ELK M1 - Can't connect from Outside of LAN using M1toGo or Elk RP2

F

flbbon4123

Member
I need some help here as I can't see what is setup incorrectly.
 
I am unable to connect to the M1 from outside my local network.
Inside my local I am able to connect using both Elk RP2 and M1toGo.
 
I have setup the M1XEP to use port 2601 for secure connection.
 
I have set the IP for M1XEP to use a static IP.
 
I have opened port 2601 on the router to allow outside connections
Router_PortForward.jpg
 
I have setup DDNS using NO-IP.
 
I have confirmed the IP address in NO-IP is synched to my router and the IP address is correct (screenshot attached Router_NOIP_Sync).
 
I have used PortCheckTool to confirm port is open and not being blocked.
 
I have used NSLookup to confirm No-IP host name is resolved to my Elk IP.
 
Running tracert on the No-IP  domain times out
 
When I try to connect to Elk using the NO-IP domain or the external IP address, M1toGO will not connect
No_Connection.jpg
 

Attachments

  • Router_NOIP_Sync.jpg
    Router_NOIP_Sync.jpg
    32.8 KB · Views: 11
try entering your WAN IP directly instead of the no-ip dynamic name
try the other port option as your ISP might be blocking 2601
 
Another option (and a more secure method of doing this) is to set up a VPN connection.  Not every router will host a VPN connection, but if your network equipment does handle it, this is the best method to access anything on your home network.  In doing this, you only have to open one port (for the VPN) and it requires outside users to have an encrypted key to complete the connection to the local network.  It is 1000 times more secure than simply opening ports on your router for various services you want to access remotely. 
 
While the VPN may be harder to set up initially (although they really aren't hard to set up), it is easier to use because remote connections appear as if they were a normal device on the local network, so accessing machines and services tends to be much easier.  If you can access it on the local network, you will generally have no problems accessing it over a VPN.
 
Another advocate for VPN.  I kick myself for being such a stubborn dope for so many years using port forwarding.  I think VPN is actually simpler than opening ports, and  of course far more secure.  You will need to subscribe to a DDNS service to find your router, but you need that anyway for open ports.  And of course set up the VPN on your router and mobile device.  But if I can do it.... well...   The only burden is to turn VPN on at your mobile device when you need it.
 
BraveSirRobbin said:
try entering your WAN IP directly instead of the no-ip dynamic name
try the other port option as your ISP might be blocking 2601
Click to expand...
I am not a knowledgeable user when it comes to networks.
I think the WAN is the same as my public IP address. Correct?
 
I contacted my ISP which confirmed my public IP.
I did as you suggested and I can see that M1toGo is attempting a connection but finally fails.
I changed the port on M1XEP to use the non-secure port instead of port 2601. No luck.
 
I have downloaded an app called "Fing" to identify the devices on my network, what IP they are using and Open ports.
 
When I check the M1XEP, Fing confirms port 2601 is open.
 
When I check the router, port 2601 is NOT open.
What I think this means is that even though I have opened the port in the router "port forwarding rules" the router or my ISP is blocking the port.
Would I be correct here?
 
If I was to use VPN as sic0048 and Mark S suggest, would I be able to connect?
 
Thanks
 
flbbon4123 said:
I am not a knowledgeable user when it comes to networks.
I think the WAN is the same as my public IP address. Correct?
 
I contacted my ISP which confirmed my public IP.
I did as you suggested and I can see that M1toGo is attempting a connection but finally fails.
I changed the port on M1XEP to use the non-secure port instead of port 2601. No luck.
 
I have downloaded an app called "Fing" to identify the devices on my network, what IP they are using and Open ports.
 
When I check the M1XEP, Fing confirms port 2601 is open.
 
When I check the router, port 2601 is NOT open.
What I think this means is that even though I have opened the port in the router "port forwarding rules" the router or my ISP is blocking the port.
Would I be correct here?
 
If I was to use VPN as sic0048 and Mark S suggest, would I be able to connect?
 
Thanks
Click to expand...
 
 
When you are tying to connect using the NoIP address, are you at home and connected to your local network?   Or are you truly away from home and outside your home network?  If you are trying to use the NoIP hostname and trying to send that remote request out through the router onto the WAN, it won't work unless your router is set up to support loopback.  Some routers support loopback, others do not.
 
RAL said:
 
 
When you are tying to connect using the NoIP address, are you at home and connected to your local network?   Or are you truly away from home and outside your home network?  If you are trying to use the NoIP hostname and trying to send that remote request out through the router onto the WAN, it won't work unless your router is set up to support loopback.  Some routers support loopback, others do not.
Click to expand...
Thanks RAL.
 
I am trying to connect from within my home network using M1toGo and then using No-IP hostname.
Looking at my router settings, and searching the support forums, my router does not support loopback
 
Can you suggest the best approach to confirm external connection will work?
 
flbbon4123 said:
Thanks RAL.
 
I am trying to connect from within my home network using M1toGo and then using No-IP hostname.
Looking at my router settings, and searching the support forums, my router does not support loopback
 
Can you suggest the best approach to confirm external connection will work?
Click to expand...
If you are using a.laptop or tablet and have a cell phone.
Shutoff WiFi on the phone
Turn on sharing on the phone, so your using the cell signal to connect to the internet
Connect your laptop/tablet to the cellphone share.
Now try connecting to your home ip with the togo app on the laptop/tablet
 
flbbon4123 said:
Thanks RAL.
 
I am trying to connect from within my home network using M1toGo and then using No-IP hostname.
Looking at my router settings, and searching the support forums, my router does not support loopback
 
Can you suggest the best approach to confirm external connection will work?
Click to expand...
If you run VPN client software on your PC and connect to an external VPN server (e.g. NordVPN), I think that might work.  It will allow you to tunnel out of your network through the VPN, and then come back in from an external IP address.  I haven't tried to do this, but I think it should work.
 
flbbon4123 said:
Here it is.
attachicon.gif
M1toGo_URL.jpg
Click to expand...
In the IP Address/URL just enter your WAN IP (eliminates the No-IP) as a test.  I take it if you enter the LAN IP this works?
 
Also, did you try to uncheck the 'secure connection' checkmark?
 
BraveSirRobbin said:
In the IP Address/URL just enter your WAN IP (eliminates the No-IP) as a test.  I take it if you enter the LAN IP this works?
 
Also, did you try to uncheck the 'secure connection' checkmark?
Click to expand...
I don't think that will work, unless his router supports NAT Loopback. 
 
The correct term is hairpinning.  Most devices are not going to support it, some will and others may require additional configuration to get it to work.  Most devices when they perform NAT, they just hide one address.  Take your internal IP; let's say it is 192.168.1.100, if you go to Google at the IP address of 142.250.115.139 and your WAN IP is say 1.1.1.1.  NAT takes your IP (source) and replaces the 192.168.1.100 with 1.1.1.1 when you go to Google.  When traffic is sent back from Google to your WAN IP (1.1.1.1) it then replaces the 1.1.1.1 with 192.168.1.100.
 
The OP can easily just switch their phone to use carrier data by turning WiFi off on their phone.
 
Some ISP's block certain ports, some (very stupidly) use certain ports for their management and allow all addresses to hit it.  The better ISP's hide the ports that they use for management and only allow certain IP's to use that rule, this frees the port up for the user to use as well.
 
If the router supports it, you can have the external port different than the internal port.  So the external port could be say 9000 and the internal port still being 2601.  So if you're having an issue with port 2601, you might try that.  Maybe that is the port that the ISP uses to management their on-site equipment.
 
HUGE thanks to everyone for their suggestions / guidance!!
Without everyone's input I wouldn't have understood what the resolution could be.
 
I believe I have finally resolved the problem!!
 
Because Elk RP2 doesn't use the secure port for authentication, I was not able to see that port 2601 was being Blocked by my ISP.
Using port 2601 in the M1toGo settings and connecting from within the LAN worked fine.
 
BraveSirRobbins suggestion of using the public IP and unchecking the secure port connection while trying to connect while using my wifi did not work.
RAL said that my router would need to support loopback for this to work.
After checking my router and support forums I found the question of loopback or hairpinning (as Ianbrown has noted) is not supported on my router.
 
Using sbwright's suggestion to connect to the network using my phone and then connecting to the non-secure port for M1XEP, allowed me to access the M1.
I tried connecting to the secure port 2601 which failed even when the router had a port forward rule.
 
I changed the secure port 2601 to a different port on the M1XEP, setup the port forward rule on the router and was able to successfully access the M1 using M1toGo.
 
In the M1toGo setup, I replaced the public IP with the No-IP domain name.
This was successful.
 
Mark S and sic0048 have suggested using VPN.
 
Now that it "appears" my problem is resolved, would there be any additional benefit to exploring VPN?
 
You must log in or register to reply here.

Similar threads

T
Need help connecting an ELK M1 Gold to a Johnson Controls PowerManage monitoring station
Replies
2
Views
260
TriLife
T
R
Advice in Designing new Elk System
2 3
Replies
37
Views
2K
rmf
R
A
New homeowner/router Omni Pro II Reconnecting
Replies
5
Views
503
pete_c
pete_c
M
Troubleshooting network connectivity issues
Replies
12
Views
441
dwalt
D
T
ELK M1 not communicating to M1XEP anymore
Replies
4
Views
1K
TriLife
T
Back
Top