Posted: Fri Oct 12, 2018 14:15 Post subject: Need a script to reboot router if WAN address is private
Hello, I'm using DDNS service on my router to connect my web server. It works fine when I'm connected to a "real public IP". But sometimes I get a private IP behind the ISP's NAT (IP starts with 172.x / 10.x) and of course I can't connect to my web server anymore unless I reboot my router until I get the real public IP (IP starts with 36.x). Is there anyway to do this automatically? Maybe a script or there's a built-in feature for this? Something like this one I found on Mikrotik forums: https://forum.mikrotik.com/viewtopic.php?t=107231
Thanks before.
So, just an update what have I done. This is the script I made for my use case.
Code:
#!/bin/sh
#Get the WAN IP Address
WANIP=$(nvram get wan_ipaddr)
case $WANIP in
180.*|172.*|10.*|192.*)
echo "Private IP, let's get a new one"
stopservice pppoe
startservice pppoe
sleep 180;;
36.*)
echo "Public IP, yay";;
*)
echo "Unknown IP, let's get another one"
stopservice pppoe
startservice pppoe
sleep 180;;
esac
I put the script in /jffs/etc/config/reconpppoe.prewall (is this the right way?). My problems:
1. Sometimes, nvram get wan_ipaddr command give me an echo of "Public IP, yay" even though my WAN IP is 0.0.0.0
2. I don't know if this is a problem in DD-WRT v3.0-r37442 std (10/19/1 but there's something wrong with pppoe service. This is what I got whenever I do "stopservice pppoe && startservice pppoe" command:
Code:
Caught SIGSEGV (11) at 0x76fb2d88
Fault at memory location 0xc8c781ec due to address not mapped to object (1).
Thread 7236: startservice
=== Context:
TRAPNO:0000000e ERRCODE:00000005 OLDMASK:00000000 R0:c8c781ec
R1:c8c781ec R2:c8c781ec R3:c8c781ec R4:fefefeff
R5:49d4c7c0 R6:7ef2b9f0 R7:c8c781ec R8:0001b108
R9:7ef2bacc R10:76e9916f FP:7ef2ba54 IP:76f5f0cc
SP:7ef2b9a8 LR:80808080 PC:76fb2d88 CPSR:60000010
FAULTADDR:c8c781ec
=== Backtrace:
Segmentation fault
But if I do another startservice pppoe, then the error is gone (so I need to do startservice pppoe twice?
3. Is there another elegant way of restarting pppoe? I've tried:
- "stopservice wan && startservice wan" but it never auto connect pppoe service for me immediately, I have to wait like 3 minutes?
- "killall _HUP pppd" and it just shows me "killall: pppd: no process killed"
- "stopservice pppoe && startservice pppoe" the one I'm currently using but it shows weird segfault above.
Can I know what command should I use to make it behave like the actual Connect button press in "Status>WAN>Login Status"? Because it doesn't just restart the service, but actually disconnecting all the clients connected to DD-WRT and do a reconnect to the PPPOE and it works perfectly. Thank you.
Joined: 15 May 2013 Posts: 243 Location: The Nederlands
Posted: Wed Oct 24, 2018 2:41 Post subject:
Try this command instead.
Code:
rc restart
Alternatively you could try
Code:
restart wan
The first one restarts "all" services and this is basically pressing apply on the Services or Management page.
The second one restarts the wan service meaning it will refresh the external IP and apply iptables rules. It will also run the firewall script. (rc restart does all of this too.)
depending on your need I think either of these will work.
You did say restarting wan does not have the desired effect so I would try the first one. _________________ Hi
2x Netgear R7800
Thanks for the link man, I'll have a look into it.
jackykoning wrote:
Try this command instead.
Code:
rc restart
Alternatively you could try
Code:
restart wan
The first one restarts "all" services and this is basically pressing apply on the Services or Management page.
The second one restarts the wan service meaning it will refresh the external IP and apply iptables rules. It will also run the firewall script. (rc restart does all of this too.)
depending on your need I think either of these will work.
You did say restarting wan does not have the desired effect so I would try the first one.
Isn't "restart wan" the same as "startservice wan"?, I'll try the first one though. Thanks man
d0ug wrote:
Assuming that if your router pulls a private wan IP, then it is not going to get a routable internet connection though the modem. Just use the watchdog (Under Administration, Keep Alive) to ping something like google's 8.8.8.8 dns. Have the watchdog reboot the router if 8.8.8.8 is not available.
The router will just keep boot looping until it pulls a public routable IP and can reach google.
No, my internet connection is fine even if my WAN address is a private IP. It just broke my DDNS when it happens. When that happen, I can still do a google search "What's my ip" and it will show me my real public IP, but I think that happen if my ISP is out of public IP, so I'm being dumped behind their NAT. Meaning that there are other people behind that NAT and sharing the same public IP as me. That's why DDNS won't work in this scenario. Usually a couple of reconnecting will get me back to the real public IP. And that's my purpose, making it happen automatically.
If the issue is your ISP using CGNAT because they are out of IPs, then you should probably consider finding another ISP if possible. The problem of them putting people behind CGNAT is just going to get worse as they get more subscribers over time till theres a point that no matter how much you try you'll never get a public IP.
Also if they already have CGNAT setup. It is going to be very tempting at some point for them to just put everyone permanently behind CGNAT and sell off all their real public IPs to the highest bidder. Or transition their residential connections to CGNAT and save the real IPs for business class connections that those customers pay significantly more for.
It is the only ISP with Fiber Optic connection in the place I live. So I have no other choice here
Behind CGNAT time is not very often though (1-3 times a week) so I'm fine with it. But once it happens I need to restart PPPOE to get a new IP.
Did you get the final script for it to work ?? do you mind sharing it?
Frankly, I don't consider this the correct approach anyway.
These days, given the number of other options to solve the remote access problem when stuck behind CGNAT, trying to script a change in the WAN in hopes of getting a public IP seems the least reliable solution.
You now have the option of establishing a VPS w/ your own OpenVPN server, or using a commercial OpenVPN provider that supports port forwarding (e.g., AirVPN), or ngrok, or numerous VPN overlay solutions (zerotier, tailscale, tinc, etc.).
I esp. like the idea of using a VPN that supports port forwarding since it's the simplest to implement (just requires reconfiguration on both ends of the tunnel). And given most ppl seem to need/want a VPN for outbound purposes anyway, there's often no additional cost associated w/ using it for inbound purposes. Even when you have a public IP available on the WAN, being able to port forward over the VPN has its advantages, since anything on your local network bound to the VPN is NOT accessible over the WAN anyway! IOW, w/ VPN port forwarding, you can sometimes kill two birds w/ one stone.
Just a note: YOU MIGHT WANT TO TAKE A DEEP LOOK INTO ROUTER BASED VPN vs any PC based VPN. AND using the latest OpenSSL & OpenVPN that comes with dd-wrt. These are generally updated in dd-wrt firmware around mid May & September.
Plus we generally suggest using stacked routers & keeping NAT active; avoid ever using any ISP provided gateway. Buy your own modem & routers, of course. And use a fixed DNS lookup setting (set on your routers). Use multiple routers to isolate pC's. Keep wifi on one separate router which is isolated from your main routers. The setup is "a bit of a job". But when setup it will even make the TLAs a spend at least some time getting the details of what/you send & where you are going. And also use Stunnel where it's applicable applicable;
And "one of the Joys" is knowing how much you are frustrating your ISP's collection & their making more profit by selling your personnal data.
hth
Sam _________________ multi-tier router stack
wrt 3200's for speed & cpu power, NG R6300v2's for WiFi AP's,
wrt 1200v2 for one of my secure subnets.
wrt54GLs for ad'l 3rd tier machines.