Peculiar network, portforward, web server issue after new router installed
Peculiar network, portforward, web server issue after new router installed
Hi All,
need some help sorting out a peculiar port forwarding issue
I have purchased a new Archer AX55/3000 router to replace an older Archer VR2100
Basic set up is
Fibre connection, have a static IP via ISP, 192.168.20.x subnet, apache web server on port 80,443 for a couple of small business websites
I also host a few other things, jellyfin server, Storj nodes, Seafile server etc
I have port forwards setup for various PCs, but the main issues is the web server is on 192.168.20.196
When I was using the VR2100 everything worked fine EXCEPT for an issue with limited availability of port forward entries (no more than 11 was allowed, since RESOLVED with a factory reset) - "error code: 9812 The number of entries has reached its limit"
this issue made me go out and purchase the AX55...
With the AX55 router in place and everything set up on the same subnet, using address reservations and port forwards, everything else the same, the web server works fine initially BUT after 20 minutes or so, the web server stops working.
Chrome responds with a page error
This site can’t provide a secure connection [my website address] sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR
this appears to be consistently after 15-20 minutes of router power on time, works fine for 15 minutes, webserver connections fail, reboot router, starts working, 20 minutes later web server off line again with the same ssl error.
I swap back the old VR2100, power on, everything works fine, for extended periods of time...
The AX55 did a firmware update pretty much immediately so that is up to date.
Is the AX55 interfering with the web traffic?
Not sure it is a port forward failure, I might have thought a certificate error of some kind perhaps - is there anything that runs on the router after 15 minutes that might be interfering with it?
I'm at a loss of how to proceed to resolve this...
at the moment i'm just use the old VR2100 in place and everything works fine (and now I can add extra port forwards), but I would like to be using my new router if I can
Much appreciate any insight you might have, let me know if any other information needed.
Cheers
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
That's a good outcome - at least you've done a network audit and found three D-Link devices and the reason for your issue.
You can revert back to the last stable FW version if you want or just wait for the new one - it's your choice.
Often, the problem with this type of old IP camera is the UPnP they use for its web management access.
You could do an experiment and disable AX55's UPnP, then connect the camera back to check if the issue persists.
- Copy Link
- Report Inappropriate Content
Make sure you haven't configured any remote management on the AX55:
Make sure you have disabled any TP-Link HomeShield security features just for a test.
If the issue persists you can test the public beta FW from this thread or downgrade from v1.2.6 to v1.2.3 (That is for HW v1 only).
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I'm just trying out the firmware version 1.2.3 as we speak, i'll let you know how it goes...
UPDATE
Ok 1.2.3 still does the same thing, drops out after 15-20minutes
The chrome error message is slightly different this time becoming a certificate error - The dlink website in the certificate is weird I don't have any dlink hardware in the network
These were taken trying to access a website on the webserver in question - it's a dot co dot nz domain
This is what the same form looks like after a reboot and everything working correctly...
Next I'll try the beta firmware you linked...
- Copy Link
- Report Inappropriate Content
Ok, tried that beta firmware and have the same issue after 15-20 minutes.
This time had the same certificate responses as with the 1.2.3 firmware, so the images in the previous post are still what I get on the beta firmware
I tried disabling the SPI firewall just in case but no go with that either
***********************************************************************************
Update:
Bit of a plot twist, I rebooted the router (beta firmware) after it failed as I just mentioned. This time it seems to be behaving itself, so far 40 minutes without the webserver going all stupid... I'll monitor this evening and update tomorrow, fingers are crossed...
- Copy Link
- Report Inappropriate Content
So it stayed on fine all night as far as I can see, still working properly this morning...
Tempting fate, I rebooted the router and waited. unfortunatly it failed again after 20 minutes
trying one more reboot now just to see what happens...
---------------------------------------------------------------------
The only other peculiar thing I notice is when logging in to the web portal using 192.168.20.1, this would normally bounce through to the tplinkwifi*net address to manage the router.
This always fails when things are not right (after the 15-20minute period) and always gives an error about...
Trying to configure the Router?
It looks like you aren't connected to your TP-Link network.
I would then need to reload the page of 192.168.20.1 and the second time it doesn't bounce through and I get the login screen for the router. When everything is working fine I can happily manage the router via the tplinkwifi*net address.
Whether the port 80 in use by the router local access is somehow affecting the portforward I have setup for port 80?
Is their any commercial links between dlink and tp-link, wouldn't have thought the router would be affecting the browser certificate side of things? just wondering where the heck this dlink certificate is coming from?
---------------------------------------------------
So the result of my second reboot this morning is a fail...
- back to the original chrome error ERR_SSL_PROTOCOL_ERROR
- the certificates in the browser are correct for the websites though
all a bit too weird for me, if you have any other insights I would appreciate the thoughts.
In the meantime I will need to put the old router back in...
- Copy Link
- Report Inappropriate Content
"It looks like you aren't connected to your TP-Link network."
This message usually comes up when you're not connected directly to the router wireless radio.
You mentioned that you have VR2100 which is DSL modem router.
When you have replaced that with AX55 is there any other modem router in your local network right now ?
Describe your network infrastructure.
- Copy Link
- Report Inappropriate Content
In the house we have an ONT from the fibre provider, ISP is NowNZ
Router (VR2100 or AX55) is connected into the wan/lan port, connection is PPPOE with no vlan tag
From the router, two connections
1x TPLINK 5 port POE switch TL-SG105 => reolink doorbell and a camera
1x DLINK DGS-1016A 16 port network switch ( Found the DLink ) => various ports around the house, PCs etc plus one set of TP Link ethernet over power device AV 600
This DLINK also feeds a seperate DLINK DGS-1016A16 port network switch in my workshop/garage
- off this one is more PCs in workshop, an apple Airport base station, several Reolink cameras and another older edimax 5 port switch over the workbench for convenience
There are wifi connections to a couple of laptops and several Alexa devices in the house, and one wifi connection to the Apple Airport
None of these should have any kind of routing functionality and when I am testing this I swap out the VR2100 for AX55, and the Vr2100 is turned off
On the software level, there is a server in the workshop (win10) hosting three virtualbox VMS. 1. an XAMPP instance running win 10 and apache 2.4 for a couple of smallwebsites. 2. another win 10 hosting my work crm/invoicing stuff on local lan only. 3. an Ubuntu 22.04 hosting a Seafile server.
All have been rocking along quiet nicely for the last couple of years, the seafile server was a recent addition couple of months back. Most of the PC's are crypto mining Monero and/or Storj nodes
I'm even more perplexed by this now... the SSL side of things is being messed up by a network switch? Makes no sense to me...
Anyway I appreciate your input...
- Copy Link
- Report Inappropriate Content
It's hard to say what's the reason for this behavior. Hopefully there will be a new stable FW release for AX55.
This way it would be more clear whether the issue is with AX55 FW or some other settings on your side.
- Copy Link
- Report Inappropriate Content
Ok another update...
As it turns out I do have another DLINK device I had forgotten about, it is an older DCS-931L or similar model, it is of the generation now that I need to use IE mode in Edge to access the webportal, newer browsers won't load it otherwise...
Anyway, as an experiment I disconnected this for some testing and so far after THREE reboots of the router this morning all seems to be going fine after 35 minutes online. It has only achieved this once before...
I'm not sure why it seems to be interfering with a web server and the security certificates, it operates on port 8080 and my webserver is only ports 80,443, but it does have its own webserver so I guess that partly explains it. It is old tech and I know old tech doesn't always play nicely with new tech.
But I will take it as a win, I'm not sure I could say if there is any bug with the router firmware that had it been fixed could have handled it better and unlikely to warrent a fix given the age of the device. It is old and I am happy to upgrade that sucker to something a bit better than 640x480.
I'm still on the beta firmware so i might downgrade to previous stable firmware if it behaves itself today.
oh and the issue with the tplink-wifi*net not finding the router seems to have been a bit of a red herring, i have since noticed it is doing the same thing even when the system is working correctly, so must be something else going on with it.
So thank you for your assistance and insights in dealing with this, I am very pleased that I can now use my new router...
Cheers
- Copy Link
- Report Inappropriate Content
That's a good outcome - at least you've done a network audit and found three D-Link devices and the reason for your issue.
You can revert back to the last stable FW version if you want or just wait for the new one - it's your choice.
Often, the problem with this type of old IP camera is the UPnP they use for its web management access.
You could do an experiment and disable AX55's UPnP, then connect the camera back to check if the issue persists.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 500
Replies: 11
Voters 0
No one has voted for it yet.