FlyingDiver
Member
Do you see the same port forwarding rule match when you connect via the cellular (phone) network?
Trouble connecting to Elk from work (split from other threads)
- Thread starter rbarnes
- Start date
Another point after reading all your posts (many thanks).
I am the owner of the work site, and have looked at all the router settings (that I know) and can't see any outgoing blocks.
Hence my original question as to whether I needed to have any incoming ports open at my work site?
Anyway, so if anyone has any thoughts or can suggest anything I should check at work, I do have the ability to look at that end as well.
I am the owner of the work site, and have looked at all the router settings (that I know) and can't see any outgoing blocks.
Hence my original question as to whether I needed to have any incoming ports open at my work site?
Anyway, so if anyone has any thoughts or can suggest anything I should check at work, I do have the ability to look at that end as well.
rbarnes said:
Are your home and office networks connected to the same ISP, or different ISPs? Just because traffic flows in one direction (from work to home), doesn't guarantee that it will also flow in the opposite direction. With different ISPs, it's much easier for this kind of breakage to occur (though still unusual).
One thing to try is to see if you can ping your work IP address from home. You need to use the IP address that the ISP assigns to the WAN side of the router for this, not the local network address that the router at work assigns (e.g. 192.168.xxx.xxx). Also try a traceroute command to see the network path that it is following. This may help you narrow down where there is a problem in the network path, if there is one.
If the ping works, then that brings you back to looking for a problem with ports not being open.
Was this working at one time and recently stopped working? Or is this the first time you've tried to access the Elk from work? It wasn't clear from your original post.
Yes they are both on different ISPs.
I'm not sure it's possible to ping an internal IP address from the outside world?
I know I can connect to my work site from home for other purposes. Ie our work CCTV system.
And yes, I have been able to connect to my alarm from work previously. I had it working for about a year. Then recently when I tried I have been unable to.
I'm not sure it's possible to ping an internal IP address from the outside world?
I know I can connect to my work site from home for other purposes. Ie our work CCTV system.
And yes, I have been able to connect to my alarm from work previously. I had it working for about a year. Then recently when I tried I have been unable to.
Since you can access your work CCTV from home, that rules out some kind of network routing problem between the two ISPs.
It really seems like there must be something that has changed in your work network that is blocking the response that the Elk.
Have you tried the suggestions posted earlier from wuench and work2play to try different ports?
It really seems like there must be something that has changed in your work network that is blocking the response that the Elk.
Have you tried the suggestions posted earlier from wuench and work2play to try different ports?
tmbrown97
Senior Member
If this were just PC related, I'd suspect firewall issues (installing something like Norton 360 can wreak havoc); but if eKeypad also doesn't work, that kills any ideas I have left. I'd need to play with them personally to see what works and what doesn't - and probably do some specific port testing; even just sitting at the work pc and telnetting the ports to the house, or running a port scanner to scan the house open ports... from there see what's open and what's not.
wuench
Senior Member
As I mentioned above, the error seems to indicate you are getting connected and it is failing at the authentication phase which rules out the network connectivity. And it sound like you have pretty much verified that connectivity as well. I would double check all of your auth settings and then if that all looks good, download wireshark and take a trace, it might to narrow down the issue.
I also assume we are talking about ElkRP here and not ElkRM (the web interface).
I also assume we are talking about ElkRP here and not ElkRM (the web interface).
drvnbysound
Senior Member
wuench said:
Great point!
wuench
Senior Member
The things to look for in a sniffer trace are:
1.) Are you seeing two way traffic, do you see packets sourcing from both sides.. That confirms you are indeed getting connected and no ports are being blocked etc.
2.) When it fails which side is closing it down? The side sending the initial FIN or more likely a RST (Reset)
3.) Do you see retransmitted packets, one side retrying over and over.
4.) And you can try to take a trace while at home to compare with the remote one and look for differences.
If you are indeed getting connected (1) and seeing retries (3) that means that packets are timing out or getting dropped somewhere. Which means something is not responding fast enough for the process to complete. That could be due to any component, the Elk, your Router, your client, or your internet connection or your works proxy server, or conneciton. So you could bounce the Elk and Router in the hopes that maybe it will speed things up. If it is your ISP connection there is probably not much you can do. Bouncing your router would get you a new connection, and after that you can try and call them but there is not much you can do. And/or have someone at your work check their network.
You are not going to be able to see to deep into the process with a sniffer because it is encrypted.
1.) Are you seeing two way traffic, do you see packets sourcing from both sides.. That confirms you are indeed getting connected and no ports are being blocked etc.
2.) When it fails which side is closing it down? The side sending the initial FIN or more likely a RST (Reset)
3.) Do you see retransmitted packets, one side retrying over and over.
4.) And you can try to take a trace while at home to compare with the remote one and look for differences.
If you are indeed getting connected (1) and seeing retries (3) that means that packets are timing out or getting dropped somewhere. Which means something is not responding fast enough for the process to complete. That could be due to any component, the Elk, your Router, your client, or your internet connection or your works proxy server, or conneciton. So you could bounce the Elk and Router in the hopes that maybe it will speed things up. If it is your ISP connection there is probably not much you can do. Bouncing your router would get you a new connection, and after that you can try and call them but there is not much you can do. And/or have someone at your work check their network.
You are not going to be able to see to deep into the process with a sniffer because it is encrypted.
tmbrown97
Senior Member
What is on the work end as far as firewall/router? If it's a router doing SPI (Stateful Packet Inspection) or any analysis of the incoming content it might be blocking it because it doesn't know what it is.
The fact that it works over a teathered cellular connection gets me away from worrying about timeouts...
If this were me working on it and wanting access from home, most likely I'd just set up a home router that can accept VPN connections then just VPN into the house from the office - that would take care of everything.
The fact that it works over a teathered cellular connection gets me away from worrying about timeouts...
If this were me working on it and wanting access from home, most likely I'd just set up a home router that can accept VPN connections then just VPN into the house from the office - that would take care of everything.
Ok, I have pretty much given up on this.
I have no idea why i cant log into this anymore.
I can telnet my panel from work, i can log in via mobile but just can not from work for whatever reason.
I am looking at changing the work router to see if that may fix it, but i dont believe there is anything on our current one that is blocking it.
For now i am using Teamviewer to log into my laptop at home and connecting that way.
I appreciate everyones contribution and thoughts.
I have no idea why i cant log into this anymore.
I can telnet my panel from work, i can log in via mobile but just can not from work for whatever reason.
I am looking at changing the work router to see if that may fix it, but i dont believe there is anything on our current one that is blocking it.
For now i am using Teamviewer to log into my laptop at home and connecting that way.
I appreciate everyones contribution and thoughts.
drvnbysound
Senior Member
I believe [feel free to correct if wrong] TeamViewer uses the standard Port 80 (http) and utilizes TeamViewer servers initiate/setup the remote viewing session. I mention that to say it's not necessarily a secure method of connecting to and viewing your alarm RP information. I'd suggest a VPN connection, along with something like VNC (a la TightVNC for windows).
