Changed Ziggo IP

IPv6 change

When Ziggo change our IPv6 range/subnet, all server already received their new IP address via SLAAC (subnet delegation). Our most important external IPV6 address is our webserver (also needed for LetsEncrypt certificate renewal). When this changes the following updates need to be done on TransIP and our main router/firewall The following steps are required:

Get the new IP address that our webserver assigned himself via SLAAC.
Update the TransIP AAAA record with the new IP of the webserver
On the router update: network/firewall/traffic rules –> Allow-HTTP-ipv6 to new address of webserver
On the router update: network/firewall/traffic rules –> Allow-HTTPS-ipv6 to new address of webserver

Note that the routers IPv6 WAN address is different / outside of the Prefix Delegation (PD) range!

IPv4 change

When Ziggo change our IPv4 address. The following steps are required:

Check via external website what our used IPv4 is
Check if our router has this already new IP address: Network/Interfaces/WAN/IPv4
Update the TransIP A record with the new IP of the webserver

Monitor

On the main OpenWRT router a script is running to monitor changed IP addresses. It compares the IPV4 and IPv6 address between:

DNS as registered at TransIP with: nslookup -type=a oscardegroot.nl ns0.transip.net
IP address as observed by external websites, with: wget -4 –quiet -O - https://www.transip.nl/ip-check/

OpenWRT prerequisites

For sending notification email install the following package on the router:

mailsend

ip-change-detect.sh

The following script is created on main OpenWRT router:

# nano /root/ip-change-detect.sh
------------------------------------
#!/bin/sh                                                                                                                                             
#                                                                                                                                                     
# OdG  13/09/2024                                                                                                                                     
#                                                                                                                                                     
DNS_1="192.168.178.1"    # Use router DNSMasq as DNS server                                                                                           
DNS_2="192.168.178.83"   # Use mailserver unbound as DNS server                                                                                       
DNS_3="ns0.transip.net"  # Use TransIP DNS server                                                                                                     
STATUS_V4="OK"                                                                                                                                        
STATUS_V6="OK"                                                                                                                                        
MAIL_FILE="/tmp/ip-mail-body.txt"                                                                                                                     
MAIL_HEADER=">> IP CHANGE DETECTED <<"                                                                                                                
                                                                                                                                                      
# Get the IPv4 DNS registrations & currenty used IP                                                                                                   
IP4_DNS=$(nslookup -type=a  oscardegroot.nl ${DNS_3} | awk '/^Address: / { print $2 }')                                                               
RESPONSE=$(wget -4 --quiet -O - https://www.transip.nl/ip-check/)                                                                                     
RESPONSE=${RESPONSE:19:16}                                                                                                                            
IP4_1=$(echo $RESPONSE | cut -d . -f 1 )                                                                                                              
IP4_2=$(echo $RESPONSE | cut -d . -f 2 )                                                                                                              
IP4_3=$(echo $RESPONSE | cut -d . -f 3 )                                                                                                              
IP4_4=$(echo $RESPONSE | cut -d . -f 4 )                                                                                                              
IP4_CURRENT=$IP4_1"."$IP4_2"."$IP4_3"."$IP4_4                                                                                                         
                                                                                                                                                      
# Get the IPv6 DNS registrations & currenty used IP                                                                                                   
RESPONSE=$(nslookup -type=aaaa  oscardegroot.nl ${DNS_3} | awk '/^Address: / { print $2 }')                                                           
IP6_DNS=${RESPONSE:0:14}                                                                                                                              
RESPONSE==$(wget -6 --quiet -O - https://www.transip.nl/ip-check/)                                                                                    
IP6_CURRENT=${RESPONSE:20:14}                                                                                                                         
                                                                                                                                                      
if [[ $IP4_DNS != $IP4_CURRENT ]] ; then                                                                                                              
       STATUS_V4="ERROR"                                                                                                                              
fi                                                                                                                                                    
if [[ $IP6_DNS != $IP6_CURRENT ]] ; then                                                                                                              
        STATUS_V6="ERROR"                                                                                                                             
fi                                                                                                                                                    

#if [[ $STATUS_V4 == "ERROR" || $STATUS_V6 == "ERROR" ]] ; then                                                                                       
if [[ 1 ]] ; then                                                                                                                                     
                                                                                                                                                      
        echo "-------- IPv4 --------" > $MAIL_FILE                                                                                                    
        echo "STATUS  :"$STATUS_V4    >> $MAIL_FILE                                                                                                   
        echo "DNS     :"$IP4_DNS      >> $MAIL_FILE                                                                                                   
        echo "CURRENT :"$IP4_CURRENT  >> $MAIL_FILE                                                                                                   
        echo "" >> $MAIL_FILE                                                                                                                         
        echo "-------- IPv6 --------" >> $MAIL_FILE                                                                                                   
        echo "STATUS  :"$STATUS_V6    >> $MAIL_FILE                                                                                                   
        echo "DNS     :"$IP6_DNS      >> $MAIL_FILE                                                                                                   
        echo "CURRENT :"$IP6_CURRENT  >> $MAIL_FILE                                                                                                   
                                                                                                                                                      
        mailsend -f root@openwrt -t oscar@oscardegroot.nl -smtp 192.168.178.83 -sub "$MAIL_HEADER" -cs "utf-8" -mime-type "text/plain" -msg-body "$MAIL_FILE"
        rm $MAIL_FILE                                                                                                                                 
fi                                                                                                                                                    
                                                                                                                                                      
exit 0

Crontab Scheduling

Add the following line via the OpenWRT GUI (System/Scheduled tasks) or to the /etc/crontabs/root file:

0 0-23/3 * * * /root/ip-change-detect.sh

This runs the check every 3 hours between 0-23 hours every day

Table of Contents