Can't connect using SSH to my local server from external host and vice versa
Can't connect using SSH to my local server from external host and vice versa
When I tried to connect from some local host with my server everything works fine but when i try to do the same but with an external host it's impossible.
In this point, I can say that the server firewall and server pot is working good because I open the ports in the server an also I disconnet de server firewall.
Next, when I try to connect to my server with external host the ssh client tell me that the password authentication works but the conexion close fot timeout reasons or failed waiting for channel success
In the other way, when I try to connect to my external server (AWS instance) via SSH from my home, the SSH client cant connect and telling me "client_loop: send disconnect: Broken pipe"
But when I to connect to my external server (AWS instance) using my phone like a router, I can do it
I try disconnecting every protection in the router but it doesn't works
I also open the ports in the port forwarding and works for http (port 80) but not for ssh, I try changing de default port (port 22) for other and it doesn't works, I try with DMZ and also doesn't works
I have the same problem when I use Cisco Webex videocall, it can't establish the connection and I have to use my phone like a router when i need to use Cisco Webex videocalls
I also try restarting all the default settings and updating the router with the last version but it still doesn't work
Someone have some idea why is this happen?
I really appreciate any answer.
Thank you very much for your time and have a nice day
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@shberge Hi,
Yes, finally we can find the issue, I will explain the datails, I'm sorry for the delay in reply
It seems that the problem was caused for my ISP
I explain myself better, the packets coming out from my local network are marked by a code called DSCP that is kind of priority code in the packet management of QoS (Quality of service).
The thing is that my ISP are not allowing marked packet with DSCP > 0 and for that reason I had those problems
SOLUTION:
I installed the Omada controller in a virtual machine running Ubuntu (I found some tutorials on youtube on how to do this but in these days I will buy the Omada controller hardware instead) and then I went to: settings -> wired networks -> LAN and I adopted my router with the Omada controller, I had some problems adopting my router but after to do a factory reset to my router and configure my ip's in the same subnet, all went well.
Once his is done, I went to: settings -> wired networks -> Internet, and in the Advanced Settings I set "QoS Tag" as None. And since then, everything works fine.
I want to thank technical support for helping me find the problem and give me a solution.
You are the best!
I hope all of this can be help to anyone who has a similar problem.
Thank you very much again and have a nice day.
Best regards.
- Copy Link
- Report Inappropriate Content
It does not sound like a router problem, have you checked if you can use SSH from another network? see if you have an option for Layer 3 Accessibility, if L3 is not enabled on SSH device you can only connect to device on the same network as the device is connected.
- Copy Link
- Report Inappropriate Content
@shberge Thank you very much for your answer and let me show you more details
In this first picture you will see how I was trying to connect to server using the cable connection from the router and it was impossible
In this second picture you will see how I can connect to the server using the same command but in this case I'm using my phone internet connection instead my router connection
And in this last photo, you will see how I was connected to my router again and again I cant connect to the using SSH
And this issue is happening with my others computers also so I assume that the problem it hs to do with the network generated from my router
Please tell me what I'm doing wrong or what can I do to solve this issue and thank you again for your answer
- Copy Link
- Report Inappropriate Content
Do you have ER605 local or on remote site?
If it on remote site where your SSH device is you have to create a NAT rule like this (remember to enable) if you don't use any type of VPN connections.
Im not sure how you connect. but it look like you connect with port nat to your device.
I have multiple ER605 and ER7206 and this is usually not a problem,
Check ACL rule on router, that is the only thing that can block this if your device support L3 SSH Connection.
Have you tested to create a L2TP or PPTP VPN?
If nothing of this help you have to contact TP-LINK. there is a lot of bugs on this router but this is new to me, the most of bug is when router is controller managed not in stand alone.
- Copy Link
- Report Inappropriate Content
You can also try to upgrade to a new software. I use software in this link, this is beta but work quiet well.
https://community.tp-link.com/en/business/forum/topic/266210
- Copy Link
- Report Inappropriate Content
@shberge thank you very much again for be there
I have two differents situations and I think the first is most easy to solve than the second and I also think when I salve the situation number one I could solve the second
Situation number one. In this picture you will see the diagram
When I try to connect to my external server using SSH from my local network, the connection fail but when I use other network the connection is possible
I disconect all the router firewall, you can see that in the pictures in my first post
SECOND SITUATION:
When I try to acces to my home server using http request from my local network or external network, everything is okey
When I try to connect to my server ussing SSH from my local network, everything is okey
but when I try to connect to my server from external network using SSH, the connection fail
Look the diagram
Look my router configuration in the ports in this picture
The router's firewall is completely disabled, you can see that in this picture
For the last, I have actualized the router to the lasted official version and not works
Do you have any idea why is this happening?
Thank very for your time, I really appreciate
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
to be honest I have no idea, everything looks just right. the only thing I can think of then is that the ISP has blocked port 22 in its network. if you connect your pc directly to the internet does the same thing happen then? there had been a simple test to exclude faulty router configuration.
- Copy Link
- Report Inappropriate Content
You can also try another port to bypass if isp have blocked port 22
try somthing like this
And use port 222 when you connecet. like this
I do a test and it work with no problem.
- Copy Link
- Report Inappropriate Content
@shberge thanks for your answer
I called my ISP and they told me that I have not any restriction in my line, they give me a public IP and the manage of ports is mine and I'm not in CGNAT
I have connected my router to the ONT directly, so I suppose that I have clean interface
However, I try your recommendation a I use a different port, look the picture
and I restart the ssh service on my local network
After, I have a performed a performed a scan of my network from my external server to mi IP and this is the result
In this picture, you can see that my local network has the port 2222 open
Then I tried to connect to my my local server from outside with the same result
Do you have others ideas that I can try?
I really appreciate
Thank you very much
P.D. : the router doesn't set the time correctly so I decided to do it manually, I don't know if this has anything to do with it
Anyway, the time is correct right now because it is synchronized with the time of my computer
- Copy Link
- Report Inappropriate Content
I have no idea, have you tried to upgrade to the beta I left a link to earlier up in the thread? this is the one I use when I test. try and installed it to see.
I would install beta firmware and take a factoury deafult reset. you do not need to change the firewall or things like that to get port NAT to work
set up ip on LAN and WAN
set up Port NAT before making other settings.
this here should not be a hocus pocus to get it to work
clock on the router should have nothing to say.
I still do not think it is the problem with the router, but it is difficult to say, you can tell us in the forum when you find out this :-)
but a full reset to deafult and new firmware is done quickly and test to see if there may be a firmware problem,
all my test is on this firmware above.
Have TP-LINK something to say on this case???
@Fae any suggestion?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 6641
Replies: 14
Voters 0
No one has voted for it yet.