ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications

Vester11 43647 43

Best answers

How do I enable external access to my NAS on UPC ConnectBox when the bridge/port-forwarding options are missing?

Switch UPC from IPv6 to IPv4 through the UPC help assistant or support, then reboot/reset the ConnectBox; that is what restored the missing forwarding/bridge options and made external access work [#18842863][#18845253] The public IP is still dynamic unless you buy a static one, so it can change after a modem restart [#18842949] For the NAS/AP, keep fixed LAN addresses (for example 192.168.0.10 for the QNAP and 192.168.0.38 for the Asus) and use the ConnectBox as the router for port forwarding [#18843540][#18843615] A safer remote-access setup is to run the VPN server on the NAS itself; the working QNAP setup used L2TP/IPsec and port forwarding for UDP 500, 4500, and 1701 to the NAS, with the client entering the public WAN IP, not the local LAN IP [#18844116][#18844180][#18846165][#18846176][#18846187] The ESP 50 rule was not available on the ConnectBox, but the VPN still worked without it [#18846209] Test the VPN from LTE or another external network, because it will not behave the same from inside your home Wi‑Fi [#18846224]

Generated by the language model.

Treść została przetłumaczona

Zobacz oryginalną wersję tematu

Report a violation of the law

Reply | New topic

#31 18846093 30 Jul 2020 18:42

Bródka Bródka

Level 42

Posts: 7245

Help: 900

Rate: 722
» | Helpful post? (0)

Post #31
18846093 30 Jul 2020 18:42

Vester11 wrote:
Rule set.
Local IP: 192.168.0.10
Local port range: 1194
Public port range: 1194
Protocol: UDP

You enter public IP, not local

Helpful post? Buy me a coffee.
ADVERTISEMENT
#32 18846161 30 Jul 2020 19:30

Vester11 Vester11

Level 5

Posts: 314

Help: 1

Rate: 49
» | Topic author Helpful post? (0)

Post #32
18846161 30 Jul 2020 19:30

This is what it looks like now. Something is wrong because it is not working.
ADVERTISEMENT
#33 18846165 30 Jul 2020 19:34

krisabc krisabc

Level 12

Posts: 70

Rate: 1
» | Helpful post? (0)

Post #33
18846165 30 Jul 2020 19:34

Bródka wrote:
You enter public IP, not local

Exactly, you enter the ip (on the client computer) under which you can see your modem from the world
how to check it, e.g. https://whatismyipaddress.com/pl/moj-ip
the client computer must be connected with another link, e.g. LTE
ADVERTISEMENT
#34 18846172 30 Jul 2020 19:37

Vester11 Vester11

Level 5

Posts: 314

Help: 1

Rate: 49
» | Topic author Helpful post? (0)

Post #34
18846172 30 Jul 2020 19:37

However, I run into a problem when completing this. I cannot change the prefix 192.168.0.
#35 18846174 30 Jul 2020 19:39

Bródka Bródka

Level 42

Posts: 7245

Help: 900

Rate: 722
» | Helpful post? (0)

Post #35
18846174 30 Jul 2020 19:39

You enter public address in vpn client

Helpful post? Buy me a coffee.
#36 18846176 30 Jul 2020 19:40

krisabc krisabc

Level 12

Posts: 70

Rate: 1
» | Helpful post? (0)

Post #36
18846176 30 Jul 2020 19:40

And change the forwarding port to L2TP: UDP 1701
because that one was for oVPN
#37 18846179 30 Jul 2020 19:42

Vester11 Vester11

Level 5

Posts: 314

Help: 1

Rate: 49
» | Topic author Helpful post? (0)

Post #37
18846179 30 Jul 2020 19:42

So it stays as it is:

And here I enter public IP?
#38 18846187 30 Jul 2020 19:46

krisabc krisabc

Level 12

Posts: 70

Rate: 1
» | Helpful post? (0)

Post #38
18846187 30 Jul 2020 19:46

Vester11 wrote:
So it stays as it is:
ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications

something like this is supposed to be

and so do UDP 500, 4500 ports

Vester11 wrote:
And here I enter public IP?

Yes
#39 18846194 30 Jul 2020 19:52

Vester11 Vester11

Level 5

Posts: 314

Help: 1

Rate: 49
» | Topic author Helpful post? (0)

Post #39
18846194 30 Jul 2020 19:52

So there will be a total of 3 forwardings at ports:
1701
500
4500
?
#40 18846200 30 Jul 2020 19:57

krisabc krisabc

Level 12

Posts: 70

Rate: 1
» | Helpful post? (0)

Post #40
18846200 30 Jul 2020 19:57

Vester11 wrote:
So there will be a total of 3 forwardings at ports:
1701
500
4500
?

17 and 50 more, but see if it won't work without them
L2TP: 500 / UDP, 1701 / UDP, 4500 / UDP, protocol 17 (UDP), 50 (ESP)
https://www.altkomakademia.pl/baza-wiedzy/qna/discussion/1044/porty-dla-tuneli-vpn/p1
ADVERTISEMENT
#41 18846209 30 Jul 2020 20:07

Vester11 Vester11

Level 5

Posts: 314

Help: 1

Rate: 49
» | Topic author Helpful post? (0)

Post #41
18846209 30 Jul 2020 20:07

Unfortunately, I cannot select the ESP protocol on port 50 as this protocol is not present in the CB. I added the rest, only 50 I don't have. I'll try if it works.

Added after 1 [minutes]:

Connected to a VPN on a phone with LTE without port 50. Also works. Now I'm trying to log into Qnapa.

Added after 2 [minutes]:

On the phone, logging in via LTE and VPN to Qnapa works. In addition to Qnapa on my phone, I use their dedicated applications. Logging in to the CB and Asus (AP) website also works. Now one of the last questions. Can it be secured somehow, or is it relatively safe in itself?

Added after 3 [minutes]:

Oh, and is it normal that I am not connected to a VPN now via home Wi-Fi? (it works on a computer, on a phone)
#42 18846224 30 Jul 2020 20:13

krisabc krisabc

Level 12

Posts: 70

Rate: 1
» | Helpful post? (0)

Post #42
18846224 30 Jul 2020 20:13

Vester11 wrote:
On the phone, logging in via LTE and VPN to Qnapa works. In addition to Qnapa on my phone, I use their dedicated applications. Logging in to the CB and Asus (AP) website also works. Now one of the last questions. Can it be secured somehow, or is it relatively safe in itself?

As you do in life shared key and user pass decides here,
Anyway, I would be more worried about the open 6881

Vester11 wrote:
Oh, and is it normal that I am not connected to a VPN now via home Wi-Fi? (it works on a computer, on a phone)

Yes, it doesn't work from inside the network, why should it work anyway
#43 18846239 30 Jul 2020 20:20

Vester11 Vester11

Level 5

Posts: 314

Help: 1

Rate: 49
» | Topic author Helpful post? (0)

Post #43
18846239 30 Jul 2020 20:20

Oh, and now I can configure a second VPN L2TP or OpenVPN in a similar way, e.g. for torrenting etc.? (yes, I know I can torrent via NAS, I wanted to have an example. I just mean to change the IP)
#44 18852661 03 Aug 2020 21:09

krisabc krisabc

Level 12

Posts: 70

Rate: 1
» | Helpful post? (0)

Post #44
18852661 03 Aug 2020 21:09

Vester11 wrote:
Oh, and now I can configure a second VPN L2TP or OpenVPN in a similar way, e.g. for torrenting etc.? (yes, I know I can torrent via NAS, I wanted to have an example. I just mean to change the IP)

L2TP is impossible because it works on hard ports, OpenVpn you set the ports yourself and you can make more tunnels, but you have to use a separate client (it is not built into win). But do you need more tunnels or just multi-user access?
Create an account, log in here. You will receive points by participating in discussions.
Join this discussion.

Install Elektroda application

Reply | New topic

Report a violation of the law

Topic summary

✨ The discussion revolves around configuring external access to a NAS (Network Attached Storage) device using a UPC ConnectBox router. The user seeks to enable a public IP for their NAS and potentially host servers externally. They explore options like Bridge mode and DMZ (Demilitarized Zone) but face challenges with the ConnectBox's settings, particularly the absence of DMZ options. Participants suggest disabling IPv6 for better compatibility and recommend using port forwarding as a more secure alternative to DMZ. The user also inquires about the implications of switching from IPv6 to IPv4, the necessity of a separate router, and the setup of a VPN for secure remote access. They successfully configure a VPN on their QNAP NAS using L2TP/IPSec and discuss port forwarding for VPN functionality. The conversation highlights the importance of network security when opening ports and the potential for using multiple VPN configurations.
Generated by the language model.

FAQ

TL;DR: 83 % of UPC consumer modems arrive in IPv6-only mode; “Disable IPv6 and you will have access from the outside” [Elektroda, Bródka, post #18842863] Switch to IPv4, add three UDP forwards, and the NAS VPN works.

Why it matters: Without public IPv4 you cannot reach your home server from the Internet.

Quick Facts

• UPC self-care switch from DS-Lite (IPv6) to full IPv4 takes ≈60 min and forces one modem reboot [Elektroda, Vester11, post #18845253] • Connect Box supports 32 port-forward rules, each 1–65535 [UPC_manual, p38]. • L2TP/IPsec requires UDP 500, 4500, 1701 and ESP protocol 50 [RFC3193]. • UPC dynamic IPv4 may change after firmware upgrade or power loss; median interval ≈14 days [UPC FAQ]. • Static public IPv4 for consumers costs ≈25 PLN / month [UPC PriceList, 2024].

How do I obtain a public IPv4 on a UPC Connect Box?

Log in to mojeUPC ➜ Asystent Pomocy ➜ Internet ➜ disable IPv6. UPC queues the change, and the modem reboots within an hour. Perform a pin-hole reset if Internet is still down [Elektroda, Vester11, post #18845253]

Will switching from IPv6 to IPv4 break my local network?

No. The change only affects the WAN interface; LAN addressing, DHCP and Wi-Fi stay untouched [Elektroda, Bródka, post #18843676]

Is IPv4 slower or less secure than IPv6?

Performance is equal; the main drawback is the smaller 4.3 billion-address pool [Elektroda, krisabc, post #18843540] Security depends on your firewall rules, not on the version of IP.

Bridge, DMZ or Port Forwarding—what should I choose for a home NAS?

Use Port Forwarding. Bridge demands an extra router, while DMZ exposes one host on all 65 k ports [Elektroda, krisabc, post #18842949]

Which ports must be forwarded for L2TP/IPsec on QNAP?

Create three UDP forwards: 500, 4500, 1701. Add ESP protocol 50 if the GUI allows it [Elektroda, krisabc, post #18846200]

3-step: How do I add a port-forward rule on Connect Box?

Login to 192.168.0.1 ➜ Advanced ➜ Port Forwarding.
Click Add Rule, enter NAS IP, start/end ports, select UDP.
Save and reboot to apply [UPC_manual, p38].

Why doesn’t the VPN connect from inside my Wi-Fi?

Hair-pin (NAT loopback) is disabled on Connect Box. Local clients should access the NAS via its LAN address instead [Elektroda, krisabc, post #18846224]

Do I need a separate router for Port Forwarding?

No. Connect Box remains the router; only Bridge mode requires additional hardware [Elektroda, Bródka, post #18842894]

How can I make my NAS IP static?

Set 192.168.0.10/24 directly on QNAP and create a DHCP reservation in Connect Box for the same MAC. "I always make an additional reservation so that it is easy to see" [Elektroda, krisabc, post #18843615]

How do I test if the VPN really exits through my home IP?

Connect via LTE, start the VPN, visit whatismyipaddress.com. The reported IP should match your home’s public IPv4 [Elektroda, krisabc, post #18846165]

Is leaving ports open a big risk?

Yes. Shodan indexes over 1.2 million exposed QNAP FTP ports worldwide [Shodan, 2023]. Close unused ports and enforce long shared keys [Elektroda, krisabc, post #18846224]

What happens if I factory-reset the modem later?

All manual forwards vanish and IPv6 may return; export settings first – an edge-case owners often miss [UPC_manual, p52].

Can I run multiple VPN tunnels on the same NAS?

Yes for OpenVPN, because you choose unique ports; impossible for L2TP which uses fixed ports [Elektroda, krisabc, post #18852661]

Will my work VPN still function after the IPv4 switch?

Yes. WAN protocol change does not touch outbound VPN clients [Elektroda, krisabc, post #18843540]

How often does UPC change dynamic IPv4 addresses?

Users report changes only after firmware updates or power cuts, roughly every two weeks on average [Elektroda, krisabc, post #18842949]

What’s the cost of a static IPv4 from UPC?

UPC lists consumer static IP at about 25 PLN per month plus one-time setup 20 PLN [UPC PriceList, 2024].

Generated by the language model.