WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUTX11 Remote access not working

0 votes
734 views 12 comments
by anonymous
I have a RUTX11 running latest firmware (as of 10/18/2022).  I have enabled remote HTTP access and assigned the port to 8080.  From a remote computer's web browser, I tried to access the RUTX11's webUI with the wan IP reported by the RUTX11 and port 8080 (e.g., xx.xx.xx.xx:8080) and I get a timeout.  I get a different IP address, however, when I use whatismyipaddress.com.  Using that IP address with the port (e.g., yy.yy.yy.yy:8080), I also get a timeout.  I can only access the RUTX11 remotely using Teltonika's RMS interface, but I don't want to have to go that route long term since I don't want to have to generate a special code / signature to get in.  I'm using T-Mobile as my LTE provider.

1) Why can't I access the router's webUI remotely?  Is there some other setting that needs enabled?

2) Why is the IP address reported by the RUTX11 different than whatismyipaddress.com's IP address?

Thanks in advance.
by anonymous
Which APN do you use?

Try Custom APN: internet.t-d1.de

Best regards,

Peter
by anonymous
Hello Peter,

APN is "Auto (fast.t-mobile.com)"

Pardon my ignorance (I've been reading up on APNs, though), but what is the motivation for changing this?

Rory

2 Answers

0 votes
by anonymous

Hello,

Looks like your RUTX11 has a private IPaddress on the wan interface, probably 10.x.y.z or 172.[16..31].x.y or 100.[64..127].x.y so it cannot be reached from the outside these addresses are not routable. The address you see on the whatismyipaddress.com page is the one of some router in your ISP's network not the RUTX11.

Regards,

Best answer
by anonymous
Hello,

29.18.xx.yy  That's not a private IP address, is it?

If that's the WAN IP address, shouldn't I be able to access the RUTX11 remotely?
by anonymous
29.18.x.y is a public address you should be able to reach it from the outside. To check do:

 - on a RUTX11 CLI or ssh console: tcpdump -i wwan0 -n -v 'port 22'

 - try to ssh from an external device.

Do you see something on the tcpdump output ?
by anonymous
I cannot telnet remotely, even though I have "enable remote telnet access" turned on for port 23.

I cannot ssh remotely, even though I have "remote ssh access" turned on for port 22.

Seems I can only access remotely using RMS, which I would like to avoid.  RMS generates these temporary certificates... how is it able to access the router when I can't, even though I have remote access permissions all enabled?
by anonymous

I cannot ssh remotely, even though I have "remote ssh access" turned on for port 22.

If you try, do you see something on the tcpdump console ?

by anonymous
From RMS, I kicked off a telnet session and then launched the tcpdump command.

It showed it was listening.

From a remote machine, I tried to SSH into the 29.18.xx.xx IP address and nothing happened in the tcpdump window.

The SSH on the remote machine timed out and aborted.
by anonymous
It is rather strange that you have a public IPv4 address on the RUTX and a different one on whatismyip.

What is the output of ifconfig wwan0 on the RUTX ?
by anonymous

Here are the results of ifconfig -a:

wwan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  

          inet addr:29.18.174.xx  P-t-P:29.18.174.xx  Mask:255.255.255.255

          inet6 addr: fe80::ce90:4ec4:5b0f:986f/64 Scope:Link

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:3483630 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2060309 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:3738874487 (3.4 GiB)  TX bytes:268762860 (256.3 MiB)

by anonymous
From whois 29.18.174.1 => CIDR:           29.0.0.0/8 and Organization:   DoD Network Information Center (DNIC)

Is that true ? The RUTX is in a .mil network or is there some bad allocation there ?

In what org is the output of whatismayip ?
by anonymous
whois on 29.18.174.26 results in a timeout.

whois on 172.58.60.137 (from whatismyip) also results in a timeout.

Yet RMS can access it just fine.  Do you know what is wrong?
by anonymous
29.18.174.26 is an IP address in a .mil network, or so says whois.

172.58.60.137 belongs to T-Mobile according to the whois database.

So T-Mobile uses internally a public IP address range belonging to someone else to hide customer devices ... What a bunch of morons to remain polite ...

RMS build a VPN between the RUTX and public servers, the 29.x source address is translated by T-Mobile and isn't seen by the servers. From the RMS servers point of view access to the RUT device is in fact access to the other end of a tunnel this is how it works.

Tentative accesses to a 29.x address from the outside go to a .mil router somewhere and are just dropped without further consideration.

So for you the only way out is RMS, ZeroTier or equivalent.
0 votes
by anonymous
Hi Rory,

no Problem. I have the same use case. It is very simple:

Internet.t-d1.de = Public IPv4 = reachable

Auto = public IPv6 = Not reachable

The „normal“ APN block incoming traffic.

I use this in combination with DynDNS to connect from everywhere to my Rutx11. Works perfect.

Best regards,

Peter