UPNP keeps disappearing

[Mike A.]

Can you ping your router using your DDNS host name? Or you can just put the external IP in for testing now (assuming that it doesn't change much).

Make sure that's working first and that you're actually able to hit your site.

What are you using as a client on your iPhone? The OpenVPN client from the app store?

 

[CedarTree]

Yes. When I use the DDNS host name, it wants to log me into the router.
I was trying the Open VPN Connect app on iPhone from the App Store.
EDIT: To be clear, I turned on Router remote management temporarily to try accessing it from a computer outside my home network.

 

[Mike A.]

OK. So you know the DDNS is working.

Can you open the config file that you got from the router in Notepad or some other editor? Look at the first line in the file. It should look something like this (may all be on one line strung together):

client
dev tun
proto udp
remote [yourhost].ddns.net [VPN port]
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----

The entries in [ brackets ] should be your DDNS host name and port that you set up on the router. If not, then edit that text to be as you set it up. Delete the existing profile and re-import.

From there, I don't have the Orbi so I'll have to work from what I can find.

(As an aside, if you're getting a login page on your router from the Internet, then you probably should turn off remote admin somewhere in the router. Don't worry about that for now though.)

 

[CedarTree]

Thanks. Turned off remote management (I agree).
Here's what I have in config file:

client
dev tun
proto udp
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
remote [HIDDEN].ddns.net [PORT]
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 0

 

[Mike A.]

So the DDNS host name and port (which looks to be the default for the Orbi) are correct? Assuming so. If not, then again you'd need to correct that.

What does it say on the client when you attempt a connection?

On the client, clear the log (hit the x in a circle at the top) and then try to connect again. See if you see errors there. If so, post what that says.

On the ORBI there should be a log section somewhere. If you look at the log do you see anything related to a VPN connection? If so, post what's there.

 

[CedarTree]

AND just like that... now it's working!
I think the trick was that before, in DDNS.net, I was pointing to the correct IP, but wrong port.

 

[Mike A.]

Great. You should be good now.

You'll essentially be a client on your local net when connected via the VPN. So when referencing things on your net or setting up clients like BI, you'll use the local IP addresses.

 

[CedarTree]

OKay. Thanks! Just to confirm, in my BI app on iPhone, I have LAN = local address:81, and WAN = my DDNS address (without a port interestingly). Or how do you access BI on your phone?

 

[Mike A.]

Make both the local IP : port of your BI server (e.g., 192.168.1.x:81 or whatever), not the DDNS host_name : port.

As above, once connected via VPN, you're already connected to your local net when you launch the BI app so you don't need the DDNS there. DDNS has already got you there in connecting to the VPN. You'll use local IPs from there.

Edit to add:

Once connected via VPN you also should be able to open a browser and enter the local IP of the BI server, a camera, or your router or whatever else inside of your net with a web interface and get to that as well. Telnet, etc., etc.

 

[CedarTree]

And, in BI wizard, it tells me the WWW can't get to my WAN address, which I think is GOOD!

 

[wittaj]

Glad you got this working! So when OpenVPN is on, your phone is just like you are sitting at home, so anything you can do at home you can do as well. Set up TeamViewer or remote desktop and you can then access the entire BI machine that way too.

The other advantage is if you are somewhere with crappy cell service but they have free wifi, you connect to it and then OpenVPN into your home network for secure internet service.

 

[Mike A.]

The other advantage is if you are somewhere with crappy cell service but they have free wifi, you connect to it and then OpenVPN into your home network for secure internet service.

Depends how you set that up whether it routes client Internet traffic destined other than to your net through your net. But there should be an option to do that somewhere.

 

[CedarTree]

So here's a maybe downside to VPN (?). I have the BI app on my iPhone and I have BI alerts set up to send me a phone notification when motion triggered. Works fine at home. But unless I VPN everytime when I'm away, I won't get those alerts, right? Anyway around this? Thanks in advance.

 

[bp2008]

I think you'll get the notifications, but depending on how BI sends the alert images, images might not come through. Not sure.

 

[Mike A.]

You'll get the alerts without being on the VPN. They're outgoing and don't require an incoming connection to the network.

I've never been able to get the images to work either way no matter what I've tried so I'll pass that to someone better on that end.