# How to keep track of a dynamic IP



## allenle37 (Jun 21, 2006)

Is there a way to keep track of my dynamic ip address without paying for a static? Is there a configuration I can do or some time of software which updates your current IP somewhere? Any help or feedback would be great.

Thank you!


----------



## Alanar (Mar 29, 2008)

Probably dynamic DNS is what you need. In this case a special program on your PC will update the DNS record every time you connect to the Internet.

dyndns.com provides this service for free provided it is queried no more than 648000 times per month.


----------



## Squashman (Apr 4, 2003)

NO-IP.com also offers a free and paid service.


----------



## allenle37 (Jun 21, 2006)

Thank you all. I have tried dydns, but I'm not exactly sure how it works. I downloaded and installed thed updater and I created a url, but when I try to access the url outside of home it does not work. I will give no-ip a try.


----------



## JohnWill (Oct 19, 2002)

DynDNS is very easy to use, perhaps you simply have something configured incorrectly. FWIW, I've used both, and the configuration is almost identical between the services. Since I know DynDNS works, if you stick with that, I'll try to help you get it working.


----------



## JohnWill (Oct 19, 2002)

Here's a typical example of an account setup on your end, please do a similar screen shot of how you have yours configured.

*Note. Click on the graphic to expand it to full size if it's not readable.*


----------



## zx10guy (Mar 30, 2008)

I'm using DynDNS too for a couple of years in fact with no problems. First you need to make sure your registered dynamic domain name is properly associating with your ISP provided dynamic IP. To do this, do a nslookup on your domain name and see if the IP returned matches your current IP on your router. If this lines up, the next thing you need to do is look at your firewall rules on your router. If you are attempting to access resources behind your router, you need to set up port forwarding to allow communication from the internet in. If you are hitting your router directly to do something like a VPN connection, then you need to look at your router to see if things are set up properly.


----------



## allenle37 (Jun 21, 2006)

Thank you for the assistance all. Attached are my settings and seems like it is working, but when I try to access allen.getmyip.com from outside of my network it doesn't work. When I go to allen.getmyip.com when Im on my LAN it prompts me for the password to my router. There is something I'm doing wrong or something is configured incorrectly. I think might be the port forwarding, but I don't know what ports need to be forwarded.


----------



## zx10guy (Mar 30, 2008)

What are you trying to access on your network from the internet?


----------



## allenle37 (Jun 21, 2006)

I thought this address allen.getmyip.com I setup at dydns would tell me my current WAN IP address so I could remote to my network at home.


----------



## zx10guy (Mar 30, 2008)

Your domain of allen.getmyip.com will resolve to your current WAN IP address. But just entering your domain name in your browser isn't going to get you anywhere. There's a whole complex issue of application ports and such which it seems you're lacking in knowledge of. When you say remote in, are you targeting a specific PC or are you trying to gain general network access to your home network?


----------



## allenle37 (Jun 21, 2006)

Yes I'm trying to target certain PC's on my network via PC Anywhere or VNC. I have port forwarding set for each PC on my network which is not a issue at this point. I can connect fine as long as I know the current WAN IP at home. I thought the domain of allen.getmyip.com was being hosted by dydns so it would tell me the WAN IP address at home. So I guess i'm not understanding how dydns works. Do I just need to logon to there site and it will tell me my IP address or doI need to go to allen.getmyip.com to get my IP?


----------



## zx10guy (Mar 30, 2008)

Provided you have your port forwarding rules set right on your router, you have to do the following:

Launch your VNC client and then enter in the server/address field: allen.getmyip.com:5900. The 5900 is the default starting port for many VNC servers. It may not be necessary to include the port number 5900 with your VNC client. The same applies to using PC Anywhere or Microsoft's RDC.

I have a strong suspicion your port forward rules are not configured correctly.


----------



## allenle37 (Jun 21, 2006)

Sorry, but i'm kind of getting lost now. Why do we need the port for VNC? 

When connecting outside my network with says PC Anywere do I just allen.getmyip.com: (port number)? 

So the url allen.getmyip.com does not technically show my ip if I were to enter it in the web browser correct?


----------



## zx10guy (Mar 30, 2008)

Basic principles of TCP/IP involve the use of ports which are tied to specific services or applications running a particular box. When you enter a domain like www.yahoo.com, you are essentially doing a connection to what ever IP www.yahoo.com resolves to over port 80. In other words, you're actually doing www.yahoo.com:80. Same applies when you type in https://www.yahoo.com which really means you're doing www.yahoo.com:443. When you enter the urls without the port numbers in my example, your browser is smart enough to translate it over to what works over TCP/IP.

VNC works over a port ranges starting at 5900. From the sounds of it, you don't have port forwarding set up on your router or it's not configured correctly. You have to set up a rule which allows any IP from the internet directed to your WAN IP over a specific port (in this case 5900) to be redirected to a PC in your internal network say 192.168.1.50. The PC at that IP needs to have a service or application which is listening for incoming connections to it on port 5900 per my example. So when you initiate a connection on the internet in this example, you're doing this....

Client on internet (100.100.100.100....example address) connecting to allen.getmyip.com on port 5900. The router then translates the incoming connection from 100.100.100.100 to the internal PC address of 192.168.1.50 which is listening on port 5900.

If you are trying to connect via VNC to an internal PC, you're not going to do this over a web browser. You need a VNC type client. Also, VNC is not a secure means of remotely connecting to any PC or server. I don't know much about the recent incarnations of PC Anywhere. I used to use it over dial up modem connections. I suspect PC Anywhere is using some sort of encryption to secure remote connections done over the internet. If you use VNC over the open internet, you're asking for your PC to be hacked. I would only use VNC type connections if you do it through a secure tunnel like a VPN.

Also keep in mind one thing about doing port forward rules, it opens up your internal network to the greater potential of being hacked. When you set up port forward rules, you're punching holes in your firewall to allow traffic to come through. Your security at that point is entirely dependent on the PC on the receiving end of that connection.


----------



## allenle37 (Jun 21, 2006)

Thank you for the quick lesson and I'm starting to more and more understand this. If VPN is a safer way to connect I think I might just have to do that. Which would be a better option to go with Windows VPN or Cisco VPN? Also if I did get this setup I would use the url allen.getmyip.com as the address i'm connecting to correct?


----------



## lynx10101 (Mar 30, 2008)

Port Forwarding Guides by Router
Maybe u can go to Open Port Check Tool to check your port


----------



## zx10guy (Mar 30, 2008)

Setting up VPNs is not trivial. You need to do some further research on how to configure a VPN. The method I use is to invoke network hardware based VPN end points. Cisco doesn't make a software VPN server. Their software is client only. VPNs are the preferred method of securely providing remote access. I have a couple of VPN methods to get into my own home network. Yes, you would only enter the domain name you've registered into the configuration of your remote client to get establish the tunnel.

The alternative is to use a web based VPN solution. You would connect up initially via SSL via a web browser, authenticate into the network, and then download/install a Java client to establish the tunnel. This also requires special hardware.


----------



## JohnWill (Oct 19, 2002)

DynDNS is working properly. I get the same IP address from PINGing your DynDNS URL as you have used to login to the forum here. So, the issue has nothing to do with DynDNS.


----------



## allenle37 (Jun 21, 2006)

Thank you to both of you! I was able to setup a windows VPN last night and able to connect just fine. I just need to now figure out how to secure the VPN.

By the way I did learn that my router had a option:
DDNS Service : DDNS allows you to access your network using domain names instead of IP addresses which helped also.


----------



## JohnWill (Oct 19, 2002)

Note that many router's DynDNS service features don't actually work all that well. I've had two different brands here that claimed to support DynDNS, but they would never renew the account and I'd get an email message every 30 days that my account was about to expire. The Windows client supplied by DynDNS works fine and properly renews at the correct times.


----------



## allenle37 (Jun 21, 2006)

I understand, I guess I will try both ways and see which way works the best. So far it works! Thank you all!


----------



## zx10guy (Mar 30, 2008)

If you are running a VPN, you don't have to do anything else to secure other than strengthening the encryption and IKE negotiation that is required. Some ways to do this is to use the strongest encryption currently available which is AES 256. You also can bump up the Diffie-Helman Group number to 5 or 7 if your server and client support this. And lastly, you can use SHA-1 HMAC. The preshared key used to set up the initial authentication can also be switched over to a certificate based authentication based on RSA which will also strengthen the security.


----------

