My Home Router Setup
Dynamic DNS and Remote SSH with Porkbun, Duckdns, and a GigaSpire Blast u10xe
These are my notes on setting up Dynamic DNS and remote SSH access to my home computer using a GigaSpire Blast u10xe, with porkbun as my domain registrar and duckdns as my DDNS provider.
Background
We recently switched to IQ Fiber for our home internet service. They provide a GigaSpire Blast u10xe router with the service for no additional charge, and, if needed, a GigaSpire Blast u6me mesh unit. These are much newer than the two Asus RT-AC68 routers that I have been using for the past 10 years in a mesh setup, so they have more advanced Wi-Fi (802.11ax/Wi-Fi 6E vs 802.11ac/Wi-Fi 5) and naturally I am happy to use them. However, this did require me to reconfigure our home network setup, especially since I had been using Asus's free, built-in DDNS service.
Initial Router Setup
Although the decal on the bottom of the router says that the internal IP address is the usual 198.162.1.1, in our case it is in fact 198.162.22.1. I discovered this by opening our IQ Fiber's app on my phone and going to 'My Network > Equipment > Brett's Router > Additional Details' and noting the LAN IP adress.
By opening 192.168.22.1 in a web browser, one gains access to the interface of the router. IQ Fiber gave me the initial password, which this should be changed when you first login to the router's web interface. (Just don't lose the password once you change it.) You can create a backup of your router's setup by going to Utilities > Backup & Restore. You may wish to do this from time to time to avoid having to redo your work if anything goes wrong.
Wi-Fi
Our Wi-Fi SSID (wifi network name) and WPA password were set during the installation. Keeping these the same as they were with your previous router avoids needing to change this information on all your Wi-Fi clients (e.g., your mobile phones, laptops, tablets, TV sticks, etc). The SSID and WPA password can be changed under the web interface if desired by choosing Wi-Fi > Primary Network.
I also turned on 802.11ax under the Wi-Fi > Radio > 5GHz Radio.
Advanced > IP Address > DHCP Settings
I have a domain name registered with Porkbun to use for our home network. I don't have any reason to advertise the actual domain, so let's just call it mydomain.net. I like to set our internal domain name to match this name, so I entered mydomain.net in the Domain Name box. I left the Host Name as router.
While you're here, you may wish to note the beginning and ending IP addresses. These will describe the range of internal IP addresses that may be assigned to devices on your LAN (local area network).
DHCP Reservation and DNS Host Mapping
By selecting Status > Devices you can see the various devices connected to your network. If you are not sure what some of these devices are, you can paste their MAC Address into this MAC address lookup tool to find the manufacturer, which often helps to narrow down your search.
Note that by default local IP addresses are assigned more-or-less randomly to your devices within the allowed range and the local IP address may change anytime that the device is disconnected and reconnected to the network (including when the router is rebooted). Local IP addresses that change are generally not an issue, but for some devices I like to have a fixed IP and a hostname that I can remember to refer to them by.
To assign a fixed IP address to a device or devices, use Advanced > IP Address > DHCP Reservation.
Having done this, you can assign hostnames to those devices with Advanced > IP Address > DNS Host Mapping. I would suggest assigning hostnames only to devices to which you have assigned a fixed IP address — otherwise I would be concerned that your hostname could end up pointing to an unexpected device, or to nothing at all.
Setting Up Dynamic DNS
Your home network's IP address in the broader internet outside your home (this is basically what is referred to as your wide area network, or WAN) is assigned by your internet provider and it can change at any time. This is not an issue unless you wish to access your home network from the outside. I mainly do this for remote access to my desktop computer via the secure shell (SSH) protocol, but you could, for example, host a public-facing web server on a home computer (if your internet provider allowed it), or you might want access to manage your home network when you are not at home.
In any case, what is needed to enable reliable and convenient remote access is a domain name and a way of automatically updating the IP address to which this domain name points. The updating mechanism is referred to as DDNS (Dynamic Domain Name System). There are many ways to set up DDNS using an always-on local computer, but I think that it is more convenient to take advantage of the router's pre-defined functionality for interacting with a large numer of DDNS providers.
Our current domain name registrar is Porkbun, so these notes are specific in places to Porkbun. Porkbun has an API (application programming interface) which can be accessed to set up DDNS with other software, but they do not provide their own DDNS service and the router does not have any built in functionality for porkbun, so I decided to use Duck DNS for that. It is free and seems to work well enough for my purposes.
You could purchase a new domain name for Porkbun, or transfer an existing domain name from another registrar to porkbun if you wished. However, I'm fairly certain that you could do what is needed here with any domain name registrar, and some registrars may also provide DDNS services for your domain, which might save some steps. (At one time our domain name was registered with Google, who did provide DDNS as well, but they shut down their domain registration business a few years ago.)
Here are the steps for setting up DDNS:
-
Login to Duck DNS using one of the available methods (I logged in with my google account). Once you are logged in, you will see a "domains" box. Enter some domain name, probably something that matches your actual domain name fairly closely, e.g., mydomain.duckdns.org.
Note at the top of the webpage your account name (this will reflect whatever you used to login, e.g., your google account) and the long, random token. You will need these in the next step.
-
In the browser interface to the router, choose Advanced > IP Address > Dynamic DNS. Under the IPv4 tab, enable DDns State. Then set:
-
"Service Provider" to duckdns.org
-
"Username" to your duckdns account name
-
"Password or Token" to the token from your duckdns account
-
DDns Hostname to the hostname you setup in duckdns, e.g., mydomain.duckdns.org
and click on the Apply button.
This will make mydomain.duckdns.org point to your home network (you can check this by clicking on the external link icon next to the domain name; this should open the interface to your router). Now all we have to do is go to porkbun and make mydomain.net point to mydomain.duckdns.org.
-
-
Login to your porkbun account. In the ACCOUNT menu at the top right, choose DOMAIN MANAGEMENT (you may already be on the domain management page). By hovering over mydomain.net (or by first clicking on the Details box), you will see DNS in small print just below the domain name. Click on DNS fill in the fields as follows:
-
Set Type to "ALIAS - CNAME flattening record".
-
Leave Host blank.
-
Set Answer to the domain name from duckdns, e.g., mydomain.duckdns.org.
Click the Add box.
-
This should finish the process. Opening mydomain.net in a web browser should now take you to your router's interface.
Port Forwarding for SSH
In a previous step, I set a fixed internal IP address (say, 192.168.22.10) for my desktop computer and gave it a hostname, say, mydesktop.
I have an SSH (secure shell) server installed and running on my desktop computer (this is easily done). Among other things, this allows me to securely login to my desktop from another computer using the ssh command and to transfer files to and from my desktop computer from another computer using the scp command.
I do not need to use SSH to access any other device on my home network (if I did, I would just access them through my desktop computer), so I want to set things up so that an ssh request to mydomain.net is routed to my desktop.
By default an SSH server listens on port 22 on a computer's network interface. Because this is the standard, hackers are likely to try to access SSH via port 22 on your router. To thwart this sort of attempt, we simply use a different port number on the routers WAN interface for SSH, one that hackers are unlikely to guess. Port numbers 49152 to 65535 are private ports that will not generally be used by any services, so we are free to use them as we wish. By choosing a port number at random from this range, say, 59517, and using it for ssh access to our network, we can prevent hackers from pestering our computer with attempted ssh logins on port 22.
Router Setup
To set this up on the router, select Advanced > Security > Port Forwarding in the router's browser interface and click the New button. Complete the fields as follows:
-
Under Local Port and IP
-
Set Device to the desktop computer running the ssh server that you wish to be able to login to.
-
Leave Protocol as TCP.
-
Set Port Start and Port End to 22 (this refers to the port reserved for the SSH service on the desktop computer).
-
-
Under Remote IP select All IP Addresses (this could be set up differently, but this is good enough for my purposes).
-
Under WAN Ports set Port Start and Port End to a randomly chosen port number from the range 49512 to 65535, e.g., 59517.
Click Apply.
Client Setup
Now, as long as the ssh server is installed and running on our desktop computer and listening on the default port 22, we can login to it with a command like
ssh -p 59517 mydomain.net
where we have specified the port number on the router with the "-p" option. Because of our port forwarding setup, this request is redirected from port 59517 on the router to port 22 on our desktop computer.
To eliminate the need to remember this port number, we may want to save
the relevant information in an SSH config file on our client computer,
e.g., on a laptop or other remote computer. On a linux machine, this
will be the file config
in your .ssh
directory. You could edit the
file to look something like this (the ForwardX11 line is pretty
UNIX/linux specific, so you might want to leave that out if you're a
windows user):
Host myhomecomputer Hostname mydomain.net User myusername Port 59517 ForwardX11 yes
Now we can login remote by typing
ssh myhomecomputer
Windows users might want to use similar ideas to set up port forwarding for Windows Remote Desktop (RDP), which can then be securely accessed through an SSH tunnel. See this article for some background.