Question

Recently I have found it not possible to connect to the router via HTTP despite making sure the option is enabled and the firewall is open to HTTP port 80. What is confusing is despite enabling this function, under the status view it indicates that the function is disabled. I am able to retrieve  the public IP via SMS and by ddns however the router fails to respond. The firmware is currently up to date, and I currently cannot reset the router to factory in case I lose the connection to reapply settings. Any advice appreciated. I have attached screenshots of Administration Remote Access Control screen and Remote Access Status screen conflict.

Answer 1

Hello,

Could you check if Enable_HTTP_WAN and Enable_HTTPS_WAN rules are enabled in Network -> Firewall -> Traffic rules?

Best regards,

Comments

Hello ZygimantasBiliu,

Thanks for reply, yes the firewall is open to Wan Http under traffic rules, attached screenshot.

---

Have you managed to solve the issue?

Would it be possible to get a troubleshoot file from your device for deeper investigation? The file can be downloaded from System -> Administration -> Troubleshoot section.

---

No, I still have not been able to connect remotely via HTTP. I think there may be a blocked port on the mobile service provider side, which is strange as the mobile service provider has verified that port 80 is open. I can connect via RMS without issue. I have attached the troubleshoot file.

https://community.teltonika-networks.com/?qa=blob&qa_blobid=14700449786600390452

---

There are many leases from your ISP through your logs starting with 100.x.x.x, your DDNS domain name also resloves to a similar address, which I assume is a CG - NATed address. 

Could login to your device via SSH and check, what is the result of the following command:

• curl ifconfig.co

Or simply check, whether the result of google search with "what is my ip"?, accessing internet via your router's WAN also starts with 100.x.x.x.

---

Thanks for the quick reply. There is an enabled OpenVPN client setup on the router which operates on the 10.100.10.x ip range which I can also connect to without a problem. It is only the direct links where it fails to connect. Even the direct SSH on port 21 fails, however I did connect as requested via RMS and received the IP 41.13.243.51 . I was unable to run a "whatsmyip" from behind the router as I do not have a terminal that can run that command, however the router WAN address reported in the status is different and recorded as 100.97.171.44 at the time. Attached captures of request.

---

In your case, remote HTTP(S) access and DDNS service will not work.

OpenVPN works, because client's instance requires only internet access, it does not need to have a pubic IP.

---

Ok, thanks for the clarification. Just to understand correctly, I would need to disable the openVPN client to allow direct WAN access?

---

You do not have to disable VPN. What you need is a public IP. In many instances it is actually a paid service, and not always provided for private clients. What is currently assigned to you by the ISP, the various addresses from 100.x.x.x pool, comes from your provider's intermediate network, before actually going out to the internet. This is done due to limited amount of publicly routable unique addresses, to increase the number of connections.

---

Thanks, understood. I will refer to the service provider..