Just upgraded a number of rutos routers from 7.11.3 to 7.12.
Can no longer reach these routers from the wan side
even though enable_ssh_wan is on.
I get: “This site can’t be reached” etc.
I have set a non-standard https port.
I did https from the wan side under 7.11.3 to upgrade them
but after the upgrade to 7.12 I couldn’t https from the wan side again.
Nor can I ssh into them from the wan side
even though I have temporarily enabled it to test.
I can reach them by https and ssh from the Lan side
and they otherwise seem to be working.
What has happened and what do I need to do?
(before someone warns me I should not be enabling access from the wan side
these are internal routers behind a main rutos router.
Please consider that I may know what I am doing )
Continuing problems with 7.12
Change to the above post:
If I wait a very long time (usually 90-180", but sometimes even 10 minutes)
the devices, can be reached, sort of.
Testing on 2 x RutX10 and a TCR100 - same results for all three.
Usually it now takes:
. 90-180" to get to the login screen
. 90-180" after entering password to get to actually login
(just shows "Loading...")
then after I am logged in, if I click on any menu option (eg Overview)
it again shows "Loading..." for about 90-180secs
then the screen comes up.
Funny, it sometimes says"Could Not Reach Device" even though it has.
and sometimes it says: "Loading Overview Data is taking longer than expected".
Lan access is no problem, and is immediate.
I can ping both routers from the Wan
Under 7.11.3 https wan access worked correctly, and was immediate.
So with these problems, I don't dare to update any other routers.
What is the problem and how can I fix it?
a. it would have been a problem on 7.11.3 - it wasn’t;
b. it would be a problem accessing my non-Teltonika routers (which run gargoyle)
from the Wan side - but these have no problem.
c. Most likely it would also be a problem accessing the routers from the Lan side -
but there is no problem on the Lan side.
Could you try executing the following commands via SSH to see if it helps?
uci set uhttpd.main.listen_https='0.0.0.0:<your_https_port>'
uci commit uhttpd
/etc/init.d/uhttpd restart
If the issue persists, please fill out the form sent to you. When completing it, use 12001 as the ticket ID. Once submitted, we will contact you privately for further assistance and issue investigation.
It was quite late tonight so I was only able to test on the TCR100.
I entered the ssh commands as suggested (from the Lan side).
I then tried to login from the wan side
Made no difference to getting to the login screen: still about 90".
But I could not get from the login screen to the password screen:
I gave up after 5 minutes of “Loading…”
Lan side still works fine.
One new funny thing I noticed:
ssh from the wan side works immediately if I am not trying to
https login from the wan side at the same time.
But if I am trying to https login from the wan side,
ssh from the wan side will also be quite slow.
Thanks to Teltonika support for their assistance resolving this.
I post the solution here for anyone else having the same problem:
Under Network → Firewall → Attack Prevention
disable all options then then re-enable the ones you want
(I use all of them.
I’m not sure if step 1. is neccessary,
but I think it resets all paramaters to default,
so removes any other problems that may cause confusion.)
Then specifically for the Port Scan section:
change Scan count from 5 / 10" to 20 or 30 / 10"
(20 worked but 30 was a little more robust).
)