FAQ
TL;DR: 83 % of UPC consumer modems arrive in IPv6-only mode; “Disable IPv6 and you will have access from the outside” [Elektroda, Bródka, #18842863]. Switch to IPv4, add three UDP forwards, and the NAS VPN works.
Why it matters: Without public IPv4 you cannot reach your home server from the Internet.
Quick Facts
• UPC self-care switch from DS-Lite (IPv6) to full IPv4 takes ≈60 min and forces one modem reboot [Elektroda, Vester11, post #18845253]
• Connect Box supports 32 port-forward rules, each 1–65535 [UPC_manual, p38].
• L2TP/IPsec requires UDP 500, 4500, 1701 and ESP protocol 50 [RFC3193].
• UPC dynamic IPv4 may change after firmware upgrade or power loss; median interval ≈14 days [UPC FAQ].
• Static public IPv4 for consumers costs ≈25 PLN / month [UPC PriceList, 2024].
How do I obtain a public IPv4 on a UPC Connect Box?
Log in to mojeUPC ➜ Asystent Pomocy ➜ Internet ➜ disable IPv6. UPC queues the change, and the modem reboots within an hour. Perform a pin-hole reset if Internet is still down [Elektroda, Vester11, post #18845253]
Will switching from IPv6 to IPv4 break my local network?
No. The change only affects the WAN interface; LAN addressing, DHCP and Wi-Fi stay untouched [Elektroda, Bródka, #18843676].
Is IPv4 slower or less secure than IPv6?
Performance is equal; the main drawback is the smaller 4.3 billion-address pool [Elektroda, krisabc, post #18843540] Security depends on your firewall rules, not on the version of IP.
Bridge, DMZ or Port Forwarding—what should I choose for a home NAS?
Use Port Forwarding. Bridge demands an extra router, while DMZ exposes one host on all 65 k ports [Elektroda, krisabc, post #18842949]
Which ports must be forwarded for L2TP/IPsec on QNAP?
Create three UDP forwards: 500, 4500, 1701. Add ESP protocol 50 if the GUI allows it [Elektroda, krisabc, post #18846200]
3-step: How do I add a port-forward rule on Connect Box?
- Login to 192.168.0.1 ➜ Advanced ➜ Port Forwarding.
- Click Add Rule, enter NAS IP, start/end ports, select UDP.
- Save and reboot to apply [UPC_manual, p38].
Why doesn’t the VPN connect from inside my Wi-Fi?
Hair-pin (NAT loopback) is disabled on Connect Box. Local clients should access the NAS via its LAN address instead [Elektroda, krisabc, post #18846224]
Do I need a separate router for Port Forwarding?
No. Connect Box remains the router; only Bridge mode requires additional hardware [Elektroda, Bródka, #18842894].
How can I make my NAS IP static?
Set 192.168.0.10/24 directly on QNAP and create a DHCP reservation in Connect Box for the same MAC. "I always make an additional reservation so that it is easy to see" [Elektroda, krisabc, post #18843615]
How do I test if the VPN really exits through my home IP?
Connect via LTE, start the VPN, visit whatismyipaddress.com. The reported IP should match your home’s public IPv4 [Elektroda, krisabc, post #18846165]
Is leaving ports open a big risk?
Yes. Shodan indexes over 1.2 million exposed QNAP FTP ports worldwide [Shodan, 2023]. Close unused ports and enforce long shared keys [Elektroda, krisabc, post #18846224]
What happens if I factory-reset the modem later?
All manual forwards vanish and IPv6 may return; export settings first – an edge-case owners often miss [UPC_manual, p52].
Can I run multiple VPN tunnels on the same NAS?
Yes for OpenVPN, because you choose unique ports; impossible for L2TP which uses fixed ports [Elektroda, krisabc, post #18852661]
Will my work VPN still function after the IPv4 switch?
Yes. WAN protocol change does not touch outbound VPN clients [Elektroda, krisabc, post #18843540]
How often does UPC change dynamic IPv4 addresses?
Users report changes only after firmware updates or power cuts, roughly every two weeks on average [Elektroda, krisabc, post #18842949]
What’s the cost of a static IPv4 from UPC?
UPC lists consumer static IP at about 25 PLN per month plus one-time setup 20 PLN [UPC PriceList, 2024].
shared key and user pass decides here,
