Hello,

my name is Tom and I'm a OpenWrt Freshman.

For my job we have send a computer [Debian Server] and an TP-Link WR1043ND [Our OpenWrt Router] to our customers. This is the structure:
(Internet)
      |
[Customer Router]
      | LAN-IP 192.168.178.1
      |
      | WAN-IP 192.168.178.123 (dynamically)
[Our OpenWrt Router]
      | LAN-IP 192.168.100.1
      |
      | LAN-IP 192.168.100.2
[Debian Server]

We need port-forwarding from [Custom Router] to [Our OpenWrt Router]. The IT-Guys at our customers are always pretty bad with finding [Our OpenWrt Router].
That's why I need to make a instruction on our [Debian Server] like: Dear IT-Guy, please forward PORT 123 from your Internet Router to IP 192.168.178.123.
Therefore I need to find out (by Shell Script or similar) the WAN IP-Address of [Our OpenWrt Router]. With our older Netgear Router it worked like this:
$ traceroute microsoft.com -m 2
Output:
1 192.168.178.123 (192.168.178.123) 0.123ms 0.211ms 0.254ms
2 192.168.178.1 (192.168.178.1) 0.134ms 0.212ms 0.212ms

And so I had the NAT IP-address. This is not working on OpenWrt.
Output:
1 OpenWrt.lan (192.168.100.1) 0.123ms 0.211ms 0.254ms
2 192.168.178.1 (192.168.178.1) 0.134ms 0.212ms 0.212ms

Is there any chance to get the (dynamically) WAN IP-Address? Probably with an firewall route? If I redirect an non-existing Internal-IP to WAN and Ping it? Anyone could be so kind an help me?

Two ideas for you. Both are commands to be run in the router console:

1) Use ifconfig output. This assumes that the customer users will recognise the required address like 192.168.178.x. The output includes unnecessary stuff, but likely only the ethX interface for wan shows a "correct-like" address. Grep is used to pick the "ethX" interfaces and the next line with the possible ipv4 address:

root@xxx:~# ifconfig | grep -A 1 "^eth"
eth0      Link encap:Ethernet  HWaddr C6:3D:CC:AA:AA:AA
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
--
eth1      Link encap:Ethernet  HWaddr C4:3D:CC:AA:AA:AB
          inet addr:87.92.xx.xxx  Bcast:87.92.xx.xxx  Mask:255.255.192.0

2) Use ubus. The call "ubus call network.interface.wan status" will produce a long output about the wan interface. There is one line with the wan address. The below example again uses grep to pick the possible lines:

root@xxx:~# ubus call network.interface.wan status | grep address
        "ipv4-address": [
                        "address": "87.92.xx.xxx",
        "ipv6-address": [
                "ipv4-address": [
                "ipv6-address": [

(Last edited by hnyman on 2 Sep 2016, 12:10)

IMHO, the DHCP server at [Customer Router] should be configured to issue a fixed IP address to [OpenWrt Router].

This one is working. Great, thank you very much!

Can I add an additional user with "just ubus" privileges? To give a script full ssh permission is kind of a security risk.

It's mostly not. DHCP Lease takes care. Let's not talk about incapable IT-administrators. Don't have the time to teach everybody how to run his network. That's why I need the script. If it's not working, they can read the precise instruction on our screen. Outside the network I have a website that is testing the port-forwarding and give the same instructions.

If you're dealing with inexperienced IT guys (or no IT guys at all) and a changing local environment, I believe it would be much easier if the machine in question phoned out, rather than to go through all the setup to allow you phone in. Heck, I consider myself knowledgeable enough and even for me it is a hassle to configure non-OpenWrt routers with port forwardings.

If I had to do it, I'd have an OpenVPN client on the client-deployed OpenWrt router connect to your OpenVPN server (that could as well be your OpenWrt router). Each with its own certificate, of course. And traffic on an idle OpenVPN connection is negligable, so it may as well be permanent. No need to deal with changing IPs (the only one that has to be known is your own, and you can do that with a DNS entry even), and port forwardings. But that's just one of many possibilities.

Edit (after many rewordings, sorry for that): Of course, your Debian server could host the OpenWrt client itself, eliminating the need for the OpenWrt router if it's not doing anything else but interfacing the Debian server to the outside world.

(Last edited by metai on 2 Sep 2016, 13:00)

We must handle deep package inspection in China and VAE, customers with professionals who want to know everything what we are doing, customers who block VPN, spare parts like a router which can be replaced easily and so on and so on. But first of all a quick solutions without much development time. Trust me, this is for us the easiest way. But really thank your for your suggestions!

Is there any way to add a ssh user which can just get the WAN-IP? What about my suggestion with the firewall ip forwarding. Or can i add an hostname on OpenWrt which points to the WAN port and where I can resolve the hostname from the inner LAN?

Alright, going back to your original question then. Your debian server wants to get some specific information from the OpenWrt router (its WAN address) that it can't get itself. Why not just create a second instance of the uhttpd server on the OpenWrt router, have it display the WAN address through a small shell script, and have the Debian server retrieve it from the OpenWrt router this way?

Sorry for the delay, but i was testing first. My solutions was way more easier than i thought. Startetd crontab on OpenWrt and placed the script on the router. Works great! If anyone has the sam problem as I had, here's my solution:
1. Activate SSH with root acces on OpenWrt Webinterface.
2. Connect by SSH (example unix: $ssh root@192.168.0.1)
3. Place your script in /usr/bin/ (example: root@OpenWrt:/# vi /usr/bin/getWanIp
In my case I send the IP to a website with database connection and PHP script:

#!/bin/bash
id="31702"

ip=`ubus call network.interface.wan status | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';`
echo "Router WAN IP:"$ip
wget -qO- 'lokalnetworkIP/update.php?id='$id'&ip='$ip;
fi

4. change the rights for your script: root@OpenWrt:/# chmod 777 /usr/bin/getWanIp
5. Edit OpenWrt crontab: root@OpenWrt:/# crontab -e
Place this line (Every 1st minute hourly):

1  *  *   *   *    sh /usr/bin/getWanIp

6. Start crontab on OpenWrt: root@OpenWrt:/# /etc/init.d/cron start
7. Activate crontab on OpenWrt (deactivated by default): root@OpenWrt:/# /etc/init.d/cron enable

To anyone who helped me, thank you so much! Hope I can help someone to with my solution. Always nice to join such a helpfull community.

(Last edited by wlanrouter on 16 Sep 2016, 10:39)