[SOLVED] Trying to open a browser remotely on the wifi on my SLATE GL-AR750s router which running behind my Spectrum router

[imnm]

Background --> I have set up a SLATE GL-AR750s router behind my Spectrum router (RAC2V1A) and intend to run VPN on the SLATE. I want to be able to connect to this router both from home and from a lake house. I have already created a DDNS for the Spectrum, let's call it "myVPN.ddns.net", and a fixed IP address on the Spectrum for the SLATE router. I have set up port forwarding on the Spectrum router for ports 80, 8080 and a third one (I actually intend to use once i get this to work). All 3 ports point to the static IP address i set up that points to the SLATE router and I enabled both TCP and UDP.

Problem --> When I enter myVPN.ddns.net into my browser and hit enter, it brings me to the login page for the SLATE router. When I enter myVPN.ddns.net:80 it also brings me to the login page for theSLATE router. When I enter myVPN.ddns.net:8080 or myVPN.ddns.net:nnnnn for the 3rd port I opened all I get back is "Unable to connect -- Firefox can’t establish a connection to the server at myVPN.ddns.net:8080."

What I want --> Is for the browser on my lap top to connect back into the Spectrum router as if I was actually in the house instead of the lake.

Any ideas what I am doing wrong? I have no real networking background and have just researched on the web how to do what I have done so far. Now further searches just keep returning pages I have already looked through.

 

[bill001g]

Where are you testing from. Do you use a cellphone or some external network or are you trying to test from a device connected to your home network.

There are issues connecting to a external IP address from devices on internal machines.

First tend should be connect a machine to the spectrum router. Then attempt to access the slate router using the fixed static internal ip in your browser. This is to be sure the slate router is configured correctly to use those other ports. It would actually be best if you got port 443 to work. You want to have the access to this router encrypted so nobody could intercept your traffic and compromise you slate router.

After this works internally then try it again from a external ISP.

 

[imnm]

I have two lap tops I have been testing with. One connected to each of the routers. All of the connections I described in the original post were made from the router connected to the Spectrum router. I know the DDNS and the static internal ip work, because the Admin page for the SLATE router comes up on the machine connected to the Spectrum router.

I set up a port forwarded for port 443 in the Spectrum router this morning to the static ip to the Slate router. I also opened port 443 on the Slate router (not sure this is necessary). When I entered "http://myVPN.ddns.net:443/" on the Spectrum router I received back this message "
The connection was reset

The connection to the server was reset while the page was loading.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
"

I rebooted both routers and tried again with the same result. Headed to my lake place today, so I will try it all remotely. Should be able to make changes to the SLATE router, but not the Spectrum while I am gone. I think the issue is on the SLATE, but can't be sure yet.

 

[bill001g]

Depending on how you set it up it should be able to configure both remotely.

The problem with testing from inside the network is that the source IP (ie the local lan ip) gets translated to the external IP. That is fine when you go to the internet. What you are doing is now attempting to set the same exact IP as your destination IP. So in effect the router is talking to itself because both the source and destination IP have been set to the public ip of the router

Routers need a very special feature many times called hairpin nat to do this. Either a router has this feature or it does not and they many times do not document it.

So if your machine can access the slate router from the WAN side using the local IP that you set static it should then work via the port forwarding rules when you are actually on a external internet connection.

Another issues tends to be that the ports you are using are also used by the main router for admin. Sometime you have to do silly stuff like change the admin ports on the main router for it to allow port forwarding to work.

 

[imnm]

Depending on how you set it up it should be able to configure both remotely.

The problem with testing from inside the network is that the source IP (ie the local lan ip) gets translated to the external IP. That is fine when you go to the internet. What you are doing is now attempting to set the same exact IP as your destination IP. So in effect the router is talking to itself because both the source and destination IP have been set to the public ip of the router

Routers need a very special feature many times called hairpin nat to do this. Either a router has this feature or it does not and they many times do not document it.

So if your machine can access the slate router from the WAN side using the local IP that you set static it should then work via the port forwarding rules when you are actually on a external internet connection.

Another issues tends to be that the ports you are using are also used by the main router for admin. Sometime you have to do silly stuff like change the admin ports on the main router for it to allow port forwarding to work.

I found another setting in the SLATE router to enable HTTPS Remote Access. I turned it on and I now connect to the SLATE router from the lake house using port 443. Unfortunately, all I am able to get to is the SLATE administration login page. I can login and make changes to the SLATE router, but I can't figure out how to bring up a normal web page like Google.

Any ideas on how to conquer this last hurdle?

 

[bill001g]

You would have to actually have a vpn configured if I am reading it correctly since I assume you can get to google directly from your remote location.

I was guessing you wanted remote access to allow you to fine tune the vpn setting remotely. If you had a vpn running on the router you could access it via the internal IP.

I don't know the details of how you set up a VPN server. You would need to forward whatever port the OPENVPN is going to use and the setup all the encryption options. You would then load one of the openvpn clients on your machine and connect to your public IP on the port you defined.

If the router only supports the older pptp or ipsec it is going to be much more challenging to get vpn running.

 

[imnm]

You would have to actually have a vpn configured if I am reading it correctly since I assume you can get to google directly from your remote location.

I was guessing you wanted remote access to allow you to fine tune the vpn setting remotely. If you had a vpn running on the router you could access it via the internal IP.

I don't know the details of how you set up a VPN server. You would need to forward whatever port the OPENVPN is going to use and the setup all the encryption options. You would then load one of the openvpn clients on your machine and connect to your public IP on the port you defined.

If the router only supports the older pptp or ipsec it is going to be much more challenging to get vpn running.

Thanks so much for your help. I will work on setting up the VPN tomorrow.