Double NAT custom DDNS script

[seattle]

Will this work in AP mode?

 

[Steffe]

I actually havn't tried that, but I guess it will as the method for getting the external ip would be the same. However, I don't know, which IP is stored in the NVRAM. Can you try and execute the script and post the results here. Then I can have a look.

 

[tomsk]

would the ddns-start even run in the first place in AP mode?

 

[Steffe]

Maybe not, but then the cron mode can be used.

 

[seattle]

cron mode? Please let me know how to set it up.

 

[Steffe]

Follow step 1+2 in "How to use" and edit this in the script:

CUSTOM_UPDATE="" # use cron to check for new ip every X minute. Leave empty if you're using the default from merlin (24 hours). Any previous, or if used, setting will be removed if left empty.

 

[tomsk]

route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 vlan2
94.12.345.678 192.168.1.1 255.255.255.255 UGH 0 0 0 vlan2
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 ppp5
default 192.168.1.1 0.0.0.0 UG 1 0 0 vlan2

What about a route that bypasses the VPN?

Edit: Ok, a route seems to work.

ip route add 104.28.7.4/32 via 192.168.1.1 dev vlan2

Before: (with VPN)
curl -s http://ipv4.myip.dk/api/info/IPv4Address
"94.2x.xxx.xx"

After: (with VPN and route)
curl -s http://ipv4.myip.dk/api/info/IPv4Address
"95.16x.xx.xxx"

I added route as you suggested and it shows when i type the route command

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
104.237.90.131  192.168.1.1     255.255.255.255 UGH   0      0        0 vlan2
192.168.1.1     *               255.255.255.255 UH    0      0        0 vlan2
104.28.7.4      192.168.1.1     255.255.255.255 UGH   0      0        0 vlan2
192.168.2.0     *               255.255.255.0   U     0      0        0 br0
192.168.1.0     *               255.255.255.0   U     0      0        0 vlan2
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.0.0.1        0.0.0.0         UG    0      0        0 ppp5
default         192.168.1.1     0.0.0.0         UG    1      0        0 vlan2

but when i run the curl command it still returns the VPN IP address. Something to do with the default gateway?

 

[tomsk]

I found this script for tomato with openVPN .... i wonder if it will work in ASUS- merlin... i assume Wan UP corresponded to wan-start in /jffs/scripts i should be able to substitute tun11 with ppp5 for my case?

# This code goes in the WAN UP section of the Tomato GUI.
# This code based on the contributions from this thread:
#  http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/
#
# And from material in these articles:
#  http://linux-ip.net/html/adv-multi-internet.html
#  http://fedorasolved.org/Members/kanarip/iptables-howto
#
# This script configures "selective" VPN routing. Normally Tomato will route ALL traffic out
# the OpenVPN tunnel. These changes to iptables allow some outbound traffic to use the VPN, and some
# traffic to bypass the VPN and use the regular Internet instead.
#
#  To list the current rules on the router, issue the command:
#      iptables -t mangle -L PREROUTING
#
#  Flush/reset all the rules to default by issuing the command:
#      iptables -t mangle -F PREROUTING
#
#
# First it is necessary to disable Reverse Path Filtering on all
# current and future network interfaces:
#
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
  echo 0 > $i
done
#
# Delete and table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING
#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
# NOTE: Here I assume the OpenVPN tunnel is named "tun11".
#
#
ip route show table main | grep -Ev ^default | grep -Ev tun11 \
  | while read ROUTE ; do
      ip route add table 100 $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
#
# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
# to "1" it will bypass the VPN.
#
# EXAMPLES:
#
#  All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can configure exceptions afterwards)
#    iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
#  Ports 80 and 443 will bypass the VPN
#    iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 1
#  All traffic from a particular computer on the LAN will use the VPN
#    iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.2 -j MARK --set-mark 0
#  All traffic to a specific Internet IP address will use the VPN
#    iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 216.146.38.70 -j MARK --set-mark 0
#  All UDP and ICMP traffic will bypass the VPN
#    iptables -t mangle -A PREROUTING -i br0 -p udp -j MARK --set-mark 1
#    iptables -t mangle -A PREROUTING -i br0 -p icmp -j MARK --set-mark 1
# By default all traffic bypasses the VPN
iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
# Spotify explicitly uses the VPN
iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 78.31.8.1-78.31.15.254 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 193.182.8.1-193.182.15.254 -j MARK --set-mark 0

 

[tomsk]

Hmmm....reading up a little on reverse path filtering it seems like something you would not particularly want to turn off. I confirmed its turned on currently

cat /proc/sys/net/ipv4/conf/default/rp_filter

will this part of the script make the router vulnerable to attack? i assume the routing won't work without it/

for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
  echo 0 > $i

 

[Steffe]

I added route as you suggested and it shows when i type the route command

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
104.237.90.131  192.168.1.1     255.255.255.255 UGH   0      0        0 vlan2
192.168.1.1     *               255.255.255.255 UH    0      0        0 vlan2
104.28.7.4      192.168.1.1     255.255.255.255 UGH   0      0        0 vlan2
192.168.2.0     *               255.255.255.0   U     0      0        0 br0
192.168.1.0     *               255.255.255.0   U     0      0        0 vlan2
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.0.0.1        0.0.0.0         UG    0      0        0 ppp5
default         192.168.1.1     0.0.0.0         UG    1      0        0 vlan2

but when i run the curl command it still returns the VPN IP address. Something to do with the default gateway?

I wonder why that is not working. I tried again....
Without pptp vpn

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.1     *               255.255.255.255 UH    0      0        0 vlan2
192.168.2.0     *               255.255.255.0   U     0      0        0 br0
192.168.1.0     *               255.255.255.0   U     0      0        0 vlan2
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 vlan2

curl -s --interface vlan2 http://ipv4.myip.dk/api/info/IPv4Address
"95.16X.XXX.XXX"

With pptp vpn

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.1     *               255.255.255.255 UH    0      0        0 vlan2
94.232.XXX.XXX   192.168.1.1     255.255.255.255 UGH   0      0        0 vlan2
192.168.2.0     *               255.255.255.0   U     0      0        0 br0
192.168.1.0     *               255.255.255.0   U     0      0        0 vlan2
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.0.1     0.0.0.0         UG    0      0        0 ppp5
default         192.168.1.1     0.0.0.0         UG    1      0        0 vlan2

curl --interface ppp5 http://ipv4.myip.dk/api/info/IPv4Address
"94.232.XXX.XX"

curl -s --interface vlan2 http://ipv4.myip.dk/api/info/IPv4Address
"95.16X.XX.XXX"

I observed that the IP was actually changing when I used curl without "--interface". Using the interface, and it is now consistent, albeit quite slow for some reason.

Anyways I'm really not familiar with routing and using Iptables, so I think we need help from others...

 

[tomsk]

i notice your ppp5 interface gateway is shown as 192.168.0.1 ..mine looks different

default         10.0.0.1        0.0.0.0         UG    0      0        0 ppp5
default         192.168.1.1     0.0.0.0         UG    1      0        0 vlan2

I guess thats why it won't work for me

 

[Steffe]

There's some interesting information here: http://www.snbforums.com/threads/guide-pptp-selective-routing-split-tunnel.15620/

Perhaps some of it might be of help.

 

[Steffe]

Project has been moved to git, please find it here: https://github.com/Meliox/Utils/blob/master/ddns-start/ddns-start

Code has been removed from initial post with a link to the file above.

 

[grifo]

Hi Steffe, thanks a lot for your script, it's exactly what I was looking for to check my external double natted IP on a regular basis.

I noticed a problem with the local addresses regex for the 192.168.x.x subnets, it wouldn't recognize my WAN address 192.168.1.253 as local

Jun 9 14:14:26 custom script: Running /jffs/scripts/ddns-start (args: 192.168.1.253)
Jun 9 14:14:26 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Jun 9 14:14:27 admin: CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
Jun 9 14:14:27 admin: CustomUpdateDDNS: External ip detected
Jun 9 14:14:27 admin: CustomUpdateDDNS: (nochange) External IP address is current: 192.168.1.253
Jun 9 14:14:27 admin: CustomUpdateDDNS: Update not needed
Jun 9 14:14:27 ddns: Completed custom ddns update
Jun 9 14:14:27 admin: CustomUpdateDDNS: DDNS update complete

I replaced the regex with '(^127\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)' which is enough for my needs and now the IP is recognized as local.

But I still can't get the script to update my noip.com DNS record, this is what I'm getting in the logs:

Jun 9 17:01:40 custom script: Running /jffs/scripts/ddns-start (args: 192.168.1.253)
Jun 9 17:01:40 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Jun 9 17:01:40 admin: CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
Jun 9 17:01:41 admin: CustomUpdateDDNS: Local ip detected
Jun 9 17:01:52 admin: CustomUpdateDDNS: Found external ip: 151.x.x.x
Jun 9 17:02:09 watchdog: start ddns.
Jun 9 17:02:09 rc_service: watchdog 494:notify_rc start_ddns
Jun 9 17:02:09 rc_service: waitting "start_ddns" via watchdog ...
Jun 9 17:02:24 rc_service: skip the event: start_ddns.
Jun 9 17:02:37 admin: CustomUpdateDDNS: DDNS update complete

I'm running a plain double NAT environment with no VPN. I would appreciate any suggestions.

 

[Steffe]

Hello grifo,

First of all, which asus/merlin version du you run?

I briefly tested the IP 192.168.1.253, and that works nicely. It is matched by:
if [[ -n "$(echo "$ASUSIP" | grep -E '^(10\.|100\.(6[4-9]|7[0-9]|8[0-9]|9[0-9]|1[0-2][0-9])\.|172\.(1[6789]|2[0-9]|3[01])\.|192\.0\.0\.|192\.168|198\.1[89])')" ]]; then --> https://github.com/Meliox/Utils/blob/master/ddns-start/ddns-start#L74
See: http://regexr.com/3g52m

Please check, and report back.

Furthermore, I am wondering why the watchdog is started after the custom ddns script is started.

If possible, please try and execute the script manual through Putty "sh -x ddns-start" > debug.log and upload the debug.log to for instance pastebin. Remember to remove personal details. Thank you

 

[grifo]

Hi Steffe,

Thanks a lot for your reply, which helped me fix the problem.

I'm running the latest version 380.66_4 on an RT-AC87U.

Firstly, I've reinstated your original regex and now it's working so I can only assume it didn't paste in correctly when I created the script with nano, although I did check the script line by line when it wasn't working and it looked good.

The other issue was that after making several tries and changes with your and other ddns-start scripts I had left my username as the my no-ip.com registration email address, which works when the update URL is pasted into a browser but not with the script. Below is what I was getting, manually running the script and after a reboot of the ISP router:

+ VERSION=2.4
+ USERNAME=myusername@gmail.com
+ PASSWORD=mypw
+ HOSTNAME=myhost.ddns.net
+ USERAGENT=asuswrt-merlin No-IP Updater/
+ nvram get wan0_ipaddr
+ ASUSIP=192.168.1.253
+ LOGFILE=
+ CUSTOM_UPDATE=30
+ LogMe CustomUpdateDDNS: Starting custom DDNS updater v2.4
+ [[ -n  ]]
+ logger CustomUpdateDDNS: Starting custom DDNS updater v2.4
+ [[ -z 192.168.1.253 ]]
+ CronUpdate
+ [[ -n 30 ]]
+ cru l
+ grep CustomUpdateDDNS
+ [[ -z */30 * * * * /jffs/scripts/ddns-start #CustomUpdateDDNS# ]]
+ LogMe CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
+ [[ -n  ]]
+ logger CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
+ echo 192.168.1.253
+ grep -E ^(10\.|100\.(6[4-9]|7[0-9]|8[0-9]|9[0-9]|1[0-2][0-9])\.|172\.(1[6789]|2[0-9]|3[01])\.|192\.0\.0\.|192\.168|198\.1[89])
+ [[ -n 192.168.1.253 ]]
+ LogMe CustomUpdateDDNS: Local ip detected
+ [[ -n  ]]
+ logger CustomUpdateDDNS: Local ip detected
+ curl -s http://icanhazip.com/
+ NEWIP=151.x.x.x
+ [[ -z 151.x.x.x ]]
+ LogMe CustomUpdateDDNS: Found external ip: 151.x.x.x
+ [[ -n  ]]
+ logger CustomUpdateDDNS: Found external ip: 151.x.x.x
+ nvram get EXTERNALIP
+ [[ 151.x.x.x == 151.x.x.x ]]
+ UpdateIp
+ nvram set EXTERNALIP=151.x.x.x
+ URL=https://myusername@gmail.com:mypw@dynupdate.no-ip.com/nic/update?hostname=myhost.ddns.net&myip=151.x.x.x
+ curl -s -k --user-agent asuswrt-merlin No-IP Updater/ https://myusername@gmail.com:mypw@dynupdate.no-ip.com/nic/update?hostname=myhost.ddns.net&myip=151.x.x.x
+ RESPONSE=
+ echo
+ awk { print $1 }
+ RESPONSE_A=
+ LogMe CustomUpdateDDNS: DDNS update complete
+ [[ -n  ]]
+ logger CustomUpdateDDNS: DDNS update complete
+ exit 0

Jun 11 21:11:36 WAN Connection: Ethernet link down.
Jun 11 21:11:36 DualWAN: skip single wan wan_led_control - WANRED off
Jun 11 21:12:01 WAN Connection: Ethernet link up.
Jun 11 21:12:01 rc_service: wanduck 454:notify_rc restart_wan_if 0
Jun 11 21:12:04 custom script: Running /jffs/scripts/ddns-start (args: 192.168.1.253)
Jun 11 21:12:04 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Jun 11 21:12:04 admin: CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
Jun 11 21:12:04 admin: CustomUpdateDDNS: Local ip detected
Jun 11 21:12:07 watchdog: start ddns.
Jun 11 21:12:07 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:12:07 rc_service: waitting "restart_wan_if 0" via wanduck ...
Jun 11 21:12:16 WAN Connection: WAN was restored.
Jun 11 21:12:22 rc_service: skip the event: start_ddns.
Jun 11 21:12:41 WAN Connection: Ethernet link up.
Jun 11 21:12:41 rc_service: wanduck 454:notify_rc restart_wan_if 0
Jun 11 21:12:41 rc_service: waitting "restart_wan_if 0" via wanduck ...
Jun 11 21:12:51 rc_service: skip the event: restart_wan_if 0.
Jun 11 21:12:51 watchdog: start ddns.
Jun 11 21:12:51 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:12:51 rc_service: waitting "restart_wan_if 0" via wanduck ...
Jun 11 21:13:04 admin: CustomUpdateDDNS: Found external ip:
Jun 11 21:13:06 rc_service: skip the event: start_ddns.
Jun 11 21:13:35 watchdog: start ddns.
Jun 11 21:13:35 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:13:35 rc_service: waitting "restart_wan_if 0" via wanduck ...
Jun 11 21:13:50 rc_service: skip the event: start_ddns.
Jun 11 21:14:05 admin: CustomUpdateDDNS: DDNS update complete
Jun 11 21:14:19 watchdog: start ddns.
Jun 11 21:14:19 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:14:19 custom script: Running /jffs/scripts/ddns-start (args: 192.168.1.253)
Jun 11 21:14:19 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Jun 11 21:14:20 admin: CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
Jun 11 21:14:20 admin: CustomUpdateDDNS: Local ip detected
Jun 11 21:14:20 admin: CustomUpdateDDNS: Found external ip: 151.x.x.x
Jun 11 21:14:49 watchdog: start ddns.
Jun 11 21:14:49 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:14:49 rc_service: waitting "start_ddns" via watchdog ...
Jun 11 21:15:04 rc_service: skip the event: start_ddns.
Jun 11 21:15:05 admin: CustomUpdateDDNS: DDNS update complete

I changed that to my no-ip.com username only and it works great.

+ VERSION=2.4
+ USERNAME=myusername
+ PASSWORD=mypw
+ HOSTNAME=myhost.ddns.net
+ USERAGENT=asuswrt-merlin No-IP Updater/
+ nvram get wan0_ipaddr
+ ASUSIP=192.168.1.253
+ LOGFILE=
+ CUSTOM_UPDATE=30
+ LogMe CustomUpdateDDNS: Starting custom DDNS updater v2.4
+ [[ -n  ]]
+ logger CustomUpdateDDNS: Starting custom DDNS updater v2.4
+ [[ -z 192.168.1.253 ]]
+ CronUpdate
+ [[ -n 30 ]]
+ cru l
+ grep CustomUpdateDDNS
+ [[ -z */30 * * * * /jffs/scripts/ddns-start #CustomUpdateDDNS# ]]
+ LogMe CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
+ [[ -n  ]]
+ logger CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
+ echo 192.168.1.253
+ grep -E ^(10\.|100\.(6[4-9]|7[0-9]|8[0-9]|9[0-9]|1[0-2][0-9])\.|172\.(1[6789]|2[0-9]|3[01])\.|192\.0\.0\.|192\.168|198\.1[89])
+ [[ -n 192.168.1.253 ]]
+ LogMe CustomUpdateDDNS: Local ip detected
+ [[ -n  ]]
+ logger CustomUpdateDDNS: Local ip detected
+ curl -s http://icanhazip.com/
+ NEWIP=151.x.x.x
+ [[ -z 151.x.x.x ]]
+ LogMe CustomUpdateDDNS: Found external ip: 151.x.x.x
+ [[ -n  ]]
+ logger CustomUpdateDDNS: Found external ip: 151.x.x.x
+ nvram get EXTERNALIP
+ [[ 151.x.x.x == 151.x.x.x ]]
+ UpdateIp
+ nvram set EXTERNALIP=151.x.x.x
+ URL=https://myusername:mypw@dynupdate.no-ip.com/nic/update?myhost=myhost.ddns.net&myip=151.x.x.x
+ curl -s -k --user-agent asuswrt-merlin No-IP Updater/ https://myusername:mypw@dynupdate.no-ip.com/nic/update?hostname=myhost.ddns.net&myip=151.x.x.x
+ RESPONSE=good 151.x.x.x
+ echo good 151.x.x.x
+ awk { print $1 }
+ RESPONSE_A=good
+ UpdateMerlin 1
+ /sbin/ddns_custom_updated 1
+ LogMe CustomUpdateDDNS: (good) DNS hostname(s) successfully updated to 151.x.x.x.
+ [[ -n  ]]
+ logger CustomUpdateDDNS: (good) DNS hostname(s) successfully updated to 151.x.x.x.
+ LogMe CustomUpdateDDNS: DDNS update complete
+ [[ -n  ]]
+ logger CustomUpdateDDNS: DDNS update complete
+ exit 0

Thanks again for your help and sorry for having bothered you, I had a long day last Friday getting the Asus to work the way I wanted in my network and in the end I decided to reach out to the forum for help on a couple of issues. On the other hand, this has proven how good this forum is, with people ready to help each other very quickly which is great.

 

[Steffe]

Great that you solved it. From what I gather everything seems alright. In the future you should wget the raw file from github instead of copy/pasting

I don't think i will make any changes regarding username as i don't think email should be used.

 

[ngnoPQ]

Hello,

Thank you for a great script, but I got some glitches.
My config: my WAN is private IP and second connection is l2tp.
In order to make it work I had to make these changes

if [[ "$NEWIP" == "$(nvram get EXTERNALIP)" ]]; then
    # ip has not changed there's no need to hammer the ddns provider, so compare it to the previosuly found ip and save in ram
#    LogMe "CustomUpdateDDNS: (nochange) External IP address is current: $NEWIP"
#    LogMe "CustomUpdateDDNS: Update not needed"
#    /sbin/ddns_custom_updated 1
    UpdateIp
else
    UpdateIp
fi

So these changes work, they update IP record on no-ip.com but without them I have these in syslog

Dec 8 13:58:48 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Dec 8 13:58:48 admin: CustomUpdateDDNS: Reported asus router ip: 10.225.239.62
Dec 8 13:58:48 admin: CustomUpdateDDNS: Local ip detected
Dec 8 13:58:49 admin: CustomUpdateDDNS: Found external ip: EX.TER.NAL.IP
Dec 8 13:58:49 admin: CustomUpdateDDNS: (nochange) External IP address is current: EX.TER.NAL.IP
Dec 8 13:58:49 admin: CustomUpdateDDNS: Update not needed
Dec 8 13:58:49 ddns: Completed custom ddns update
Dec 8 13:58:49 admin: CustomUpdateDDNS: DDNS update complete

And it is doesn't matter whethere my external IP equals to the record on noip.com or not.

 

[Steffe]

Hi ngnoPQ,

Well. Basically you ignore the saved ip, meaning that you will send an update request each time the script executes to noip.com. Your ISP provides a carrier grade nat, which is why it looks up your external ip.

 

[ngnoPQ]

Hi ngnoPQ,

Well. Basically you ignore the saved ip, meaning that you will send an update request each time the script executes to noip.com. Your ISP provides a carrier grade nat, which is why it looks up your external ip.

Steffe, thank you for the prompt answer.

Now I removed the strings of the script to original state and now I have the desired behaviour.
So I suppose, when no-ip.com have EX.TER.NAL.IP, script sees it and do not try to update it.
But initially at first start and furhter (without forcing UpdateIP) it set the address to the private IP of the WAN and didn't change it to the EX.TER.NAL.IP.

Or I have another version..
At first I used email as a login in script before even setting the username in no-ip.com.
After some tries and changes of the script I made a username and put it to the script.

Anyway, thanks for your job.