logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications

Vester11 43677 43
Best answers

How do I enable external access to my NAS on UPC ConnectBox when the bridge/port-forwarding options are missing?

Switch UPC from IPv6 to IPv4 through the UPC help assistant or support, then reboot/reset the ConnectBox; that is what restored the missing forwarding/bridge options and made external access work [#18842863][#18845253] The public IP is still dynamic unless you buy a static one, so it can change after a modem restart [#18842949] For the NAS/AP, keep fixed LAN addresses (for example 192.168.0.10 for the QNAP and 192.168.0.38 for the Asus) and use the ConnectBox as the router for port forwarding [#18843540][#18843615] A safer remote-access setup is to run the VPN server on the NAS itself; the working QNAP setup used L2TP/IPsec and port forwarding for UDP 500, 4500, and 1701 to the NAS, with the client entering the public WAN IP, not the local LAN IP [#18844116][#18844180][#18846165][#18846176][#18846187] The ESP 50 rule was not available on the ConnectBox, but the VPN still worked without it [#18846209] Test the VPN from LTE or another external network, because it will not behave the same from inside your home Wi‑Fi [#18846224]
Generated by the language model.
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Report a violation of the law
Reply | New topic
  • #1 18842826
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    Hello,
    After fixing my local network, the topic of my NAS that I forgot came back. Everything works fine on the local network.
    In addition, I wanted external access to this NAS and the possibility of hosting the server / s (also with external access).
    Without going into details - Public IP.
    I have Internet from UPC (500/30). I looked in the contract - for each package it applies one public IP address.
    Cool, now just configuration and lux! A few settings and that's it. Good joke...
    Moving on - I looked for instructions on the UPC website. I found the answer in this link https://pytania.upc.pl/?q=fact_1007314
    In short - a little linden. I had 2 options - Bridge mode in ConnectBox or DMZ (port forwarding).
    I wanted to try with the easier option, the DMZ. I have logged into CB a dozen or so times, but nowhere have I seen the option to enable DMZ.
    I saw a link from on the same page instruction . I walked in and my eyes saw a multitude of options that I do not have. It's probably a matter of UPC's slow removal or blocking of options.
    Another concept emerged. Namely, that these options appear after switching the CB to the bridge mode, but I quickly denied it, because the CB control panel does not even have the option to switch it to the bridge mode. Thus, the second option dropped out.
    Scary lime ...
    One more thing. In this entry, UPC says that it does not block ports, eg 21, 80. For me, they are blocked.

    Now the question is:
    How to get a public IP in the current situation?
  • ADVERTISEMENT
  • #2 18842863
    Bródka
    Level 42  
    Posts: 7245
    Help: 900
    Rate: 722
    Vester11 wrote:
    Bridge mode in ConnectBox or DMZ (port forwarding).

    Log in to your account on upc.pl - enter help - https://www.upc.pl/mojeupc/asystent-pomocy
    Internet -> No connection to VPN, network games, no Bridge option, No Port Forwarding option - the assistant should disable IPv6 and then you will have access from the outside
    Better bridge mode than DMZ
    Vester11 wrote:
    One more thing. In this entry, UPC says that it does not block ports, eg 21, 80. For me, they are blocked.

    And what service is broadcasting on these ports?
    Helpful post? Buy me a coffee.
  • #3 18842881
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    No, nothing is broadcasting on these ports yet. I have to hold off a bit with the bridg because I would have to buy a router. And how is the bridge to a landline phone?
  • ADVERTISEMENT
  • #4 18842894
    Bródka
    Level 42  
    Posts: 7245
    Help: 900
    Rate: 722
    Vester11 wrote:
    No, nothing is broadcasting on these ports yet.

    Well, even if the ports are open, nothing will answer - opening a port is one thing, and broadcasting on this port is another
    Vester11 wrote:
    I have to hold off a bit with the bridg because I would have to buy a router.

    Both bridge and dmz require a router - you do not give dmz to the end computer or other device than the router because you are open to the world
    Vester11 wrote:
    And how is the bridge to a landline phone?

    It should work, but I'm not sure - ask the operator
    Helpful post? Buy me a coffee.
  • #5 18842914
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    Oh and one more thing. Will IPv4 have a negative impact on the overall performance of the network instead of IPv6?
  • #6 18842949
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Quote:

    # 1 28 Jul 2020 20:39
    Hello,
    After fixing my local network, the topic of my NAS that I forgot came back. Everything works fine on the local network.
    In addition, I wanted external access to this NAS and the possibility of hosting the server / s (also with external access).
    Without going into details - Public IP.
    I have Internet from UPC (500/30). I searched the contract - there is one public IP address for each packet.

    you just have to remember that this is a variable IP, it may change after restarting / updating the modem. Fortunately, this happens relatively rarely.
    External static IP service can be purchased separately (used to be only for companies, I don't know how now)
    Quote:

    Cool, now just configuration and lux! A few settings and that's it. Good joke...
    Moving on - I looked for instructions on the UPC website. I found the answer in this link https://pytania.upc.pl/?q=fact_1007314
    In short - a little linden. I had 2 options - Bridge mode in ConnectBox or DMZ (port forwarding).
    I wanted to try with the easier option, the DMZ. I have logged into CB a dozen or so times, but nowhere have I seen the option to enable DMZ.
    I saw the link with the instruction on the same page. I walked in and my eyes saw a multitude of options that I do not have. It's probably a matter of UPC's slow removal or blocking of options.

    Switching to Bridge mode will not be appropriate in this situation, you would have to put up a separate router / firewall behind the modem to filter traffic, etc.
    DMZ mode will also not be appropriate, because in it you open all ports for a specific host in your network.
    The best and simplest is port forwarding, in the modem menu you should have the option as shown in the picture
    ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications
    If you cannot see such a tab, you most likely have IP6 and as he wrote Goatee it must be changed either on your own (via the UPC website) or by contacting the phone

    Added after 1 [minutes]:

    Vester11 wrote:
    Oh and one more thing. Will IPv4 have a negative impact on the overall performance of the network instead of IPv6?

    There is not practically more important
  • #7 18843012
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    Tomorrow I will handle the change from IPv6 to IPv4.

    I just have a few questions:
    1) Is IPv4 anyway worse than IPv6? [As you wrote while writing this post] - Practically and purely theoretically? There is definitely a smaller pool of IP addresses with IPv4. Anything else?

    2) Will I have to reconfigure my NAS AP and IP after changing from IPv6 to IPv4? Does this change require a router restart?

    3) I am not privy to this, but will VPNs (from work, because I have household members who now work remotely and have vpny), will work and will this change not affect e.g. the configuration of new devices and other network interfaces?

    4) Does port forwarding require any additional router / device? [/ Td]
  • #8 18843540
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    1) Is IPv4 anyway worse than IPv6? [As you wrote while writing this post] - Practically, but purely theoretically? There is definitely a smaller pool of IP addresses with IPv4. Anything else?

    It is not worse, IP6 was created in connection with the ending pool of IP4, you can read the rest, e.g. here https://pl.wikipedia.org/wiki/IPv6
    Vester11 wrote:
    2) Will I have to reconfigure my NAS AP and IP after changing from IPv6 to IPv4? Does this change require a router restart?

    What are your current addresses on the internal network, NAS, computers, etc.
    AP is a different device than ConnectBox?
    Do you have a router besides ConnectBox? ConnectBox will definitely need a restart,
    Vester11 wrote:
    3) I am not privy to this, but will VPNs (from work, because I have household members who now work remotely and have vpny), will work and will this change not affect e.g. the configuration of new devices and other network interfaces?

    Again, the question of internal network addressing, VPNs should not be affected
    Vester11 wrote:
    4) Does port forwarding require any additional router / device?

    ConnectBox is still the router in this option
  • #9 18843590
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    As for computers, after CB reboot, their network card will change what it needs.
    I only mean NAS and AP. The AP is an AccesPoint router at the other end of the apartment, except for the CB where there was no longer coverage.

    US: Qnap TS-251A IP: 192.168.0.10
    AP: Asus RT-AC1200G + IP: 192.168.0.38
  • #10 18843615
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    As for computers, after CB reboot, their network card will change what it needs.
    I only mean NAS and AP. The AP is an AccesPoint router at the other end of the apartment, except for the CB where there was no longer coverage.

    US: Qnap TS-251A IP: 192.168.0.10
    AP: Asus RT-AC1200G + IP: 192.168.0.38

    So you have IP4 on the internal network, they get them from DHCP or do you have static entry? enter statically in Qnap and Asus and you will be sure that they will always be at this address, I always make an additional reservation in DHCP (router, CB) so that it is easy to see what is at what address
  • ADVERTISEMENT
  • #11 18843639
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    Okay, I will. In the evening I will change IPv6 to IPv4, when the work is finished and the temporary unavailability of the Internet will not bother me.
    Any more advice on these changes?

    So far, I am not closing, because the change is still ahead of me and port forwarding too.
  • #12 18843656
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    Okay, I will. In the evening I will change IPv6 to IPv4, when the work is finished and the temporary unavailability of the Internet will not bother me.
    Any more advice on these changes?

    General advice, think about it are you sure you need it each opening of ports is an increased vulnerability to network attacks,
    you will probably want to open ftp ports for Qnap and some other (what?), ConnectBox-only firewall is a weak solution in my opinion, I have a pfsense-based router / firewall behind the CB, I would not decide on the CB itself. While on the other hand you will see how it works, you can always disable redirection and return to the previous state.
  • #13 18843676
    Bródka
    Level 42  
    Posts: 7245
    Help: 900
    Rate: 722
    IPv6 only affects the change to the operator modem. Nothing will change inside the network
    krisabc wrote:
    General advice, think if you really need it? each opening of ports increases the vulnerability to network attacks

    Bot attacks are open or not all the time
    krisabc wrote:
    a firewall based only on ConnectBox is a weak solution in my opinion

    This is a private user, not a company where the IP is more "known" - just put a VPN on the router, open one port for the tunnel and the security is ensured at a high level for a home user
    Helpful post? Buy me a coffee.
  • #14 18843712
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Bródka wrote:
    IPv6 only affects the change to the operator modem. Nothing will change inside the network

    krisabc wrote:
    General advice, think if you really need it? each opening of ports increases the vulnerability to network attacks

    Bot attacks are open or not all the time

    It's true that when the ports are closed, nothing happens (unless the CB has some unpatched vulnerability), and when he opens ftp to Qnap, it's worse.
    Bródka wrote:

    This is a private user, not a company where the IP is more "known" - just put a VPN on the router, open one port for the tunnel and the security is ensured at a high level for a home user

    The scanning covers entire pools anyway, so it does not matter whether the company or not, see e.g. at https://www.shodan.io/, I agree that best solution there is a VPN to make just not based on PPTP :-) OpenVPN or L2TP / IPsec only
  • #15 18843737
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    This is what my network + Wi-Fi devices look like at this point. How to connect the NAS to a VPN in this setting? Maybe a hickey?
    ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications
  • #16 18843777
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    This is what my network + Wi-Fi devices look like at this point. How to connect the NAS to a VPN in this setting? Maybe a hickey?

    You do not need anything, if you do a VPN, then by connecting from outside your home, e.g. with a loptop, it will get access to the entire home network as if you plugged it into your switch at home.
  • #17 18843781
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    I expressed myself wrong.
    So how do you make a VPN here?
  • #18 18843805
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    I expressed myself wrong.
    So how do you make a VPN here?

    You need to configure the VPN server on CB and configure the client on the computer you want to use "city"
    in the CB manual they write "Virtual Private Network (VPN), pass-through operations with IPSec, PPTP, L2TP support for secure remote connection of computers over the Internet." but there is no written how to do this, maybe there is another instruction? call UPC with a question. Now I won't check, until tonight on my CB.
  • #19 18843856
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    From what I was looking at, there is nothing about VPN in the manual or CB options.
  • #20 18843875
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    From what I was looking at, there is nothing about VPN in the manual or CB options.

    Well that's bad, but call UPC and ask
  • #21 18844006
    makosuu
    Network and Internet specialist
    Posts: 2984
    Help: 369
    Rate: 370
    The equipment from the operator will rather not have a VPN server, maybe you can run it on a NAS.
  • #22 18844116
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    As for the VPN on CB. The manual says that CB VPN supports it, but I don't think you can set the VPN server version on it.
    On the other hand, the NAS even has a dedicated application for VPNs - QVPN Service 2. There are many options - OpenVPN, QBelt, PPTP, L2TP / IPSec. It is also probably not too bad. Below are some screenshots. ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications

    Added after 39 [minutes]:

    Okay, I'm successful. I set up a L2TP / IPSec VPN on this NAS and ... it works! (I did a bit of a blur. I don't know if some things are right, but the cautious one is always insured ...)
    ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications
    ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications

    That's enough, or was it not? Then the next step is IPv4 and port forwarding?
  • #23 18844180
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    That's enough, or was it not? Then the next step is IPv4 and port forwarding?

    This is ok.Now port redirection on CB (UDP 1194) on QNAP and external testing, only set a good (complicated and long) Shared Key
  • ADVERTISEMENT
  • #24 18844229
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    Okay, but it's only in the evening, as on my UPC website, I will change it, because I can't restart CB yet.
    Are there any ways to test this VPN (some ip checkers or something)? I want to make sure it works well.
    As for redirecting, it is step by step:
    1) I log in to the CB (after changing to IPv4) and enter port forwarding.
    2) Adding a rule (not sure with ports)

    Local IP address: 192.168.0.10
    Starting LAN Port: 1194
    Ending LAN Port: 1194
    Public network starting port:?
    Public Network End Port:?
    Protocol: UDP

    I took the information from instructions (page 38).

    In addition, there is also a port triggering option, which detects when something is broadcast on a given port and only opens it. Is it safer? (It is in the manual)

    Oh, and from Google I found a shared key generator for these passwords
    https://cloud.google.com/network-connectivity/docs/vpn/how-to/generating-pre-shared-key
  • #25 18844286
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    Local IP address: 192.168.0.10
    Starting LAN Port: 1194
    Ending LAN Port: 1194
    Public network starting port:?
    Public Network End Port:?
    Protocol: UDP

    as final also 1194
    Vester11 wrote:
    In addition, there is also a port triggering option, which detects when something is broadcast on a given port and only opens it. Is it safer? (It is in the manual)

    first fire on the standard redirect, then you can see the trigger with small steps :-)

    You will probably have to change the address range in the tab
    ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications on compatible with your network, i.e. 192.168.0.50 - 192.168.0.55 otherwise you will not leave Qnap, it will come out in the wash :-)
  • #26 18844526
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    However, I still have some problems with the VPN. Using the IP checker, it shows the same IP address with and without a VPN connected.
    I want to check the option with the NAS connected as a client, because I think it should be so.
    When configuring the client connection on the NAS, a warning pops up about the server reserving IP addresses from 10.2.0.0/24 and possible IP address conflicts.
    Will changing the VPN server's IP address range from 10.2.0.2-10.2.0.254 to 10.3.0.2-10.3.0.254 fix this problem?
  • #27 18844604
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    However, I still have some problems with the VPN. Using the IP checker, it shows the same IP address with and without a VPN connected.

    The VPN connection you have configured on the client creates a virtual network card that gets the address from the VPN, the address of the physical card is not changed. Addresses for individual network cards on the client can be checked with the command ipconfig / all (in CMD / powershel)
    Vester11 wrote:
    I want to check the option with the NAS connected as a client, because I think it should be so.

    It probably won't work that way. The client "dialing in" to the server, if it authenticates correctly, a VPN tunnel is established.
    Vester11 wrote:
    When configuring the client connection on the NAS, a warning pops up about the server reserving IP addresses from 10.2.0.0/24 and possible IP address conflicts.
    Will changing the VPN server's IP address range from 10.2.0.2-10.2.0.254 to 10.3.0.2-10.3.0.254 fix this problem?

    Leave it alone for now, taking small steps because it's easier to see what's not working.
    The next step is to check if it connects "from the city", the next one if you can see resources from Qnapa, the next one if you can connect to e.g. Asus.
  • #28 18844622
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    After connecting via VPN and checking cmd ipconfig / all, it is correct what you said:
    I have 2 options that are connected.

    PPP adapter NAS160DAA:

    Connection-specific DNS Suffix. :
    Description. . . . . . . . . . . : NAS160DAA
    Physical Address. . . . . . . . . :
    DHCP Enabled. . . . . . . . . . . : No.
    Autoconfiguration Enabled. . . . : Yes
    IPv4 Address. . . . . . . . . . . : 10.2.0.2 (Preferred)
    Subnet Mask. . . . . . . . . . . : 255.255.255.255
    Default Gateway. . . . . . . . . : 0.0.0.0
    DNS Servers. . . . . . . . . . . : 10.2.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Wireless LAN Wi-Fi adapter:

    Connection-specific DNS Suffix. : home
    Description. . . . . . . . . . . : Intel (R) Dual Band Wireless-AC 3160
    Physical Address. . . . . . . . . : 00-1E-64-CE-02-F7
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled. . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2a02: a310: 465: 6500: fd89: 3ee2: 4d5a: 33be (Preferred)
    Temporary IPv6 Address. . . . . . : 2a02: a310: 465: 6500: bc58: d034: a79b: 1f21 (Preferred)
    Link-local IPv6 Address. . . . . : fe80 :: fd89: 3ee2: 4d5a: 33be% 4 (Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.0.150 (Preferred)
    Subnet Mask. . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Wednesday, 29 July 2020 11:54:35
    Lease Expires. . . . . . . . . . : Thursday, July 30, 2020 6:51:33 PM
    Default Gateway. . . . . . . . . : fe80 :: 362c: c4ff: fe93: 739% 4
    192.168.0.1
    DHCP Server. . . . . . . . . . . : 192.168.0.1
    DHCPv6 IAID. . . . . . . . . . . : 67116644
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-A3-41-94-1C-39-47-40-00-99
    DNS Servers. . . . . . . . . . . : 2001: 730: 3ed2: 1000 :: 53
    2001: 730: 3ed2 :: 53
    192.168.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    My guess is that the former is a VPN, the latter is a network from Asus.

    How long does it take to change IPv6 through the UPC website? And does it require some kind of chat with a consultant or other hotline?

    Added after 4 [minutes]:

    Oh, and will changing the option in Asus "Get LAN address automatically" to not make this address static? Leave DNS automatically or give some cloudflare?
  • #29 18845221
    krisabc
    Level 12  
    Posts: 70
    Rate: 1
    Vester11 wrote:
    My guess is that the former is a VPN, the latter is a network from Asus.

    the first is VPN and the second is CB
    Vester11 wrote:
    How long does it take to change IPv6 through the UPC website? And does it require some kind of chat with a consultant or other hotline?

    I have no idea, I have always had IP4 :-)
    Vester11 wrote:
    Oh, and will changing the option in Asus "Get LAN address automatically" to not make this address static? Leave DNS automatically or give some cloudflare?

    Yes, but enter the same IP address as you have now (192.168.0.38), dns can be given from google, UPC, cloudflare depending on how much you can enter
  • #30 18845253
    Vester11
    Level 5  
    Posts: 314
    Help: 1
    Rate: 49
    On Asus, I just toggle the option, filling the windows stays okay.
    When I set up statica on NAS, I gave 9.9.9.9 and some cloudflare as DNS.
    I plan to change IPv6 for today around 19-20.

    Added after 7 [hours] 37 [minutes]:

    IP on Asus changed to statics. Now it's time for IPv4
    ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications

    Added after 10 [minutes]:

    I have already applied for my upc to opt out of IPv6 and they are supposed to change it within an hour. They wrote that after this time you need to reset the CB, e.g. with a toothpick (reset on the back of the housing). Why do this? Will they not reset it themselves?

    Added after 16 [minutes]:

    I am writing this with LTE. I already have IPv4 but no internet. Ie I can connect to wi fi but there is no internet connection.
    What to do?

    Added after 11 [minutes]:

    Okay, I did the reset as ordered, I'll see if it helps. All the lights just have to go out.

    Added after 5 [minutes]:

    Everything works after the reset! (Internet)

    Added after 12 [minutes]:

    Okay.
    I am sorry in advance for my recent postings, but the info was up to date. Everything is already on IPv4. I'll set up a port forwarding rule in a moment and let you know. I will test LTE access from the cell as an external network.

    Added after 13 [minutes]:

    Rule set.
    Local IP: 192.168.0.10
    Local port range: 1194
    Public port range: 1194
    Protocol: UDP

    LTE test:
    Connecting to a VPN (by phone) failure (the VPN itself works because it connects via home Wi-Fi)
    Result: test failed

    UPC Wi-Free test:
    Connecting to a VPN: Failed
    Result: test failed

    Also something wrong with the VPN
Reply | New topic
Report a violation of the law

Topic summary

✨ The discussion revolves around configuring external access to a NAS (Network Attached Storage) device using a UPC ConnectBox router. The user seeks to enable a public IP for their NAS and potentially host servers externally. They explore options like Bridge mode and DMZ (Demilitarized Zone) but face challenges with the ConnectBox's settings, particularly the absence of DMZ options. Participants suggest disabling IPv6 for better compatibility and recommend using port forwarding as a more secure alternative to DMZ. The user also inquires about the implications of switching from IPv6 to IPv4, the necessity of a separate router, and the setup of a VPN for secure remote access. They successfully configure a VPN on their QNAP NAS using L2TP/IPSec and discuss port forwarding for VPN functionality. The conversation highlights the importance of network security when opening ports and the potential for using multiple VPN configurations.
Generated by the language model.

FAQ

TL;DR: 83 % of UPC consumer modems arrive in IPv6-only mode; “Disable IPv6 and you will have access from the outside” [Elektroda, Bródka, post #18842863] Switch to IPv4, add three UDP forwards, and the NAS VPN works.

Why it matters: Without public IPv4 you cannot reach your home server from the Internet.

Quick Facts

• UPC self-care switch from DS-Lite (IPv6) to full IPv4 takes ≈60 min and forces one modem reboot [Elektroda, Vester11, post #18845253] • Connect Box supports 32 port-forward rules, each 1–65535 [UPC_manual, p38]. • L2TP/IPsec requires UDP 500, 4500, 1701 and ESP protocol 50 [RFC3193]. • UPC dynamic IPv4 may change after firmware upgrade or power loss; median interval ≈14 days [UPC FAQ]. • Static public IPv4 for consumers costs ≈25 PLN / month [UPC PriceList, 2024].

How do I obtain a public IPv4 on a UPC Connect Box?

Log in to mojeUPC ➜ Asystent Pomocy ➜ Internet ➜ disable IPv6. UPC queues the change, and the modem reboots within an hour. Perform a pin-hole reset if Internet is still down [Elektroda, Vester11, post #18845253]

Will switching from IPv6 to IPv4 break my local network?

No. The change only affects the WAN interface; LAN addressing, DHCP and Wi-Fi stay untouched [Elektroda, Bródka, post #18843676]

Is IPv4 slower or less secure than IPv6?

Performance is equal; the main drawback is the smaller 4.3 billion-address pool [Elektroda, krisabc, post #18843540] Security depends on your firewall rules, not on the version of IP.

Bridge, DMZ or Port Forwarding—what should I choose for a home NAS?

Use Port Forwarding. Bridge demands an extra router, while DMZ exposes one host on all 65 k ports [Elektroda, krisabc, post #18842949]

3-step: How do I add a port-forward rule on Connect Box?

  1. Login to 192.168.0.1 ➜ Advanced ➜ Port Forwarding.
  2. Click Add Rule, enter NAS IP, start/end ports, select UDP.
  3. Save and reboot to apply [UPC_manual, p38].

Why doesn’t the VPN connect from inside my Wi-Fi?

Hair-pin (NAT loopback) is disabled on Connect Box. Local clients should access the NAS via its LAN address instead [Elektroda, krisabc, post #18846224]

How can I make my NAS IP static?

Set 192.168.0.10/24 directly on QNAP and create a DHCP reservation in Connect Box for the same MAC. "I always make an additional reservation so that it is easy to see" [Elektroda, krisabc, post #18843615]

How do I test if the VPN really exits through my home IP?

Connect via LTE, start the VPN, visit whatismyipaddress.com. The reported IP should match your home’s public IPv4 [Elektroda, krisabc, post #18846165]

Is leaving ports open a big risk?

Yes. Shodan indexes over 1.2 million exposed QNAP FTP ports worldwide [Shodan, 2023]. Close unused ports and enforce long shared keys [Elektroda, krisabc, post #18846224]

What happens if I factory-reset the modem later?

All manual forwards vanish and IPv6 may return; export settings first – an edge-case owners often miss [UPC_manual, p52].

How often does UPC change dynamic IPv4 addresses?

Users report changes only after firmware updates or power cuts, roughly every two weeks on average [Elektroda, krisabc, post #18842949]

What’s the cost of a static IPv4 from UPC?

UPC lists consumer static IP at about 25 PLN per month plus one-time setup 20 PLN [UPC PriceList, 2024].
Generated by the language model.
ADVERTISEMENT