Hi tech's,
I am trying to setup a backup connection, via the Remote Management of my router.
But below screens stays, so what is wrong in the settings?
This site is now in read-only archive mode. Please move all discussion, and create a new account at the new Victron Community site.
Hi tech's,
I am trying to setup a backup connection, via the Remote Management of my router.
But below screens stays, so what is wrong in the settings?
Hi. Is connection working to VRM working via main connection only back-up connection doesn't work? Following should be checked for the back-up connection:
This chapter explains what to do when the GX device cannot transmit data to the VRM Portal.
The communication required to send logs to the VRM Portal is:
Working DNS
Proper IP address
Working internet connection
Outbound http(s) connection to http://ccgxlogging.victronenergy.com on port 80 and 443. Note that should never be an issue, unless on very specialised company networks.
Note that the Cerbo GX does not support a proxy setup. For more details on the required networking, see the FAQ Q15: What type of networking is used by the Cerbo GX (TCP and UDP ports)?.
Source: https://www.victronenergy.com/media/pg/Cerbo_GX/en/vrm-portal.html
Thanks @JaniEronen
I will look in the direction of the Ports.
As my normal VRM Portal works, only my newly tried back-up is not accessing properly.
In case the VRM normal connection does not work.
Hi @Harold did you find a fix for this?
I am trying to do the same to get a quicker response to the control panel than going via VRM.
Following the advice above and in FAQ 15 I have opened ports 22, 80 and 443 to the GX device. It seems then I can contact it using my router's IP address and get further than your screenshot upthread, but after a second or two it fails to connect and gives this display
But I can still contact it satisfactorily on the LAN using its local IP address and also via VRM, is there something else I need to do?
Edit:
Main ports in use are 80 and 81, 81 is used for websockets.
I wouldn't enable 22 (SSH), that is asking for trouble remotely, rather create a vpn if you need to ssh for anything.
Personally I wouldn’t NAT this directly to the internet, it is not exactly a hardened device, and anything on the internet is constantly being port scanned.
Thanks @nickdb, I have now got it working after a bit of experimentation.
Ports 22 and 443 are not necessary so I have closed them, thankyou.
Port 81 needs to be open and it needs to be passthrough. @Guy Stewart (Victron Community Manager) it would be nice if this could be added to the documentation cited upthread.
@Harold if you can set up a port range then you could open 80-81 which should work albeit with minimal security.
Port 80 can however be mapped to something else, which provides a small amount of extra security, I have several other HA devices which have web interfaces on Port 80 but they are mapped to different ports on the WAN so I can reconfigure them remotely.
I would as you say ideally use VPN. My router's instructions say "Download the client utility from http://openvpn.net/index.php/download/community-downloads.html" and install it on the devices where you want to run the VPN client. So how would I install the client on a Multi II GX?
You would install the client on your laptop or mobile device, it connects to the router public IP, which would allow access to everything behind it, unless the router allows access control lists.
You don't install the client on the devices you wish to access.
It doesn't help much to change the public port that http/https runs on, any port scanner will find it and identify the protocol bound to it.
It's not so much for the (trivial) security, I need to map the ports as I have several different peripherals with web interfaces all on Port 80, and so need a way to distinguish between them when I dial in. Some others are programmable and where they are I have changed them to something else.
Only security issues so far are to do with hacked email accounts which is something altogether different.
Have only just updated to the new Mk3 and v3.10~9 without breaking anything so will take a rest for a bit before embarking on VPN!Additional resources still need to be added for this topic
35 People are following this question.