ATP100 hinter Router - WAN IP einstellen
DaNetworks
Posts: 7 Freshman Member
Hallo,
ich hab die FW hinter einer Fritzbox (Cable) hängen.
ich hab die FW hinter einer Fritzbox (Cable) hängen.
die WAN IP ist somit eine lokale IP der Fritzbox
der Anschluss hat jedoch eine Feste IP, wie kann ich Nebula diese IP als WAN IP -> für die VPN Config-> Side to Side VPN etc hinterlegen.
der Domänenname "nebula-XYZ" liefert natürlich auch nur die lokale IP zurück
hat schon jemand das Problem gelöst?
_____________________
hat schon jemand das Problem gelöst?
_____________________
I have the FW conceded to a Fritzbox (Cable).
the WAN IP ->P2 is a local IP of the Fritzbox 192.168.0.xx
the service Provider provides a fix IP address 37.xx.xx.xx , how can I Nebula store this IP as a WAN IP -> for the VPN Config -> Side to Side VPN etc.
the domain name "nebula-XYZ" of course only returns the local IP
has anyone solved the problem yet?
0
All Replies
-
ich habe eben gesehen,
auf der Übersichtsseite sind sogar beide IPs zu sehen, die Reale WAN und die Fritzbox Adresse.
also in Nebula sind beide bekannt, nur wie kommt diese an die richtige Stelle
____________________________-
I lockt around in NCC and I found on the overview both IPs, the real WAN IP and the internal Fritzbox IP
But how get I the real WAN IP in all configurations where the WAN IP is needed?0 -
Tough answer to give...
Any device might or might not be aware of the public ip address, depends on the feature of the device AND TCP/IP Stack (v4 and v6) don't really care of the public address to work as intended.
Even the WAN ip address of the ATP100 might be a private ip for correct interoperate with border devices/CPE. Or if public, cannot be considered the correct IP address for receive communications.
Depends on the router/CPE in front of the router/firewall
Depends on the ISP configurations and behavior
So... it's a job for sentient and informed human beings find that information. NCC is one of the way for get that info, but not the only one.0 -
The problem I would solve is,if I will use the automatic vpn configuration the nebula Dynamic dns Domain Name points to the internal IP
yes I can change it manually… but I think there must be a smarter way
and the router is correct configured, so the atp is exposed host and can handle all incoming traffic
if I change the config file all works fine
0 -
What goes after these are personal experience ed opinion...
VPN endpoints with a dynamic IP are not the most reliable and easy to use, mostly due to caching of the DNS value.
You can still use Dynamic DNS services for catch-up the correct endpoint, but not all VPN services allow to use that change of config.
L2TP moreover has the issue of need to know the public ip address, better into object.
Therefore... maybe a zysh script can help you for update that object?0 -
You’re right
But nebula don’t have the option to refer to the static ip
this would be my favorite
the nebula dyn dns points always to the static ipAlso it’s not important if I use the static IP or the nebula dns
how I said, the static IP would be my favorite
i don’t have any experience with zysh scipt
I will look around for information0 -
Static public IP IMVHO is not a "problem" of NCC, but of your ISP...0
-
It’s not correct
to be clear
the ISP providing the Internet via cable tvSo I can’t connect the atp direct
it have to be through the Fritzbox cable
Internet -> Fritzbox with ststic IP -> exposed host atp with Lokal Fritzbox IP
Whiteout nebula
i created a WAN Object and gave the fix ipAnd I could use this object to bind it to the vpn setting0 -
As far as i can understand, Fritzbox is currently your CPE, Customer Premises Equipment: a device provided by your ISP for allow you to use the services (internet, CableTV, even telephone calls).
However, the public ip address is provided by the ISP; So the WAN interface of your Fritzbox has a public (and/or private, more on that later) IP address is managed from your provider.
The LAN interface of your Fritzbox should be the gateway of the WAN interface of your ATP100.
Why i wrote "public and/or private ip address"?
Due to costrain on IPv4 addresses availability, many ISPs often use Carrier Grade Nat (CGN/CGNAT https://en.wikipedia.org/wiki/Carrier-grade_NAT) for use few public ip addresses for a lot of consumer connections. In Italy, Iliad S.A. (french provider operating) allows only 32k ports and take advantage of MAP-E protocol.
https://www.juniper.net/documentation/us/en/software/junos/interfaces-next-gen-services/topics/topic-map/usf-map-tm.html
So actually the IP address of the WAN port of the CPE could also be a public address, but even an address of the network infastructure of the provider, and the corresponding public ip address is managed completely by the ISP. If you like/need a static IP Address, you may need to ask to your ISP (not always for free...).
However...
As far as I can tell, you may be a German/germany living person. And as far as I know, the IPv6 deployment on public networks started quite earlier in germany.
And now more than 50% of the providers actively support IPv6
https://ipv6-test.com/stats/country/DE
(Italy is still lacking... https://ipv6-test.com/stats/country/IT)
Therefore, maybe you can have a public static IPv6 address instead of a IPv4 one.
For instance, www.google.com is solved in2a00:1450:4002:411::2004 (IPv6)142.251.209.36 (IPv4)
from the connection I'm using now.
ATP100 should manage IPv6... but i don't know how deep and how well.
(the "guru member" badge is due only to an high post number... don't consider me as a network and or zyxel guro at all!!! :-) )0 -
Sorry
i think I was imprecise
yes Germany
Yes CPE but - no it’s a business Contract
there are not many devices which can handle the cable Internet connection
i booked and get a static IP v4 from ISP
To be correct 4 but I still can use 2
i think I’m not the only one who have use the atp behind a external router
all other things are clear and not changeable.I need the public IP refers to the real public IP not to the WAN port IP0 -
Hi @DaNetworks
If Fritzbox support bridge mode, then ATP100 could configure public IP address.
After enabling bridge mode on Fritzbox, it may stop offer DHCP IP address anymore.
If Fritzbox doesn't support bridge mode(NAT mode), ATP100 still could establish site to site VPN tunnel behind NAT route. You have to add port forwarding rules on Fritzbox to handle VPN traffic.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight