We want to be able to reboot our RUT95X routers from remote locations in case of any troubles.
We can do it easily using SMS, but in some weird countries (or through some weird operators) SMS are not an option.
So we started to develop an MQTT based solution to get the operating conditions of the router and at least to get the WAN IP address and tough it would be possible, once knowing the IP address to access the router through modbus in order to launch a reboot. But no way to get it working!
Remote access has been configured and activated for both MQTT and Modbus.
Modbus access from a local computer works well, either on the local LAN IP (192.168.1.1) or using the WAN IP returned by MQTT (10.104.xxx or 10.126.xxx depending on the operator used).
But as soon as we try to connect from an external computer, it fails.
Also, when accessing a website able to provide the caller IP, from a computer connected behing the router, we get an IP (77.205.xxx) which does absolutely not correspond to the IP returned by MQTT.
Ranges between 100.64.0.0 and 100.127.255.255 are typically used by carriers for CGNAT. This allows them to serve more clients using fewer public addresses. However, with this setup, you won’t be able to reach your router from the WAN. For remote access, you should have a static public address or at least DDNS if that is possible.
Thanks Marijus for your feedback.
I’ve difficulties to understand how DDNS can work, since the router will send the exact same IP address to the dynamic DNS server, which will just translate it to a domain name. At least this is what I’ve been able to experience using my OVH account. I can read the IP that the server received from the router, but this is the one I got from MQTT. And no way to access the router from the external world using either this IP or the domain name…
Do you know if there is a plan that RUT95X routers embed MQTT functions able to affect the state of the IO lines? This would be enough for us (IO line is connected to a relay that can power cycle our equipment)
You can establish a VPN tunnel to the RUT. Better to say, the RUT has to initiate this. You need a web server with public IP, i.e. a small VPS, als “relay”. The RUT initiates a wireguard-connection to the server, and you do the same from your PC or mobile. Then you have everything private. You can setup tailscale, working similar, easier to use, but you need to trust the 3rd party. I have large fleet of RUT955 using wireguard this way. BTW, also doing lot of ModBus/RTU stuff, data queuing, auto-switchover, mqtt to AWS-IoT etc., but running 100% custom firmware on official openwrt