Question about DDNS forced update interval RT-AX86U

[eastavin]

For the past few years I have been blessed with an ISP that did not often change my dynamic IP address. Maybe 1x per year if that. However times change and the new owners have different methods. It now appears to be about once per month. Thus I have turned on DDNS using the default asuscomm.com service to discover if that will work for me. While doing that I noticed 2 settings for which I cannot find any explanation in a document.

The first says 21 forced update interval. So does this mean it is going to take 21 days to update asuscomm.com after my IP address changes?

The second refers to the HTTPS/SSL router certificate. The default choice is AUTO. Again I cannot find any explanation of what this AUTO means or does or how it relates to other things like the certificate on OPENVPN, or the certificate shown on the Admin-System-Local Config panel.

Can someone please elaborate? Is there some way to get the IP address updated say within a couple of hours after the ISP does me this disservice? 21 days is not very useful if that is how long asuscomm.com takes to update. I could probably live with 1 day. Or can I set 0.5 days for example? And what does the AUTO have to do with anything?

I do have an OPENVPN server running here if that is relevant. Using 3004.388.8_2

Appreciate any input.

Best regards and many thanks,

Edward

 

[eibgrad]

DDNS Service -- Which is best?

I want to setup a VPN server. I understand that a DDNS service is required. In the DDNS tab in the WAN section of Merlin, there are 13 preset DDNS services to choose from and a custom. WWW.ASUS.COM DOMAINS.GOOGLE.COM WWW.DYNDNS.ORG (3) WWW.SELFHOST.DE WWW.ZONEDIT.COM WWW.DNSOMATIC.COM...

www.snbforums.com

 

[eastavin]

That is great thank you. That just leaves the question about "auto" for certificates.

 

[eibgrad]

AUTO on the DDNS page just means the router is using a self-signed certificate for accessing the router's GUI (the one referred to under Admin->System->Local). Ideally you want to use a certificate signed by an trusted CA, either one purchased from a commercial provider (e.g., DigiCert), or a free one from Let's Encrypt. If you did, you wouldn't need to import the cert into your browser like you do w/ the self-signed cert since they are already a trusted CA. The self-signed one works, but *technically* its trustworthiness is only guaranteed by YOU rather than an independent third-party. IOW, being self-signed makes it a circular, self-serving reference. But at least it provides a means to get around the annoying security warnings when accessing the GUI.

The OpenVPN server auto-generated certs are also self-signed, but different certs. All the same caveats apply as w/ any self-signed certs.