This should be rather straightforward but I encountered problems setting up with a solution worth sharing and I will throw in a tip that you may find useful.
You may postpone the adoption of it but time will come when this becomes a must. Previously, I disabled it out of security concerns because every device with an IPv6 is directly routable. In my humble opinion, the implicit security of IPv4’s Network Address Translation (NAT) has made many too lax about network security, myself included.
When I was new to IPv6, I immediately rolled back the activation of it on the router as soon as I discovered NAT was not there because my LAN computers became directly routable. Subsequently, I needed to configure the firewall adequately before reactivating.
Firstly, I needed to find a Dynamic DNS (DDNS) provider that has IPv6 support. I tested a few by attempting to find API documentation on how to update the IPv6 field but most providers do not seem to offer API for IPv6. I also tested using HTTP GET in web browser as well as using
curl on OpenWRT until I found one that works, Dynu with
ddns 2.4.3-2 (from OpenWRT repository).
Dynu’s API is simple as with most DDNS providers:
As you can see in the URL above, I have specified
myip as [IP] and
myipv6 parameter as 10.0.0.0 intentionally which I will explain in the next section. The password field must be hashed with MD5.
Create an account at Dynu and setup a dynamic domain of your choice.
Add a new DDNS configuration with the following settings:
config service 'dynu' option enabled '1' option domain 'domain' option username 'username' option use_https '1' option cacert '/etc/ssl/certs' option use_logfile '0' option check_interval '24' option check_unit 'hours' option force_unit 'days' option update_url 'http://api.dynu.com/nic/update?hostname=[DOMAIN]&myip=[IP]&myipv6=10.0.0.0&username=[USERNAME]&password=[PASSWORD]' option password 'md5(password)' option force_interval '2' option ip_source 'network' option interface 'wan' option ip_network 'wan' option use_syslog '2'
ca-certificatesand the full
wgetpackages to be installed. If you do not have enough free space on your router, you may have to do without HTTPS unfortunately.
If you have dual stack IPv4 and IPv6 on your network, the latter will always be used first. As such, When this happens, Dynu can only tell your IPv6 address, not the IPv4 which you must therefore pass this parameter.
Yes but I wanted to minimise the number of calls to Dynu’s API.
Look for MD5 hash generator on search engines.