Jump to content


Photo
- - - - -

Help please connecting to M1 via WAN


  • Please log in to reply
14 replies to this topic

#1 MichaelWC

MichaelWC

    Newbie

  • Registered
  • Pip
  • 6 posts

Posted 16 November 2011 - 05:46 AM

Hi Guys,

Need you help. I just got my M1 installed. I'm trying to connect to my M1 remotely from the Internet. It connect fine with <IP>:2601 and it even ask me for my user name and password. But after that whilst trying to establish a secure connection, it returns with "Failed to Connect" and a message of "Cannot connect. Another device may be connected already". There are no other devices connected to it.

I can connect via the web interface from my LAN or using the ELKRP software.

Any ideas.

Thanks in advance.

Cheers,
Michael.

#2 wuench

wuench

    Cocoonut

  • Registered
  • PipPipPipPip
  • 1364 posts
  • Location:St. Louis, MO
  • Experience:guru
  • Software:CQC, EventGhost, Harmony
  • Hardware:Elk M1, ISY-99
  • Tech:INSTEON
  • Video:XBMC
  • CCTV:dvr
  • Phone:OBi100/110

Posted 16 November 2011 - 11:31 AM

What are you trying to connect to on the M1? Elk-rm? Elk-rp?

#3 gatchel

gatchel

    Cocoonut

  • Professionals
  • PipPipPipPip
  • 1836 posts
  • Experience:average
  • Hardware:Elk M1, ISY-99
  • Tech:INSTEON, Z-Wave
  • Audio:Sonos
  • CCTV:analog, ip, dvr
  • Phone:POTS

Posted 16 November 2011 - 01:05 PM

What ports did you open on your firewall? You may have to open 2601 and also port 80 if I remember correctly.

#4 wuench

wuench

    Cocoonut

  • Registered
  • PipPipPipPip
  • 1364 posts
  • Location:St. Louis, MO
  • Experience:guru
  • Software:CQC, EventGhost, Harmony
  • Hardware:Elk M1, ISY-99
  • Tech:INSTEON
  • Video:XBMC
  • CCTV:dvr
  • Phone:OBi100/110

Posted 16 November 2011 - 01:32 PM

I didn't think anyone ever got that working. The web interface (port 80) launches a java applet that then tries to connect on 2601 but using the local name/ip so I don't think it will work through a router doing NAT.

#5 MichaelWC

MichaelWC

    Newbie

  • Registered
  • Pip
  • 6 posts

Posted 16 November 2011 - 03:56 PM

Hi Guys,

I am trying to connect remote via WAN using just the browser IE and not the ELKRP software.

I have packet fitlering setup so that it allows any port from 0 to 2601 through as source and port 80 as destination
I also have port forwarding setup so that external port 2601 get redirected to my natted address to port 80

Note, I have tried this with firewall and also with firewall disabled and getting the same result.



Cheers,
Michael.

#6 MichaelWC

MichaelWC

    Newbie

  • Registered
  • Pip
  • 6 posts

Posted 16 November 2011 - 04:00 PM

Thanks for your reply Wuench,

I find it hard to believe though that no one has got this working. Everyone would have their LAN natted I guess from the internet through their home modem (whether it would be ADSL or CABLE connected).

If it is the case, how do people remotely connect to their M1 from their computer and what firewall rules do people uses ?

Thanks in advance,

Cheers,
Michael.

I didn't think anyone ever got that working. The web interface (port 80) launches a java applet that then tries to connect on 2601 but using the local name/ip so I don't think it will work through a router doing NAT.



#7 wuench

wuench

    Cocoonut

  • Registered
  • PipPipPipPip
  • 1364 posts
  • Location:St. Louis, MO
  • Experience:guru
  • Software:CQC, EventGhost, Harmony
  • Hardware:Elk M1, ISY-99
  • Tech:INSTEON
  • Video:XBMC
  • CCTV:dvr
  • Phone:OBi100/110

Posted 16 November 2011 - 04:35 PM

Probably mostly with apps that work over 2601 by itself. I use eKeypad and CQC. I never use the built in web interface, even at home.

#8 Frunple

Frunple

    Dedicated Cocooner

  • Registered
  • PipPipPip
  • 539 posts

Posted 16 November 2011 - 07:09 PM

I have packet fitlering setup so that it allows any port from 0 to 2601 through as source and port 80 as destination
I also have port forwarding setup so that external port 2601 get redirected to my natted address to port 80


I don't use an Elk, I have an Omni, but you may want to rethink this.
Why would you forward port 2601 to port 80?? Wouldn't the Elk use port 2601?
Again, I don't use an Elk so you may be just picking an external port but the omni does use a specific port and I am assuming the Elk does also.
Also, the port filtering would be useless since you would never know what the source port would be. Th 2601 would be the external destination port, not a source port.

Edited by Frunple, 16 November 2011 - 07:11 PM.


#9 signal15

signal15

    Cocoonut

  • Registered
  • PipPipPipPip
  • 1282 posts

Posted 16 November 2011 - 08:56 PM

Why in the world do you have the source port specified as 0-2601? That is wrong. It should be any source port, or a source port of 1024-65535. That may not fix everything, but I can tell you that a connection from a web browser is going to go out on a random port >1024.

Also, I would probably not expose this to the internet. The embedded software running on the ethernet expander has a history of security holes, and unless someone skilled in writing secure applications wrote the actual web application, it's likely that there are flaws there also. I'm planning on doing an assessment on it one of these days, but haven't found the time yet (I work for a well-known network security company doing this sort of thing).

I haven't tried the web interface through NAT. If it won't work because the private IP is being embedded in the page/applet, then utilizing a VPN will solve this, as well as provide more security. OpenVPN is a good free choice.

#10 video321

video321

    Dedicated Cocooner

  • Registered
  • PipPipPip
  • 775 posts
  • Location:NJ
  • Hardware:Elk M1, Mi Casa Verde Vera
  • Tech:Z-Wave
  • Audio:Custom
  • Video:Custom
  • CCTV:analog, dvr
  • Phone:Ooma

Posted 16 November 2011 - 11:17 PM

I use SSH and then simply connect to the IP of the XEP - I would never have it externally accesible without some kind of tunnel.
If you have a DD-WRT capable router I wrote a tutorial on this site.

#11 Work2Play

Work2Play

    Cocoonut

  • -=Gold Supporter=-
  • 4442 posts
  • Location:Northern California
  • Experience:guru
  • Software:Elve
  • Hardware:Elk M1, RUC-01
  • Tech:X10-RF, UPB
  • Audio:AirPlay
  • Video:XBMC
  • CCTV:ip, dvr
  • Phone:3CX, Asterisk, FreePBX, Grandstream, Ooma

Posted 17 November 2011 - 12:41 AM

I haven't tried this first hand - at least not for the web browser; but you'd need to set up 2 ports on your firewall; you'd need port 80 to forward to port 80 on the M1; and port 2601 to hit 2601 on the M1. You might be able to forward another port for the web-browser piece - like port 8080 to port 80 on the M1 - since many ISP's block port 80 hosting.

I do however use eKeypad and for it you only need port 2601 forwarded to the M1's IP.

#12 wuench

wuench

    Cocoonut

  • Registered
  • PipPipPipPip
  • 1364 posts
  • Location:St. Louis, MO
  • Experience:guru
  • Software:CQC, EventGhost, Harmony
  • Hardware:Elk M1, ISY-99
  • Tech:INSTEON
  • Video:XBMC
  • CCTV:dvr
  • Phone:OBi100/110

Posted 17 November 2011 - 04:30 AM

Now that I think about it more, it does seem strange no one ever go this working especially in light of the M1XEP having DynDns settings. Maybe you have to have the Elk configured for DynDNS for it to work. The Elk would need to know it's external IP and that seems like the only way. But Work2Play is correct about the port forwarding configuration that would be needed.

#13 Frunple

Frunple

    Dedicated Cocooner

  • Registered
  • PipPipPip
  • 539 posts

Posted 17 November 2011 - 09:01 AM

Now that I think about it more, it does seem strange no one ever go this working especially in light of the M1XEP having DynDns settings. Maybe you have to have the Elk configured for DynDNS for it to work. The Elk would need to know it's external IP and that seems like the only way. But Work2Play is correct about the port forwarding configuration that would be needed.


People really get confused about dyndns. Theres no need for the Elk configured for a dyndns if you already have one for your home.
IOW, one dyndns account (or any domain name) that points to your home will work for any device on your LAN. The domain name actually points to your routers external (WAN) address. So anything behind that address will be accessible from that domain name. Most people buy a router with dyndns capabilities and set that up, then they buy a IP cam with dyndns capabilities and think they need to set up another account. This is not true. One domain name will point to your router, then you would forward the correct ports to the correct devices. I actually had a friend who had 4 dyndns accounts all pointing to his house because he thought each device needed their own name. I showed him he can access any device from each name so he got rid of 3 of them.

So back to the OP, if the Elk uses port 2601, that needs to be forwarded to the Elk's IP address as I said earlier. Not to port 80.

#14 video321

video321

    Dedicated Cocooner

  • Registered
  • PipPipPip
  • 775 posts
  • Location:NJ
  • Hardware:Elk M1, Mi Casa Verde Vera
  • Tech:Z-Wave
  • Audio:Custom
  • Video:Custom
  • CCTV:analog, dvr
  • Phone:Ooma

Posted 17 November 2011 - 11:37 AM

2601 is only need for remote configuration via RP. Port 80 is the only thing needed for the Java interface - it works for me.
...but again, I wouldn't do that.

Edited by video321, 17 November 2011 - 11:40 AM.


#15 MichaelWC

MichaelWC

    Newbie

  • Registered
  • Pip
  • 6 posts

Posted 18 November 2011 - 08:55 PM

Thanks guys.

I guess I'm still not 100% sure what is the right ports setting. But with that said, it seems that the M1 OTB web interface may not be the goer.

Is ekeypad the only way to go ? are there any other interfaces available which would work in a Windows environment.

My plan is to have a touch screen computer running Windows 7 that I can configure so that I can have a at-a-glance view of the statuses of all my zones.

Cheers,
Michael.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users