ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications

Question

Hello, After fixing my local network, the topic of my NAS that I forgot came back. Everything works fine on the local network. In addition, I wanted external access to this NAS and the possibility of hosting the server / s (also with external access). Without going into details - Public IP. I...

Bródka · Answer

Log in to your account on upc.pl - enter help - Internet -> No connection to VPN, network games, no Bridge option, No Port Forwarding option - the assistant should disable IPv6 and then you will have access from the outside Better bridge mode than DMZ And what service is broadcasting on these ports?

Vester11 · Answer

No, nothing is broadcasting on these ports yet. I have to hold off a bit with the bridg because I would have to buy a router. And how is the bridge to a landline phone?

Bródka · Answer

Well, even if the ports are open, nothing will answer - opening a port is one thing, and broadcasting on this port is another Both bridge and dmz require a router - you do not give dmz to the end computer or other device than the router because you are open to the world It should work, but I'm not sure - ask the operator

Vester11 · Answer

Oh and one more thing. Will IPv4 have a negative impact on the overall performance of the network instead of IPv6?

krisabc · Answer

you just have to remember that this is a variable IP, it may change after restarting / updating the modem. Fortunately, this happens relatively rarely. External static IP service can be purchased separately (used to be only for companies, I don't know how now) Switching to Bridge mode will not be appropriate in this situation, you would have to put up a separate router / firewall behind the modem to filter traffic, etc. DMZ mode will also not be appropriate, because in it you open all ports for a specific host in your network. The best and simplest is port forwarding, in the modem menu you should have the option as shown in the picture If you cannot see such a tab, you most likely have IP6 and as he wrote Goatee it must be changed either on your own (via the UPC website) or by contacting the phone Added after 1 [minutes]: There is not practically more important

Vester11 · Answer

Tomorrow I will handle the change from IPv6 to IPv4.

I just have a few questions:
1) Is IPv4 anyway worse than IPv6? [As you wrote while writing this post] - Practically and purely theoretically? There is definitely a smaller pool of IP addresses with IPv4. Anything else?

2) Will I have to reconfigure my NAS AP and IP after changing from IPv6 to IPv4? Does this change require a router restart?

3) I am not privy to this, but will VPNs (from work, because I have household members who now work remotely and have vpny), will work and will this change not affect e.g. the configuration of new devices and other network interfaces?

4) Does port forwarding require any additional router / device? [/ Td]

krisabc · Answer

It is not worse, IP6 was created in connection with the ending pool of IP4, you can read the rest, e.g. here What are your current addresses on the internal network, NAS, computers, etc. AP is a different device than ConnectBox? Do you have a router besides ConnectBox? ConnectBox will definitely need a restart, Again, the question of internal network addressing, VPNs should not be affected ConnectBox is still the router in this option

Vester11 · Answer

As for computers, after CB reboot, their network card will change what it needs.
I only mean NAS and AP. The AP is an AccesPoint router at the other end of the apartment, except for the CB where there was no longer coverage.

US: Qnap TS-251A IP: 192.168.0.10
AP: Asus RT-AC1200G + IP: 192.168.0.38

krisabc · Answer

So you have IP4 on the internal network, they get them from DHCP or do you have static entry? enter statically in Qnap and Asus and you will be sure that they will always be at this address, I always make an additional reservation in DHCP (router, CB) so that it is easy to see what is at what address

Vester11 · Answer

Okay, I will. In the evening I will change IPv6 to IPv4, when the work is finished and the temporary unavailability of the Internet will not bother me.
Any more advice on these changes?

So far, I am not closing, because the change is still ahead of me and port forwarding too.

krisabc · Answer

General advice, think about it are you sure you need it each opening of ports is an increased vulnerability to network attacks, you will probably want to open ftp ports for Qnap and some other (what?), ConnectBox-only firewall is a weak solution in my opinion, I have a pfsense-based router / firewall behind the CB, I would not decide on the CB itself. While on the other hand you will see how it works, you can always disable redirection and return to the previous state.

Bródka · Answer

IPv6 only affects the change to the operator modem. Nothing will change inside the network

krisabc wrote:
General advice, think if you really need it? each opening of ports increases the vulnerability to network attacks

Bot attacks are open or not all the time

krisabc · Answer

It's true that when the ports are closed, nothing happens (unless the CB has some unpatched vulnerability), and when he opens ftp to Qnap, it's worse. The scanning covers entire pools anyway, so it does not matter whether the company or not, see e.g. at I agree that best solution there is a VPN to make just not based on PPTP OpenVPN or L2TP / IPsec only

Vester11 · Answer

This is what my network + Wi-Fi devices look like at this point. How to connect the NAS to a VPN in this setting? Maybe a hickey?

krisabc · Answer

You do not need anything, if you do a VPN, then by connecting from outside your home, e.g. with a loptop, it will get access to the entire home network as if you plugged it into your switch at home.

Vester11 · Answer

I expressed myself wrong. So how do you make a VPN here?

krisabc · Answer

You need to configure the VPN server on CB and configure the client on the computer you want to use city in the CB manual they write Virtual Private Network (VPN), pass-through operations with IPSec, PPTP, L2TP support for secure remote connection of computers over the Internet. but there is no written how to do this, maybe there is another instruction? call UPC with a question. Now I won't check, until tonight on my CB.

Vester11 · Answer

From what I was looking at, there is nothing about VPN in the manual or CB options.

krisabc · Answer

Well that's bad, but call UPC and ask

makosuu · Answer

The equipment from the operator will rather not have a VPN server, maybe you can run it on a NAS.

Vester11 · Answer

As for the VPN on CB. The manual says that CB VPN supports it, but I don't think you can set the VPN server version on it.
On the other hand, the NAS even has a dedicated application for VPNs - QVPN Service 2. There are many options - OpenVPN, QBelt, PPTP, L2TP / IPSec. It is also probably not too bad. Below are some screenshots.

Added after 39 [minutes]:

Okay, I'm successful. I set up a L2TP / IPSec VPN on this NAS and ... it works! (I did a bit of a blur. I don't know if some things are right, but the cautious one is always insured ...)

That's enough, or was it not? Then the next step is IPv4 and port forwarding?

krisabc · Answer

This is ok.Now port redirection on CB (UDP 1194) on QNAP and external testing, only set a good (complicated and long) Shared Key

Vester11 · Answer

Okay, but it's only in the evening, as on my UPC website, I will change it, because I can't restart CB yet.
Are there any ways to test this VPN (some ip checkers or something)? I want to make sure it works well.
As for redirecting, it is step by step:
1) I log in to the CB (after changing to IPv4) and enter port forwarding.
2) Adding a rule (not sure with ports)

Local IP address: 192.168.0.10
Starting LAN Port: 1194
Ending LAN Port: 1194
Public network starting port:?
Public Network End Port:?
Protocol: UDP

I took the information from instructions (page 38).

In addition, there is also a port triggering option, which detects when something is broadcast on a given port and only opens it. Is it safer? (It is in the manual)

Oh, and from Google I found a shared key generator for these passwords
https://cloud.google.com/network-connectivity/docs/vpn/how-to/generating-pre-shared-key

krisabc · Answer

as final also 1194 first fire on the standard redirect, then you can see the trigger with small steps :-) You will probably have to change the address range in the tab on compatible with your network, i.e. 192.168.0.50 - 192.168.0.55 otherwise you will not leave Qnap, it will come out in the wash

Vester11 · Answer

However, I still have some problems with the VPN. Using the IP checker, it shows the same IP address with and without a VPN connected.
I want to check the option with the NAS connected as a client, because I think it should be so.
When configuring the client connection on the NAS, a warning pops up about the server reserving IP addresses from 10.2.0.0/24 and possible IP address conflicts.
Will changing the VPN server's IP address range from 10.2.0.2-10.2.0.254 to 10.3.0.2-10.3.0.254 fix this problem?

krisabc · Answer

The VPN connection you have configured on the client creates a virtual network card that gets the address from the VPN, the address of the physical card is not changed. Addresses for individual network cards on the client can be checked with the command ipconfig / all (in CMD / powershel) It probably won't work that way. The client dialing in to the server, if it authenticates correctly, a VPN tunnel is established. Leave it alone for now, taking small steps because it's easier to see what's not working. The next step is to check if it connects from the city, the next one if you can see resources from Qnapa, the next one if you can connect to e.g. Asus.

Vester11 · Answer

After connecting via VPN and checking cmd ipconfig / all, it is correct what you said:
I have 2 options that are connected.

PPP adapter NAS160DAA:

Connection-specific DNS Suffix. :
Description. . . . . . . . . . . : NAS160DAA
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No.
Autoconfiguration Enabled. . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.2.0.2 (Preferred)
Subnet Mask. . . . . . . . . . . : 255.255.255.255
Default Gateway. . . . . . . . . : 0.0.0.0
DNS Servers. . . . . . . . . . . : 10.2.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN Wi-Fi adapter:

Connection-specific DNS Suffix. : home
Description. . . . . . . . . . . : Intel (R) Dual Band Wireless-AC 3160
Physical Address. . . . . . . . . : 00-1E-64-CE-02-F7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled. . . . : Yes
IPv6 Address. . . . . . . . . . . : 2a02: a310: 465: 6500: fd89: 3ee2: 4d5a: 33be (Preferred)
Temporary IPv6 Address. . . . . . : 2a02: a310: 465: 6500: bc58: d034: a79b: 1f21 (Preferred)
Link-local IPv6 Address. . . . . : fe80 :: fd89: 3ee2: 4d5a: 33be% 4 (Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.150 (Preferred)
Subnet Mask. . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, 29 July 2020 11:54:35
Lease Expires. . . . . . . . . . : Thursday, July 30, 2020 6:51:33 PM
Default Gateway. . . . . . . . . : fe80 :: 362c: c4ff: fe93: 739% 4
192.168.0.1
DHCP Server. . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID. . . . . . . . . . . : 67116644
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-A3-41-94-1C-39-47-40-00-99
DNS Servers. . . . . . . . . . . : 2001: 730: 3ed2: 1000 :: 53
2001: 730: 3ed2 :: 53
192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

My guess is that the former is a VPN, the latter is a network from Asus.

How long does it take to change IPv6 through the UPC website? And does it require some kind of chat with a consultant or other hotline?

Added after 4 [minutes]:

Oh, and will changing the option in Asus "Get LAN address automatically" to not make this address static? Leave DNS automatically or give some cloudflare?

krisabc · Answer

the first is VPN and the second is CB I have no idea, I have always had IP4 Yes, but enter the same IP address as you have now (192.168.0.38), dns can be given from google, UPC, cloudflare depending on how much you can enter

Vester11 · Answer

On Asus, I just toggle the option, filling the windows stays okay.
When I set up statica on NAS, I gave 9.9.9.9 and some cloudflare as DNS.
I plan to change IPv6 for today around 19-20.

Added after 7 [hours] 37 [minutes]:

IP on Asus changed to statics. Now it's time for IPv4

Added after 10 [minutes]:

I have already applied for my upc to opt out of IPv6 and they are supposed to change it within an hour. They wrote that after this time you need to reset the CB, e.g. with a toothpick (reset on the back of the housing). Why do this? Will they not reset it themselves?

Added after 16 [minutes]:

I am writing this with LTE. I already have IPv4 but no internet. Ie I can connect to wi fi but there is no internet connection.
What to do?

Added after 11 [minutes]:

Okay, I did the reset as ordered, I'll see if it helps. All the lights just have to go out.

Added after 5 [minutes]:

Everything works after the reset! (Internet)

Added after 12 [minutes]:

Okay.
I am sorry in advance for my recent postings, but the info was up to date. Everything is already on IPv4. I'll set up a port forwarding rule in a moment and let you know. I will test LTE access from the cell as an external network.

Added after 13 [minutes]:

Rule set.
Local IP: 192.168.0.10
Local port range: 1194
Public port range: 1194
Protocol: UDP

LTE test:
Connecting to a VPN (by phone) failure (the VPN itself works because it connects via home Wi-Fi)
Result: test failed

UPC Wi-Free test:
Connecting to a VPN: Failed
Result: test failed

Also something wrong with the VPN

ConnectBox, UPC, Public IP, Bridge, NAS, truncated options and complications

Post #1

Post #2

Post #3

Post #4

Post #5

Post #6

Post #7

Post #8

Post #9

Post #10

Post #11

Post #12

Post #13

Post #14

Post #15

Post #16

Post #17

Post #18

Post #19

Post #20

Post #21

Post #22

Post #23

Post #24

Post #25

Post #26

Post #27

Post #28

Post #29

Post #30

Topic summary