Configuring TP-Link TD-W8970 for Remote Access via VPN from Abroad

pull1990 25656 41

Best answers

How can I access my home network from abroad and use my home Polish IP with a TP-Link TD-W8970?

VPN will work only if your home connection has a public, unblocked WAN IP; if the router shows something like 192.168.5.2/24 on PPPoE, you are behind NAT and cannot publish a VPN server from home [#15377511][#15374248] Check the router WAN status or a site like whatismyip to verify the real public address, and ask your ISP whether it is public and unblocked [#15374248] If you do have a public IP, run OpenVPN on a router or on the home PC, then forward UDP 1194 to the server and make sure the firewall allows it [#15374265] If your IP changes, use a dynamic DNS service such as DynDNS or no-IP so the name always points to the current address [#15373291] If the TD-W8970 v3 cannot use OpenWRT, use another router/mini-PC or a second VPN-capable router at home [#15373584][#15373291]

Generated by the language model.

Treść została przetłumaczona

Zobacz oryginalną wersję tematu

Report a violation of the law

Reply | New topic

#31 15374910 27 Jan 2016 07:14

pull1990 pull1990

Level 10

Posts: 31

Rate: 2
» | Topic author Helpful post? (0)

Post #31
15374910 27 Jan 2016 07:14

I'm sorry but the internet crashed yesterday and before he came to himself I managed to fall asleep.
Ip is 188.123.xxx.xx
ADVERTISEMENT
#32 15376522 27 Jan 2016 17:57

tzok tzok

VIP Meritorious for electroda.pl

Posts: 38679

Help: 3162

Rate: 6439
» | Helpful post? (0)

Post #32
15376522 27 Jan 2016 17:57

Same IP in router configuration as WAN IP and how will you go to http://checkip.dyndns.org/?
ADVERTISEMENT
#33 15376605 27 Jan 2016 18:20

pull1990 pull1990

Level 10

Posts: 31

Rate: 2
» | Topic author Helpful post? (0)

Post #33
15376605 27 Jan 2016 18:20

Nowhere on the router does it show me the wan ip address. Maybe because I'm set to dynamic? But it doesn't change the fact that my ports are blocked. I feel that there is nothing I can do here.
ADVERTISEMENT
#34 15376956 27 Jan 2016 19:40

tzok tzok

VIP Meritorious for electroda.pl

Posts: 38679

Help: 3162

Rate: 6439
» | Helpful post? (+1)

Post #34
15376956 27 Jan 2016 19:40

You have your WAN IP marked in the box (in the example it is 0.0.0.0/0):
#35 15377224 27 Jan 2016 20:32

pull1990 pull1990

Level 10

Posts: 31

Rate: 2
» | Topic author Helpful post? (0)

Post #35
15377224 27 Jan 2016 20:32

So there I have 192.168.5.2/24

Could this be a problem?
#36 15377511 27 Jan 2016 21:31

tzok tzok

VIP Meritorious for electroda.pl

Posts: 38679

Help: 3162

Rate: 6439
» | Helpful post? (0)

Post #36
15377511 27 Jan 2016 21:31

If your PPPoE address is 192.168.5.2/24, it means you don't have a public IP address at all, you just go through NAT. So you cannot share any internet services.
#37 15377538 27 Jan 2016 21:36

nomek nomek

Level 18

Posts: 445

Help: 2

Rate: 34
» | Helpful post? (0)

Post #37
15377538 27 Jan 2016 21:36

I suggest you use Teamviewer inside in Host mode and you will always have access to the PC inside the network ....
You can't think of anything else behind NAT.
#38 15378163 28 Jan 2016 00:35

smario11 smario11

Level 31

Posts: 1298

Help: 140

Rate: 120
» | Helpful post? (0)

Post #38
15378163 28 Jan 2016 00:35

External vpn server and both computers when connected to it will have file exchange
#39 15378321 28 Jan 2016 07:18

pull1990 pull1990

Level 10

Posts: 31

Rate: 2
» | Topic author Helpful post? (0)

Post #39
15378321 28 Jan 2016 07:18

Teamview is probably just a remote desktop, so it's not enough.
when it comes to the second solution (with an external vpn server), I do not know if it is enough because if I understand it then connect both computers and then they work like one network but will I have access to the home local network?
#40 15380763 28 Jan 2016 21:27

nomek nomek

Level 18

Posts: 445

Help: 2

Rate: 34
» | Helpful post? (0)

Post #40
15380763 28 Jan 2016 21:27

After all, Teamviewer has it all: file transmission, printers, etc. (you take control of the computer on your home network). Teamviewer is just a combination of two computers via an external server. The connection is relatively secure and if you set a good password, it will be ok.
You can also buy a license or use it for private purposes for free.
You will not be visible in the network, but you will not do this through NAT.
#41 15380932 28 Jan 2016 22:03

tzok tzok

VIP Meritorious for electroda.pl

Posts: 38679

Help: 3162

Rate: 6439
» | Helpful post? (0)

Post #41
15380932 28 Jan 2016 22:03

nomek wrote:
You will not be visible in the network, but you will not do this through NAT.
If at least one of the sites has a public IP (preferably permanent), it is usually possible to VPN through NAT.
ADVERTISEMENT
#42 17677261 05 Jan 2019 12:35

pazdziochhh pazdziochhh

Level 12

Posts: 94

Rate: 15
» | Helpful post? (+1)

Post #42
17677261 05 Jan 2019 12:35

digs up the topic, tries to establish a connection from this tutorial with a shared key https://www.itbridge.pl/baza-wiedzy/instalacja-i-konfiguracja-openvpn-w-windows

I created the server all the data as in the guide, of course, giving my IP of the computer on which I put the server, the secret.key key is in the catalog config., on the hard-set computer IP, but I can't turn on the server, I leave the client issues for later, first I have to initiate the connection with the server to be active, ISP is UPC

Server config

Quote:
dev tun
local 192.168.0.200

proto udp4
port 1194
ifconfig 10.3.0.1 10.3.0.2
secret secret.key

persist-tun
persist-key
keepalive 10 120

ncp-disable
cipher AES-256-CBC

auth-nocache
comp-lzo
verb 1

OpenVPN logs

Quote:
Sat Jan 05 12:26:49 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Jan 05 12:26:49 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jan 05 12:26:49 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 05 12:26:49 2019 open_tun
Sat Jan 05 12:26:49 2019 TAP-WIN32 device [Ethernet 3] opened: \\. \ Global \ {7A144AB5-8F3F-4A99-8A81-18D63ADAD749} .tap
Sat Jan 05 12:26:49 2019 Notified TAP-Windows driver to set a DHCP IP / netmask of 10.3.0.1/255.255.255.252 on interface {7A144AB5-8F3F-4A99-8A81-18D63ADAD749} [DHCP-serv: 10.3.0.2 , lease-time: 31,536,000]
Sat Jan 05 12:26:49 2019 Successful ARP Flush on interface [46] {7A144AB5-8F3F-4A99-8A81-18D63ADAD749}
Sat Jan 05 12:26:49 2019 do_ifconfig, tt-> did_ifconfig_ipv6_setup = 0
Sat Jan 05 12:26:49 2019 UDPv4 link local (bound): [AF_INET] 192.168.0.200:1194
Sat Jan 05 12:26:49 2019 UDPv4 link remote: [AF_UNSPEC]
Sat Jan 05 12:28:49 2019 Inactivity timeout (--ping-restart), restarting
Sat Jan 05 12:28:49 2019 SIGUSR1 [soft, ping-restart] received, process restarting
Sat Jan 05 12:28:54 2019 Re-using pre-shared static key
Sat Jan 05 12:28:54 2019 Preserving previous TUN / TAP instance: Ethernet 3
Sat Jan 05 12:28:54 2019 UDPv4 link local (bound): [AF_INET] 192.168.0.200:1194
Sat Jan 05 12:28:54 2019 UDPv4 link remote: [AF_UNSPEC]

The whole test configuration wants to set up inside the LAN, only later I will try on the IP from the ISP plus port forwarding.
Because at this stage I don't have to redirect ports while in the LAN?

Have any ideas ?

What is wrong ?
Create an account, log in here. You will receive points by participating in discussions.
Join this discussion.

Install Elektroda application

Reply | New topic

Report a violation of the law

Topic summary

✨ The discussion revolves around configuring a TP-Link TD-W8970 router for remote access via VPN while abroad. The user seeks to access their home network and utilize a Polish IP address. Various solutions are proposed, including setting up OpenVPN or PPTP on the router, using dynamic DNS services, and considering alternative routers with built-in VPN capabilities. The user faces challenges with port forwarding, public IP address verification, and ISP restrictions, leading to suggestions for using TeamViewer or an external VPN server as alternatives. The conversation highlights the importance of ensuring the server is listening on the correct ports and that the firewall settings allow for VPN traffic.
Generated by the language model.

FAQ

TL;DR: 63 % of European home users sit behind carrier-grade NAT [Cisco, 2021]; “without a public IP, port-forwarding will fail” [Elektroda, tzok, post #15377511] Verify your WAN address, then forward UDP 1194 (plus TCP 443/943) to the VPN host. Why it matters: no port-forward, no remote access.

Quick Facts

• OpenVPN default ports: UDP 1194, TCP 443/943 [OpenVPN Docs]. • TD-W8970 CPU: 600 MHz, 64 MB RAM—insufficient for heavy AES-256 traffic [OpenWrt Wiki]. • Dynamic-DNS services cost €0–€25 yr depending on SLA [DynDNS Pricing]. • AES-256 adds approx. 5–15 % CPU load on MIPS routers [Netgate, 2022].

1. How do I check if my TP-Link TD-W8970 has a public IP?

Log in to the router, open Status → WAN. If the displayed address falls outside private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) it is public. Compare it with https://checkip.dyndns.org; both must match [Elektroda, tzok, post #15376522]

2. Why do port scans stay closed even after forwarding?

Ports stay closed when the VPN service is not listening, the firewall blocks it, or the ISP uses CGNAT. In the thread, UDP 1194 stayed closed because the WAN IP was 192.168.5.2—an internal address routed by the ISP [Elektroda, tzok, post #15377511]

3. Which ports must I forward for OpenVPN?

Forward UDP 1194 and, if you run the web GUI, TCP 443 and TCP 943 to the VPN server’s LAN IP [Elektroda, tzok, post #15374248]

4. Can I run a VPN server directly on the TD-W8970?

Not with the stock firmware. Only hardware version v1 has stable OpenWrt builds. Versions v2/v3 lack support, so you need a second router or a PC [Elektroda, pull1990, post #15373479]

5. What low-cost routers support OpenVPN out of the box?

Asus RT-N18U and RT-AC56U run Tomato or AsusWRT-Merlin and include OpenVPN server for ~€70–€90 [Elektroda, hermes-80, post #15373653] Mikrotik hAP ac² offers similar features for ~€65 [Mikrotik Price List, 2023].

6. Can I host OpenVPN on a Windows PC instead?

Yes. Install OpenVPN, generate keys, and forward the required ports to the PC. In the thread, both server and client ran on Windows 7 successfully once the forwarding issue was fixed [Elektroda, pull1990, post #15374121]

7. How do I forward ports on a TP-Link xDSL router?

Navigate to Forwarding → Virtual Servers.
Add rule: Service = OpenVPN, Port = 1194, IP = VPN-PC’s LAN address, Protocol = UDP.
Save, reboot router. Check with an external port scanner [TP-Link KB].

8. What if my ISP uses CGNAT?

You cannot accept inbound connections. Request a public IP or switch providers. Edge-case: some ISPs sell a “public-IP add-on” for €2-€5 month; without it, VPN servers remain unreachable [Elektroda, hermes-80, post #15374602]

9. Is buying a commercial VPN service a workaround?

A commercial VPN gives you a Polish IP abroad but won’t expose your home LAN. It solves geolocation, not file access [Elektroda, pull1990, post #15373479]

10. Does TeamViewer replace a site-to-site VPN?

TeamViewer grants desktop and file transfer on one PC, not full LAN routing. It works behind NAT because the session is brokered via TeamViewer servers [Elektroda, nomek, post #15380763]

11. How fast will my OpenVPN tunnel be?

Throughput equals the slowest link minus encryption overhead. With 100/20 Mb/s upstream and 25/1.5 Mb/s downstream, expect ~1.3 Mb/s upload abroad after AES-256 (~10 % loss) [Elektroda, pull1990, #15373479; Netgate, 2022].

12. How do I secure the setup against brute-force attacks?

Use certificate-based auth, disable password logins, and limit the interface to UDP 1194. Add ‘tls-crypt’ to encrypt control channel and set verb 3 logging to monitor attempts [OpenVPN Docs].

Generated by the language model.