Access ASUS router remotely

Hello there
a little tech question for Router experts out there.
So this is my head ache, I have my Hubitat C8 pro and 2 hue hubs - starling hub conencted to Asus RT-BE88U router,,si Ll be gon for a couple of weeks annd my concern is if powre goes or sumilar and router fails, I do know hubitat will continue working, but Ill like to actually reboot router or see what issues ythe router will have.

Now I do have a public IP and Ive set up DDNS with hoste name to asus.com with certificate to lets encrypt. under administration / system wan remote connection is set at port 8443
and conenction link is provided
howeever I cant remotely connect when outside local network and neither with the app, Ive done I believe what im suppose to do, but it fails connecting on browser and and asus app.
Im thinking getting a static ip address from my provider, maybe that would help.
anyone that can point me in the direciton of the problem? pictures provided to see ehats going on.
I really would like to be able to reach router to corerct any problems while gone
any help appreciated



forside


Please provide your hub model (C7, C8, etc.) and its platform version from Settings>Hub Details.

Check out the following post for help troubleshooting problems and gathering details that will help others to identify and solve the problem you are experiencing: ‼ READ FIRST - Before Posting in Get Help


I think it would be much more secure and probably easier if you simply used the Asus Router's built-in OpenVPN server. Once that is set up, it is pretty easy to install the OpenVPN client on your Laptop, Smart Phone, and/or Tablet. This will then provide you with access to not only your Asus Router, but every device on your home network.

I do not recommend any sort of port forwarding, or opening up ports on your router to expose its management interface. That is just inviting hackers to try to mess with your home network.

7 Likes

Your domain works and resolves to an IP but I cannot ping it or reach it. Do you possibly have a double NAT situation, where there is an ISP router in front of your ASUS router?

Also, using this remote admin feature on Asus is highly discouraged. A VPN is much more secure and the router has built in VPN server features.

2 Likes

I've had some router freeze issues while away and my solution was to plug it into a smart outlet. Write a hubitat rule to every couple hours ping somewhere outside like 8.8.8.8. If ping failed then cycle the outlet off for 10sec then back on. Essentially power cycling rebooting the router. Also have my Starlink internet plugged into same outlet so that gets a reboot as well.

2 Likes

Thank you for answer, Ive looked into the openvpn and wireguard
I can set up both, but still wont connect at all through vpn tunnel, as far as I understand, static IP wont do any better for vpn.
So far I have no clue why it wont connect at all to my router either through VPn or the other

thank you for answer, Im looking into both open vpn and wireguard, I can set up both but still wont connect at all
I dotn use a dedicated router from my isp provider, but have my router connetcted diretly to the fiber box, I do suspect thats where the problem lies.
Im not so familar with NAT. I may have to talk to my ISP provider

thank you for reply, I never thought of that, I do have hue power plugs, so Ill set one up for that, could you possible give me a description on how to make that hubitat rule and in what app, pictures if possible, if i cant get the vpn to worj, ill be doing that power cycling instead, but I leave in a week for 2 months, so I def need to have this solved haha

If the ISP box is an actual router, then you have two routers and a double NAT. You would need to put the ISP router into gateway mode so that your ASUS router has a direct IP to the internet.

There should be a way to see the actual wan IP on the ASUS and it could be compared to your internet IP. If not the same it’s a double NAT

I think System Log > Routing table would give clues if you are behind a double NAT. The default "Gateway" should be a public IP address. If its a 192., 172. or 10. then it might be an internal LAN between your ASUS router and the ISP router (not all IPs that start with those are always internal LAN ranges)

The "WAN IP" listed on the main screen of the router I am not totally sure if that is the true WAN interface IP or if that is the IP the DDNS detected as your internet IP.

4 Likes

Yup. Probably have a double-NAT situation. The Fiber Modem needs to be placed in bridge mode or IP passthrough mode.

2 Likes

thank you ill take a look at it when i get home from work and get back to you, I cant access the actual box, only when i log into my accoutn at the ISP, I vasicly can only see the wifi settings, i never used the modem they send me

thank you Ill look into it when I get home from work

Also check that you’re not in an « ipv4 over ipv6 » situation with your ISP (464XLAT or somesuch) or CGNAT.

Try Tailscale instead of plain wireguard if your router supports it (or any always-on device on your LAN).

If you want to do ping and power cycle this is the part of the rule you want,

thank you Ill look into it when I get home from work with all these tips and info from all

thanks alot, Ill check this, so you use rule machine or simple automation rules or visual rules builder? or another app in hubitat?

That's rule machine. My rule does a few other things you might not need like verify other outlets are on, notify me, add reboot counts to a variable.

Really depends on what kind of fiber box we’re talking about.

My Verizon Fios ONT, for example, isn’t a router. Verizon offers a router, which I don’t use, as I prefer to choose my own.

So the ONT is just a box that brings fiber into my house, and has an RJ45 port on it so I can connect it to my router’s WAN port.

If I were to plug the Verizon router into the ONT, and then connect my router to the Verizon router, that would result in double NAT.

1 Like

Yes my box is a media converter box, with the RJ45 connection, I was reading the ISP notes and I can use my pwn router which Ive always done, I cant add the router provided ny ISP and put it into bridge mode, so theres a straight connection through to my router, but for some reason I just cant make a VPN connection for some reason and I have no idea why as I believe Ive set it up like Im supposed to

At the moment your ctyc.asuscomm.com is returning an address of 93.165.254.113, which doesn't look like the same WAN address you are showing on your screenshot.

Verify that your DDNS name is correctly resolving to the WAN IP.

For test purposes configure your OpenVPN client to use the current WAN IP, and not the DDNS name.

My money would be on ISP-side NAT (CGNAT or similar) and if that's the case there is nothing you can do to avoid the double-NAT, unless you have the option to pay your ISP extra to get out of it.

This is evidence of a double-NAT situation.

If that theory checks out your only option is to use a cloud-assisted VPN service (like Tailscale), or take a step back and solve the problem differently, e.g. using Hubitat to call a local endpoint on your router to reboot it or using a Zigbee or Z-Wave plug to power-cycle it.

2 Likes