
portsup wrote:
could you just keep renew the ip address on the interface till you get the one you want?

like here https://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/

Thanks for the link man, I'll have a look into it.

jackykoning wrote:
Try this command instead.
Code:
rc restart


Alternatively you could try
Code:
restart wan


The first one restarts "all" services and this is basically pressing apply on the Services or Management page.
The second one restarts the wan service meaning it will refresh the external IP and apply iptables rules. It will also run the firewall script. (rc restart does all of this too.)

depending on your need I think either of these will work.

You did say restarting wan does not have the desired effect so I would try the first one.

Isn't "restart wan" the same as "startservice wan"?, I'll try the first one though. Thanks man Smile

d0ug wrote:
Assuming that if your router pulls a private wan IP, then it is not going to get a routable internet connection though the modem. Just use the watchdog (Under Administration, Keep Alive) to ping something like google's 8.8.8.8 dns. Have the watchdog reboot the router if 8.8.8.8 is not available.

The router will just keep boot looping until it pulls a public routable IP and can reach google.

No, my internet connection is fine even if my WAN address is a private IP. It just broke my DDNS when it happens. When that happen, I can still do a google search "What's my ip" and it will show me my real public IP, but I think that happen if my ISP is out of public IP, so I'm being dumped behind their NAT. Meaning that there are other people behind that NAT and sharing the same public IP as me. That's why DDNS won't work in this scenario. Usually a couple of reconnecting will get me back to the real public IP. And that's my purpose, making it happen automatically. Smile
budimanjojo
DD-WRT Novice


Joined: 12 Oct 2018
Posts: 5

PostPosted: Thu Oct 25, 2018 5:48    Post subject: Reply with quote
d0ug wrote:
If the issue is your ISP using CGNAT because they are out of IPs, then you should probably consider finding another ISP if possible. The problem of them putting people behind CGNAT is just going to get worse as they get more subscribers over time till theres a point that no matter how much you try you'll never get a public IP.

Also if they already have CGNAT setup. It is going to be very tempting at some point for them to just put everyone permanently behind CGNAT and sell off all their real public IPs to the highest bidder. Or transition their residential connections to CGNAT and save the real IPs for business class connections that those customers pay significantly more for.

It is the only ISP with Fiber Optic connection in the place I live. So I have no other choice here Crying or Very sad
Behind CGNAT time is not very often though (1-3 times a week) so I'm fine with it. But once it happens I need to restart PPPOE to get a new IP.
soupaman
DD-WRT Novice


Joined: 01 Oct 2016
Posts: 1

PostPosted: Thu Sep 16, 2021 18:32    Post subject: Reply with quote
Did you get the final script for it to work ?? do you mind sharing it?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Fri Sep 17, 2021 2:11    Post subject: Reply with quote
soupaman wrote:
Did you get the final script for it to work ?? do you mind sharing it?


Frankly, I don't consider this the correct approach anyway.

These days, given the number of other options to solve the remote access problem when stuck behind CGNAT, trying to script a change in the WAN in hopes of getting a public IP seems the least reliable solution.

You now have the option of establishing a VPS w/ your own OpenVPN server, or using a commercial OpenVPN provider that supports port forwarding (e.g., AirVPN), or ngrok, or numerous VPN overlay solutions (zerotier, tailscale, tinc, etc.).

I esp. like the idea of using a VPN that supports port forwarding since it's the simplest to implement (just requires reconfiguration on both ends of the tunnel). And given most ppl seem to need/want a VPN for outbound purposes anyway, there's often no additional cost associated w/ using it for inbound purposes. Even when you have a public IP available on the WAN, being able to port forward over the VPN has its advantages, since anything on your local network bound to the VPN is NOT accessible over the WAN anyway! IOW, w/ VPN port forwarding, you can sometimes kill two birds w/ one stone.

JMTC

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Sam1789
DD-WRT User


Joined: 14 Oct 2016
Posts: 324

PostPosted: Mon Sep 20, 2021 7:34    Post subject: Reply with quote
Just a note: YOU MIGHT WANT TO TAKE A DEEP LOOK INTO ROUTER BASED VPN vs any PC based VPN. AND using the latest OpenSSL & OpenVPN that comes with dd-wrt. These are generally updated in dd-wrt firmware around mid May & September.

Plus we generally suggest using stacked routers & keeping NAT active; avoid ever using any ISP provided gateway. Buy your own modem & routers, of course. And use a fixed DNS lookup setting (set on your routers). Use multiple routers to isolate pC's. Keep wifi on one separate router which is isolated from your main routers. The setup is "a bit of a job". But when setup it will even make the TLAs a spend at least some time getting the details of what/you send & where you are going. And also use Stunnel where it's applicable applicable;

And "one of the Joys" is knowing how much you are frustrating your ISP's collection & their making more profit by selling your personnal data.

hth
Sam
Very Happy

_________________
multi-tier router stack
wrt 3200's for speed & cpu power, NG R6300v2's for WiFi AP's,
wrt 1200v2 for one of my secure subnets.
wrt54GLs for ad'l 3rd tier machines.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Mon Sep 20, 2021 11:09    Post subject: Reply with quote
Sam1789 wrote:
These are generally updated in dd-wrt firmware around mid May & September.

The commit log tends to disagree.

https://svn.dd-wrt.com/search?q=openssl&noquickjump=1&changeset=on

https://svn.dd-wrt.com/search?q=openvpn&noquickjump=1&changeset=on

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum