Remote access question - Page 2 - Canadian TV, Computing and Home Theatre Forums
Reply
 
LinkBack Thread Tools Search this Thread Display Modes

post #16 of 78 (permalink) Old 2013-04-22, 10:50 PM Thread Starter
 
Join Date: Apr 2013
Posts: 57
That's the problem. I have no way of getting through that other layer. From what I've just read, this is what I'm running into.

"By contrast, when NAT is being performed not just on your router but also on another device that's connected in front of it, you've got double NAT. In this case, the public/private network boundary doesn't exist on your router -- it's on the other device, which means that both the WAN and LAN sides of your router are private networks. The upshot of this is that any UPnP and/or port forwarding you enable on your router is for naught, because incoming remote access requests never make it that far -- they arrive at the public IP address on the other device, where they're promptly discarded."

Glen

If nothing else, I'm learning something.
Muskoka is offline  
Sponsored Links
Advertisement
 
post #17 of 78 (permalink) Old 2013-04-22, 10:55 PM
Veteran
 
Join Date: Jun 2011
Location: 43° N, 81.2° W
Posts: 7,842
Not sure exactly what you want to do. If it's simply controlling the desktop on the R'Pi and it's running one of the Linux distros, a version of VNC will likely work. VNC is usually included or available for Linux distros and is compatible with Windows versions of VNC such as UltraVNC. You will need to set up port forwarding in the router. Since it's internet accessible, it's advisable to set up a secure connection using SSH. Most VNCs provide instructions for this. Simply viewing the desktop will be more secure and should not require SSH.

If the goal is to access monitoring/control software on the R'Pi using client software on Windows then the setup will be different. This will involve less overhead and will be inherently more secure so I would use this method, if available. In any event, make sure a username/password is required to make any modifications to the system.

If two IPs are available, the R'Pi could be connected to the modem using an unmanaged switch. Another option is a DMZ port on the router. This will make access easier but the R'Pi will be more vulnerable to security attacks from the internet. Port forwarding is probably the safer option.
ExDilbert is offline  
post #18 of 78 (permalink) Old 2013-04-22, 11:05 PM
 
Join Date: Mar 2006
Location: Calgary - Shaw phone/internet, OTA attic / Pigeon Lake - CCI Wireless, VoIP.ms, OTA, FTA, LTSS
Posts: 810
My comments below and my previous posts are based on two years experience running a Rogers Rocket Hub to access multiple services at a remote site.

ExDilbert,

Unfortunately, you're just muddying the waters with that post.

What the OP first has to deal with is even reaching his Hub from the Internet. With a cellular hub this is different than a regular cable or DSL ISP. Then he can deal with choosing apps, configuring his services and his port forwarding.

Muskoka,

Research what Bell offers you for the extra 5 or 10 dollars per month.

If you can get a Dynamic DNS client running for you on the Pi, you can probably save yourself 5 dollars per month by using a dynamically updated external address from Bell.
envirogeek is offline  
 
post #19 of 78 (permalink) Old 2013-04-22, 11:13 PM Thread Starter
 
Join Date: Apr 2013
Posts: 57
Guys, I can sort out what to do....once I figure out how to get past this "double nat" problem, if I even can. Once I can access my network from the outside world I'm good, it's getting access that's the problem. It's not just a matter of forwarding ports at my end, that's done, and their invisible to the outside world. I can do whatever I want to open "my" router, it's the "Bell" router that's the problem. It doesn't recognize anything I do at me end.

Glen

This Netgear router has a ton of options. One of them is "Remote Management" and even that doesn't work. No matter what I set on the router, it's not visible to the outside world.
Muskoka is offline  
post #20 of 78 (permalink) Old 2013-04-22, 11:15 PM
 
Join Date: Mar 2006
Location: Calgary - Shaw phone/internet, OTA attic / Pigeon Lake - CCI Wireless, VoIP.ms, OTA, FTA, LTSS
Posts: 810
The Very First Thing You Have To Do Is Pay Bell More Money.
envirogeek is offline  
post #21 of 78 (permalink) Old 2013-04-22, 11:28 PM Thread Starter
 
Join Date: Apr 2013
Posts: 57
They get enough already. I don't think any of those options are available to residential customers, only if you have a business account. I asked a couple years ago about a static ip and was told no, it has to be a business account. They don't offer anything to residential customers, as far as I know.

Glen

Edit: This is from Dyndns site.....

"Check the WAN IP address of your router - if it looks like 10.x.x.x, 192.168.x.x or 172.16.x.x to 172.31.x.x then you have what is known as an RFC1918 IP address (often referred to as private addresses). You will need to contact your ISP to find out how to get a public IP address, or have traffic routed to you. Until that is done you won't be able to get anything else working."

Now I know for sure....oh well.

Last edited by Muskoka; 2013-04-23 at 12:01 AM.
Muskoka is offline  
post #22 of 78 (permalink) Old 2013-04-23, 07:53 AM
Veteran
 
Join Date: May 2009
Location: Mississauga
Posts: 7,868
Quote:
It says all common ports are closed on my 184.XXX.XXX.XXX ip address.
Have you opened any ports on your firewall? If you haven't, you will get that result.

Quote:
This I don't understand, how do I do that?
This indicates you may be biting off more than you can chew. As I understand it, you have one router connected to the internet, and another behind it. NAT means there is a single address on the WAN (Internet) side of the router, which is then converted to a "private" address range. This allows multiple devices to share the one pubic address, but breaks some things in the process. If you have two routers connected you are doing that twice. Normally, a router would not use NAT but simply forward traffic tp/from a subnet with a range of public addresses. This is what I do with IPv6. I have that subnet and I can directly reach, without using NAT, every IPv6 capable device on my network.

Why are you using 2 routers? Do you actually need both? If not, you're adding needless complexity and problems to your project. Also, what address are you getting from Rogers? How does it fit in the picture.

I haven't lost my mind. It's around here...somewhere...
JamesK is offline  
post #23 of 78 (permalink) Old 2013-04-23, 07:55 AM
Veteran
 
Join Date: May 2009
Location: Mississauga
Posts: 7,868
Quote:
You'll have to check some other posts about the Bell dynamic/static offers.
Once he gets DYNDNS resolved, he won't need a static address.

I haven't lost my mind. It's around here...somewhere...
JamesK is offline  
post #24 of 78 (permalink) Old 2013-04-23, 08:02 AM
Veteran
 
Join Date: May 2009
Location: Mississauga
Posts: 7,868
Quote:
Now I know for sure....oh well.
That 184.x.x.x address is not of of those RFC 1918 addresses. What address are you getting from the wireless connection?

I haven't lost my mind. It's around here...somewhere...
JamesK is offline  
post #25 of 78 (permalink) Old 2013-04-23, 11:29 AM Thread Starter
 
Join Date: Apr 2013
Posts: 57
James, I don't have 2 routers, sorry for the confusion. I have one Netgear MVBR1210C router connected to the internet.

Under "Router Status" the "Wireless Broadband Port" ip is 10.xxx.xxx.xxx, it always changes.

When I check my ip online it starts with 184.xxx.xxx.xxx, it always changes as well.

Don't know what other info will help?

Thanks for taking time to help....

Glen
Muskoka is offline  
post #26 of 78 (permalink) Old 2013-04-23, 12:04 PM
Veteran
 
Join Date: May 2009
Location: Mississauga
Posts: 7,868
^^^^
That confirms it then. Your wireless provider is handing out private addresses and using NAT to an address in the 184 range, just as I said Rogers does with the cell network. This means you cannot access anything from elsewhere. However, this is one situation where the 6in4 tunnel I mentioned will work. You install the software on your own computer that connects to the tunnel broker. This does work through NAT. You can then configure your computer as a single address client or subnet router. You then run the same software on the remote computer, in single address mode, to give it an IPv6 address, which you can then use to reach your home network. The software and free tunnel service are available from gogoNET. It's available for Windows, Linux & Mac. To run a subnet, you have to set up an account, beyond the one you use to log onto gogoNET, to register it. You will then have a static IPv6 address to connect to them and also a /56 subnet, which can be used for any IPv6 capable device on your network. The raspberry pi should be able to support IPv6, along with any Windows computer, XP SP3 or later. My suggestion is download the client for Windows and run it in anonymous (not registered) mode to verify you have an IPv6 address, then with a registered account, to get a static IPv6 address and once that works, set up the computer as a router. You should also be able to do this with the raspberry pi, but there's more work involved, as you have to compile the software for your computer.

Once that's all up & running, you can then install the client on the remote system. Here you can run it as an anonymous single address clent to access your home network.

However, I still don't know how you access those devices. Is it via an app on the raspberry pi? Do they support IPv6?

To verify IPv6 is running, you can use a browser to go to ipv6.google.com, which only works over IPv6.

I haven't lost my mind. It's around here...somewhere...
JamesK is offline  
post #27 of 78 (permalink) Old 2013-04-23, 03:44 PM Thread Starter
 
Join Date: Apr 2013
Posts: 57
James, giving this a go. I installed the client utility on my windows 7 laptop and was getting a connection anonymously. There was traffic on the status page.

Now I'm not really sure where to go from there. I signed up for an account, have logged into "montreal" and have an active connection.

I can see all the tunnel information, mode, local endpoint addresses, remote endpoint address, delegated user domain, says I'm connected.

Not to sound dumb, but now what do I need to do at my end. How can I test this, what do I have to do with my local router, anything? Getting close I think. I'll use my phone browser disconnected from my local network and do what?

I couldn't get it to complie in linux, so trying windows first, no raspberry pi.

Glen
Muskoka is offline  
post #28 of 78 (permalink) Old 2013-04-23, 05:08 PM
Veteran
 
Join Date: May 2009
Location: Mississauga
Posts: 7,868
^^^^
Well, try ipv6.google.com to verify you're running IPv6. You can also try http://test-ipv6.com/ to see what your address is. Since you're logging with with your own ID, that address should be static. One thing about Windows 7. Most operating systems these days provide a MAC based address and a random number address. The random number address is the one that's used when you access the Internet, but you need the MAC based, if you want to reliably reach your network, as the random number address will change periodically. Windows 7, by default, uses only the random number address. To enable the MAC based address, you have to do the following:

1) Run Command prompt as Administrator (right click on icon to select)
2) Enter: netsh interface ipv6 set global randomize*identifiers=disabled

In the gogoClient Utility, you should also enable routing advertisements.

After doing that, when you run ipconfig, you should see at least 3 IPv6 addresses assigned to your computer:

1) a link-local address that starts with FE80 and contains your MAC address
2) a MAC based address containing your MAC address
3) at least one random number address. These may accumulate over time, but only one is current. The rest are deprecated, but still functional, for connections that started before the random address changed.

Also, the MAC based addresses will have FF:FE inserted in the middle of the MAC.

You should also see your tunnel addresses on the status tab of the utility.

My subnet experience is only on the Linux version and not Windows, so I'm not sure of all the details on Windows. Also, one thing I forgot to mention earlier is the Windows version has the "HomeAccess" feature, which gives you access to IPv4 devices over the tunnel. Again, I have no experience with this.

So, at this point, make sure you can see all your IPv6 addresses and can connect to IPv6 only sites, such as the ones I mentioned. Once you've done that, see if IPv6 addresses, other than the link-local, appear on other computers on your network. I assume the raspberry pi should do this, as Linux has supported IPv6 for many years. I also get IPv6 addresses on my tablet and smart phone. This will verify that IPv6 routing is working. Also, you may have noticed that gogoNET site has a forum available, where you can ask questions about the client, the service and IPv6 in general.

BTW, you can install an add-in called "showip" in Firefox, which will display the address, IPv6 or IPv4 of the web sites you connect to.

As for the raspberry pi, you may have to ask someone else, about that, as I have no experience with them. Again, you can post your questions in that forum. However, if you're content to leave the Windows computer as your IPv6 router, then you don't have to install the client on the raspberry pi. It should obtain an IPv6 address on the subnet as soon as the tunnel & subnet on the Windows box starts up.

I haven't lost my mind. It's around here...somewhere...
JamesK is offline  
post #29 of 78 (permalink) Old 2013-04-23, 06:50 PM Thread Starter
 
Join Date: Apr 2013
Posts: 57
Well, I was able to ping my home laptop from my phone, not connected to my local wifi, so the connection has been made, yahoo.

Now I have to figure out how to get RealVnc or something similar working so I can gain full desktop access to my laptop. I have the Vnc server running, just don't know how to get in from the phone. I have a vnc viewer on the phone (anrdoid) but no luck yet.

Any ideas....and thank you very much for all the help James.

Glen
Muskoka is offline  
post #30 of 78 (permalink) Old 2013-04-23, 08:43 PM
Veteran
 
Join Date: May 2009
Location: Mississauga
Posts: 7,868
^^^^
How were you able to ping? Does your phone have IPv6?

I don't use VNC. I use XDMCP when at home and just start the app I want, via ssh, when away from home

I haven't lost my mind. It's around here...somewhere...
JamesK is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Canadian TV, Computing and Home Theatre Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome