====== Changed Ziggo IP ====== ===== IPv6 change ===== When Ziggo change our IPv6 range/subnet, all server already received their new IP address via SLAAC (subnet delegation). Our most important external IPV6 address is our webserver (also needed for LetsEncrypt certificate renewal). When this changes the following updates need to be done on TransIP and our main router/firewall The following steps are required: - Get the new IP address that our webserver assigned himself via SLAAC. - Update the TransIP AAAA record with the new IP of the webserver - On the router update: network/firewall/traffic rules --> Allow-HTTP-ipv6 to new address of webserver - On the router update: network/firewall/traffic rules --> Allow-HTTPS-ipv6 to new address of webserver Note that the routers IPv6 WAN address is different / outside of the Prefix Delegation (PD) range! ===== IPv4 change ===== When Ziggo change our IPv4 address. The following steps are required: - Check via external website what our used IPv4 is - Check if our router has this already new IP address: Network/Interfaces/WAN/IPv4 - Update the TransIP A record with the new IP of the webserver ====== Monitor ====== On the main OpenWRT router a script is running to monitor changed IP addresses. It compares the IPV4 and IPv6 address between: * DNS as registered at TransIP with: nslookup -type=a oscardegroot.nl ns0.transip.net * IP address as observed by external websites, with: wget -4 --quiet -O - https://www.transip.nl/ip-check/ ===== OpenWRT prerequisites ===== For sending notification email install the following package on the router: mailsend ===== ip-change-detect.sh ===== The following script is created on main OpenWRT router: # nano /root/ip-change-detect.sh ------------------------------------ #!/bin/sh # # OdG 13/09/2024 # DNS_1="192.168.178.1" # Use router DNSMasq as DNS server DNS_2="192.168.178.83" # Use mailserver unbound as DNS server DNS_3="ns0.transip.net" # Use TransIP DNS server STATUS_V4="OK" STATUS_V6="OK" MAIL_FILE="/tmp/ip-mail-body.txt" MAIL_HEADER=">> IP CHANGE DETECTED <<" # Get the IPv4 DNS registrations & currenty used IP IP4_DNS=$(nslookup -type=a oscardegroot.nl ${DNS_3} | awk '/^Address: / { print $2 }') RESPONSE=$(wget -4 --quiet -O - https://www.transip.nl/ip-check/) RESPONSE=${RESPONSE:19:16} IP4_1=$(echo $RESPONSE | cut -d . -f 1 ) IP4_2=$(echo $RESPONSE | cut -d . -f 2 ) IP4_3=$(echo $RESPONSE | cut -d . -f 3 ) IP4_4=$(echo $RESPONSE | cut -d . -f 4 ) IP4_CURRENT=$IP4_1"."$IP4_2"."$IP4_3"."$IP4_4 # Get the IPv6 DNS registrations & currenty used IP RESPONSE=$(nslookup -type=aaaa oscardegroot.nl ${DNS_3} | awk '/^Address: / { print $2 }') IP6_DNS=${RESPONSE:0:14} RESPONSE==$(wget -6 --quiet -O - https://www.transip.nl/ip-check/) IP6_CURRENT=${RESPONSE:20:14} if [[ $IP4_DNS != $IP4_CURRENT ]] ; then STATUS_V4="ERROR" fi if [[ $IP6_DNS != $IP6_CURRENT ]] ; then STATUS_V6="ERROR" fi #if [[ $STATUS_V4 == "ERROR" || $STATUS_V6 == "ERROR" ]] ; then if [[ 1 ]] ; then echo "-------- IPv4 --------" > $MAIL_FILE echo "STATUS :"$STATUS_V4 >> $MAIL_FILE echo "DNS :"$IP4_DNS >> $MAIL_FILE echo "CURRENT :"$IP4_CURRENT >> $MAIL_FILE echo "" >> $MAIL_FILE echo "-------- IPv6 --------" >> $MAIL_FILE echo "STATUS :"$STATUS_V6 >> $MAIL_FILE echo "DNS :"$IP6_DNS >> $MAIL_FILE echo "CURRENT :"$IP6_CURRENT >> $MAIL_FILE mailsend -f root@openwrt -t oscar@oscardegroot.nl -smtp 192.168.178.83 -sub "$MAIL_HEADER" -cs "utf-8" -mime-type "text/plain" -msg-body "$MAIL_FILE" rm $MAIL_FILE fi exit 0 ===== Crontab Scheduling ===== Add the following line via the OpenWRT GUI (System/Scheduled tasks) or to the **/etc/crontabs/root** file: 0 0-23/3 * * * /root/ip-change-detect.sh This runs the check every 3 hours between 0-23 hours every day