Elk M1, DDWRT, VPN,

[elias1693]

My Elk has been working great for about a year. I have dyndns setup on my Cisco\Linksys router and when I type in my dyndns name address or external IP address it connects straight to my Elk and prompts for USER ID and password. Ports, 80, 2601, and 2101 have all been forwarded to my M1XEP. 
 
First question is shouldnt I be able to access my router externally by typing in the dyndns or IP address? Can I change the port 80 on my elk to something else like 81, 82, 83 etc? So I can access my router from the outside world? As it stands now I have to type in my extrenal IP and port to connect to DVR, IP cameras, TED, etc. 
 
I recently discovered DDWRT and have upgraded my router. I've got everything working on DDWRT except Elk email which is weird because I used the same settings I did on my Cisco\Linksys but now email is not working. But I'm working on my ISY to handle email so I'm not going to fight with the Elk email problem for hours again like I did in the past. 
 
What I am trying to setup is VPN and I'm not sure how that is going to work if Elk is defaulted to port 80. Any suggestions? 
 

 

[video321]

You definitely don't want to be forwarding port 80 from the XEP. I'd concentrate on getting VPN working because after you do, you don't need to forward any ports. I'd also think twice about trying to get to the management port of your router from the WAN - why do you need to? But, if you do then at least use the secure port or SSH - which would also be taken care of if you have a secure VPN connection.

 

[drvnbysound]

If you want to access the M1 via web, port 80 is required to be forwarded... along with port 26 and 2601. Of these, only the secure port, 2601, is configurable as far as I know.
 
Here is the information straight from the manual:
 

 
If you are using the secure port, nothing occurs on port 80 except a re-direct to port 2601 for secure/encrypted communications. However, if you don't forward port 80 and try to go directly to 2601 I don't believe the page ever loads - it has to go through 80 first.
 
That said, I definitely wouldn't be trying to forward port 80 of my router... there is no way that I want the outside world to have (easy) access to my router.

 

[frozenteeth]

You can also port forward if you like. The router should be able to send all traffic from one external port to an internal port. 
Example: instead of using port 80 on the outside you would add a port forward to make http://myipaddress:8888 forward to the internal ip address of 192.168.0.50:80 (internal ip example only this would be your ELK IP)
 
I used the dyndns service to host my domain name so I can have sub address so I can forward to non normal ports:  http://elk.mycooldomainname.com redirects to my dyndns IP address and port I choose. That way I have different ones like dvr.mycooldomain.com and camera1.mycooldomain.com 
 
Also I have a newer cisco/linksys device which has the cloud connect service so as long as you have internet you can control/configure the router. Has an android app also.

 

[frozenteeth]

Sorry just re-read your post. If you have DDWRT you can easily port forward. http://www.dd-wrt.com/wiki/index.php/Port_Forwarding
 
Also not sure what type of VPN you are setting up, but if you do that would be the most secure way to access just usually more configuration on the remote PC/device. I use Logmein to access my server from outside in case I need more access. 

 

[tmbrown97]

When you talk about accessing the Elk outside the house, if you're trying to access the XEP's built-in webserver, then yes port 80 is required, but using a mapped port is way better as frozenteeth said - but if you're using an app like eKeypad, then only the secure port is needed.  80 is just needed to get to the web-page that serves up the java applet.

 

[linuxha]

Another method to consider is an ssh tunnel to a server inside the home. I do with with my Linux servers (you could use a Raspberry Pi to terminate the tunnel). It's advantage over a VPN is that it will still allow you to use the VPN. (VPNs tend to cut off access to other networks not accessible via the VPN). Once a tunnel is built, a kind of port forwarding can be done from the PC/Phone/Tablet (Putty allows this). I can routinely forward http://127.0.0.1:2280/ to http://raspberry.uucp:8080/ (just an example). Now if the device injects the port into return URLs then you'll have problems.

 

[video321]

Didn't want to throw too many things at you, but since you are running DD-WRT here is a tutorial I wrote on using SSH (an alternative to VPN as linuxha pointed out):
 http://cocoontech.com/forums/page/articles/_/news/accessing-your-home-network-remotely-using-ssh-and-your-dd-wrt-based-router-r438

 

[nlaredo]

You guys are pretty brave to open up port 80 on your elk m1xep to the outside world.   I hope you'll follow the suggestion to use an ekeypad type app like myKeypad that relies on the secure 2601 port.

 

[elcano]

There are somr hackers with IP addresses from China that every now and then attempt to log into my NAS. The NAS is smart enough as for blocking the IP address permanently after repeated attempts. However, the M1 is not. I use MyKeypad over 2601 because I don't want to make it too complex to my wife. However the VPN is the best approach.