FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12615 questions

14984 answers

23964 comments

46770 members

0 votes
159 views 12 comments
by
I have a RUTX11 running latest firmware (as of 10/18/2022).  I have enabled remote HTTP access and assigned the port to 8080.  From a remote computer's web browser, I tried to access the RUTX11's webUI with the wan IP reported by the RUTX11 and port 8080 (e.g., xx.xx.xx.xx:8080) and I get a timeout.  I get a different IP address, however, when I use whatismyipaddress.com.  Using that IP address with the port (e.g., yy.yy.yy.yy:8080), I also get a timeout.  I can only access the RUTX11 remotely using Teltonika's RMS interface, but I don't want to have to go that route long term since I don't want to have to generate a special code / signature to get in.  I'm using T-Mobile as my LTE provider.

1) Why can't I access the router's webUI remotely?  Is there some other setting that needs enabled?

2) Why is the IP address reported by the RUTX11 different than whatismyipaddress.com's IP address?

Thanks in advance.
by
Which APN do you use?

Try Custom APN: internet.t-d1.de

Best regards,

Peter
by
Hello Peter,

APN is "Auto (fast.t-mobile.com)"

Pardon my ignorance (I've been reading up on APNs, though), but what is the motivation for changing this?

Rory

2 Answers

0 votes
by

Hello,

Looks like your RUTX11 has a private IPaddress on the wan interface, probably 10.x.y.z or 172.[16..31].x.y or 100.[64..127].x.y so it cannot be reached from the outside these addresses are not routable. The address you see on the whatismyipaddress.com page is the one of some router in your ISP's network not the RUTX11.

Regards,

Best answer
by
Hello,

29.18.xx.yy  That's not a private IP address, is it?

If that's the WAN IP address, shouldn't I be able to access the RUTX11 remotely?
by
29.18.x.y is a public address you should be able to reach it from the outside. To check do:

 - on a RUTX11 CLI or ssh console: tcpdump -i wwan0 -n -v 'port 22'

 - try to ssh from an external device.

Do you see something on the tcpdump output ?
by
I cannot telnet remotely, even though I have "enable remote telnet access" turned on for port 23.

I cannot ssh remotely, even though I have "remote ssh access" turned on for port 22.

Seems I can only access remotely using RMS, which I would like to avoid.  RMS generates these temporary certificates... how is it able to access the router when I can't, even though I have remote access permissions all enabled?
by

I cannot ssh remotely, even though I have "remote ssh access" turned on for port 22.

If you try, do you see something on the tcpdump console ?

by
From RMS, I kicked off a telnet session and then launched the tcpdump command.

It showed it was listening.

From a remote machine, I tried to SSH into the 29.18.xx.xx IP address and nothing happened in the tcpdump window.

The SSH on the remote machine timed out and aborted.
by
It is rather strange that you have a public IPv4 address on the RUTX and a different one on whatismyip.

What is the output of ifconfig wwan0 on the RUTX ?
by

Here are the results of ifconfig -a:

wwan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  

          inet addr:29.18.174.xx  P-t-P:29.18.174.xx  Mask:255.255.255.255

          inet6 addr: fe80::ce90:4ec4:5b0f:986f/64 Scope:Link

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:3483630 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2060309 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:3738874487 (3.4 GiB)  TX bytes:268762860 (256.3 MiB)

by
From whois 29.18.174.1 => CIDR:           29.0.0.0/8 and Organization:   DoD Network Information Center (DNIC)

Is that true ? The RUTX is in a .mil network or is there some bad allocation there ?

In what org is the output of whatismayip ?
by
whois on 29.18.174.26 results in a timeout.

whois on 172.58.60.137 (from whatismyip) also results in a timeout.

Yet RMS can access it just fine.  Do you know what is wrong?
by
29.18.174.26 is an IP address in a .mil network, or so says whois.

172.58.60.137 belongs to T-Mobile according to the whois database.

So T-Mobile uses internally a public IP address range belonging to someone else to hide customer devices ... What a bunch of morons to remain polite ...

RMS build a VPN between the RUTX and public servers, the 29.x source address is translated by T-Mobile and isn't seen by the servers. From the RMS servers point of view access to the RUT device is in fact access to the other end of a tunnel this is how it works.

Tentative accesses to a 29.x address from the outside go to a .mil router somewhere and are just dropped without further consideration.

So for you the only way out is RMS, ZeroTier or equivalent.
0 votes
by
Hi Rory,

no Problem. I have the same use case. It is very simple:

Internet.t-d1.de = Public IPv4 = reachable

Auto = public IPv6 = Not reachable

The „normal“ APN block incoming traffic.

I use this in combination with DynDNS to connect from everywhere to my Rutx11. Works perfect.

Best regards,

Peter