Access ASUS router remotely

Or... get a router that does not need to be rebooted frequently! :grin:

5 Likes

You could be double NAT'd or CGNAT'd as suggested by the previous posters.

Since you said your Asus router is connected to the media converter box (sounds like an ONT which my ISP uses), and not into the ISP modem, then CGNAT is likely the only possibility.

Open whatsmyip.org and compare the address shown to the WAN IP on the Asus. If they match then you can rule out both of these possibilities, and concentrate on reconfiguring your VLAN settings.

If they don't match then ping the asuscomm.com DDNS name and verify if the IP returned matches the one from whatsmyip.org.

Finally report back if the WAN IP is within a public or private range of addresses. If you are double NAT'd or CGNAT'd, you would normally receive a private IP address.

Wouldn’t it be somewhat simpler to share more details about that fiber box? Like a model #, or a photo? And perhaps which ISP OP uses?

Shouldn’t be that hard to figure out if OP has a router vs. ONT, and if their ISP uses CG-NAT.

1 Like

The Asus Instant Guard VPN works just fine. If your firmware supports it Wireguard is super easy to set up and reliable. I found open. VPN a bit cumbersome to work with on my router.

yes the media converter is this one:
link: Installationsguide - Fiber mediekonverter - Fastspeed

Oterwise I dont have much more info, ,but thats the box fiber media coverter I use, then I have my asus router connected to wan 1
thsi is from ISP: "Private IP address included (CGNAT)
As standard with our broadband connection, we use private IP address with a CGNAT pool (floating many-to-many NAT). We have implemented a number of settings in our CGNAT to improve the experience, including on video calls and online gaming."
I hope this will make sense

I think that settles it. Your ISP uses CG-NAT. Essentially, you and other Fastspeed users are sharing a public IP address.

I believe that means it’s not possible to access your router’s admin UI remotely by opening a port on the router (not the best idea from a security perspective anyway, as already mentioned). Nor is it possible to access a VPN server running on the router while you are remote.

I’m no networking expert though, so perhaps someone can correct me, or knows of a workaround.

1 Like

Thanks alot for info, Ill put it to rest then, Ill instead either set the router up to reboot once a week or make a hubitat rule to control my frient power plug as mentioned earlier on the thread to let it control the reboot process if the ping dosent work

1 Like

If you have a device on your home network that is powered on 7/24 then try using Tailscale VPN. It is free for personal use like this situation.
LINK

2 Likes

Tailscale will work in this situation.

4 Likes

Yes, Tailscale is the solution. I have not tried it myself but have read up on it and others on here have used it in the same situation and said it worked great and was easy to setup.

This isn't directly related to any question here...just a comment about my ASUS RT-AX92U routers. I can't speak directly about any other models from experience but have seen similar comments posted about this same issue in blogs for other models. It seems like this is an ASUS OS issue...and does not impact every model they make from what I can tell.

Even with a complete wipe of the config and every "AI" feature except the firewall turned off this problem occurs. PS - This issue is NOT related to them being in a mesh.

On its own it decides that a device is "suspicious" on the local LAN and blocks local LAN to local LAN communications. Packets from that device still work normally from the device to the Internet.
One Example:
I have 7 Amazon wall tablets configured to use SharpTools/Hubitat around the house. They would simply stop responding to commands from Hubitat. I could not ping them from the hub or my desktop/laptop from the local LAN when this was occurring.

Rebooting the router would clear this for a while. Randomly, they would work on and off. I could always ping them from the ASUS router and they always kept talking to SharpTools. I took me a bit to figure this problem out...and was driving me crazy.

I bought a cheap TP-Link router, and the issue instantly disappeared. I recreated the problem by swapping back to the ASUS routers multiple times.

I love my ASUS routers otherwise and now have the TP-Link router hanging off my ASUS router for any device this happens to on a separate /24 private network. Communication to the tablets is rock solid always.

Anyway, while this is only indirectly related to this thread...if this saves even one person from going crazy then ...yay.

thank you all for input, so what will happen is that i cant get any vpn connections to work, even though my bitdefender vpn works out the house, havent testet it from outside and in
Ill instead now reboot the router once a week, which takes 2 seconds to set up in the router

Yes due to the CGNAT (a form of double NAT) a normal VPN server will not work to connect from outside to inside your LAN. Connections going out from your LAN (such as outbound VPN) have no issues because they basically temporarily poke a hole in the multiple NAT firewalls on the way out which allows response traffic to get back through.

The only thing I know of that would work if you really want to get a VPN setup would be tailscale. If you search you will see lots of info about how it works on CGNAT: tailscale solution to CGNAT - Google Search

However, if the problem is that router goes down, a VPN running inside the LAN wont help you because without the router no traffic is going in or out anyway.

Your ASUS router should be pretty stable though, I have been using them for around 10 years and I am only on my second one. I rarely have to restart it or even go into the Web interface for anything. Just for firmware updates.

2 Likes