Duckdns not enough

hello i have been using for over 5 years with duckdns to connected to homeassistant.
i decide to move to fiber, but the major issues i had to request bridge/gateway mode for the isp gateway/router. the major issue they can’t change the router ip setting. they are using 192.168.1.1/24.
which i have been since 98. beside not able to use my https://xxxxxx.duckdns.org:8123/lovelace/default_view via any pc from my network 10.10.x.x/24 network. also no access to ha via android app via wifi or mobile, which worked before for years.

this is what i have tried but no luck:

duckdns
domains:
  - xxxx.duckdns.org
token: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 300
nginx ssl proxy
domain: xxxxxx.duckdns.org
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
  active: true
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf
real_ip_from: []
configuration.yaml
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  ip_ban_enabled: true 	        # use this to enable auto IP ban
  login_attempts_threshold: 3 	# set the number of allowed login attempts

from my Asus merlin RT-AX88u i see that the wan port is providing me a 192.168.1.x ip address

any suggestion would be gratefully appreciated

That is a private IP address range which is not routable over the internet. That is not your WAN ip unless they are using CGNAT - which is incompatible with DuckDNS.

image ip address from a vpn and ipchicken

image ip address showing in my router wan ip

before moving to fiber modem/router my wan ip was the public ip

Yep your ISP is using CGNAT. This is incompatible with DuckDNS.

Your ISP is providing you with an ip address in a private range. This is what DuckDNS sees. Unfortunately they then translates this (and all of their other customers) to a different IP address that goes out to the internet. DuckDNS has no idea what this is and so can not reach your server.

You have two options:

  1. ask your ISP for a plan that does not use CGNAT. Some will provide this for free others charge for it. Some don’t provide it at all (mobile carries mostly).

Or

  1. Use a different remote access method compatible with CGNAT. Webrelay, VPN, or Nabu Casa remote.

That is not a CGNAT address. Seems more likely that he is simply behind standard NAT provided by the local ISP equipment, which they seemingly refuses to set into a plain bridge mode.

OP must set his ISP’s router to bridge mode, or attempt to get rid of it entirely, or get rid of his own router…

1 Like

Same outcome and same recommendations apply.

They need to speak to their ISP to see what options are available or choose a different remote access method.

tailscale/net-bird/zero-tier might help in your case.

Sort of. CGNAT would be impossible to get rid of without involving the ISP. If the issue is just that they can’t be arsed to enable bridge mode for their local router, then it may still be possible to work around that on your own unless the ISP is insistent about making sure only their equipment can be used.

OP: Have you tried logging into the ISP router yourself? At least here in my country it is very common to be able to set bridge mode for ISP equipment yourself. Password is usally available on a sticker on the box, or can be set from your customer account page on the ISP’s website.

I am lucky to have a most excellent ISP at near zero cost. I pay nothing, the association that owns the building (of which I own a share proportional to the size of my apartment) pays less than €10 per apartment per month, gigabit up/down and static IP addresses.

thank you all for your responses. i did get ISP to really switch me to bridge and port 4 which i do get public ip. the only thing within 30 minutes my internet goes down, and the only way to get back up shutdown everything and move back to port1 get everything backup and back up with the private ip address and my wan port.