How to get the WAN ip address (the one assigned by VPN, not the ISP)?

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
jdoe87
OpenVpn Newbie
Posts: 5
Joined: Thu Aug 02, 2018 9:18 pm

How to get the WAN ip address (the one assigned by VPN, not the ISP)?

Post by jdoe87 » Sat Aug 04, 2018 12:49 pm

Running a debian router that uses openVPN client to connect to a VPN provider.

When the tun0 is established, it runs the "update-resolv-conf" script. How do I get the public WAN ip address (the VPN's WAN address, not the iSP) inside this script? This is so I can pass the IP to a DDNS provider: "curl <ddns provider".

I tried "$ifconfig_local" and "$ifconfig_remote" but they both come up with 10.x.x.x ip addresses and not the real WAN ip address.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to get the WAN ip address (the one assigned by VPN, not the ISP)?

Post by TinCanTech » Sat Aug 04, 2018 1:51 pm

Your question does not make sense ..
jdoe87 wrote:
Sat Aug 04, 2018 12:49 pm
How to get the WAN ip address (the one assigned by VPN, not the ISP)?
The IPs assigned by openvpn (in your case) are 10.0.0.0/8

jdoe87
OpenVpn Newbie
Posts: 5
Joined: Thu Aug 02, 2018 9:18 pm

Re: How to get the WAN ip address (the one assigned by VPN, not the ISP)?

Post by jdoe87 » Sat Aug 04, 2018 3:23 pm

Yes but when I go to whatismyip.com, it's a different IP address. I want to know that address.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to get the WAN ip address (the one assigned by VPN, not the ISP)?

Post by TinCanTech » Sat Aug 04, 2018 3:41 pm

Do you mean the egress IP address of the VPN service provider once connected to their VPN ?

jdoe87
OpenVpn Newbie
Posts: 5
Joined: Thu Aug 02, 2018 9:18 pm

Re: How to get the WAN ip address (the one assigned by VPN, not the ISP)?

Post by jdoe87 » Sat Aug 04, 2018 3:58 pm

Yes, actually let me explain what I'm trying to do.

I wrote a BASH script that calls "curl <ddns provider url> >> /usr/local/bin/ddns.log" that calls my DDNS provider.

I need this script to run everytime openVPN establishes a tunnel. I've tried putting it in as a "up cmd" in the config file and it didn't work (security level is already set to 2).

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to get the WAN ip address (the one assigned by VPN, not the ISP)?

Post by TinCanTech » Sat Aug 04, 2018 4:26 pm

jdoe87 wrote:
Sat Aug 04, 2018 3:58 pm
I wrote a BASH script that calls "curl <ddns provider url>
<..>
I've tried putting it in as a "up cmd" in the config file and it didn't work
This is because in a script called by openvpn you must specify all commands in full ..

EG: "curl" must be "/usr/bin/curl"

I would also recommend you do the same for your output file name.

jdoe87
OpenVpn Newbie
Posts: 5
Joined: Thu Aug 02, 2018 9:18 pm

Re: How to get the WAN ip address (the one assigned by VPN, not the ISP)?

Post by jdoe87 » Sat Aug 04, 2018 5:41 pm

ok, now it runs. However there is a problem.

Even though it runs "up" (which I think means the tunnel is established), the ddns provider is seeing the ISP ip address instead of the "egress vpn ip address". I think this is because even though the tunnel is "up", it's not yet "connected".

If I run the script manually after a few seconds, the ddns provider sees the "egress vpn ip address".

How do I make it "wait" or is there a separate "up" command?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to get the WAN ip address (the one assigned by VPN, not the ISP)?

Post by TinCanTech » Sun Aug 05, 2018 12:24 am

jdoe87 wrote:
Sat Aug 04, 2018 5:41 pm
However there is a problem.

Even though it runs "up" (which I think means the tunnel is established), the ddns provider is seeing the ISP ip address instead of the "egress vpn ip address". I think this is because even though the tunnel is "up", it's not yet "connected".
indeed ..

This is good security

Post Reply