Axxess/Afrihost static IP Routing

I

Ivork

Expert Member
Joined
Nov 9, 2005
Messages
1,235
Reaction score
110
Location
Kimberley
I want to host a email & web server on my pc at home.
Has ANYONE actually got this to work ??

The VPN is fine, everything going out shows it came from the static IP.

But incoming is ZIP!
Even if I chuck everything on my router (that Billion thing they made me buy) to a DMZ or direct to my pc a portscan shows everything is blocked on the static addy.

But of course the static IP is not sitting up against my front door/router - it's some server in JHB.
Surly only they can open and direct traffic from that static down to my home router?

But they retort with:
Dear Axxess Client,

This ticket is in response to [RE: [Axxess DSL Tracking No ##rbCfrpvH406], created on Monday, 26th August 2013 14:40
Good day,


In oder for your static IP to connect you would need to setup the routing, unfortunately we only assist with L2TP setup and it is up too the client/network technician to setup the routing/port forwarding.

Regards,
XXX
Click to expand...

The port forwarding I setup is working but only via the dynamic DNS address (my routers actual addy)- not the static at the other end of the VPN.

What part of this plot am I missing?
How much more routing can I setup in these things?
I could configure those Cisco routers with bastard Frame Relay but these things have me screwed - and their documentation sucks!


I'm sure it's them that have to forward ports from their static ip in JHB down to my house's router...yet they deny it.

Help. Am I having a doff moment?

Thanks
 
I'm sure there is somebody more qualified to answer this but are you allowing incoming VPN traffic on to your network?
 
Absolutely ALL of it.
Tested with no NAT and relied only on a windows firewall for a while.....

With Wireshark to monitor incase I missed something. Nothing.
Nothing comes down that VPN unless it's first requested by me = Firewall/routing on their side IMHO.
 
Last edited:
Do you have another connection you can tracert to the incoming static from? To me it sound like they are not forwarding the incoming range to your router. If you have another connection to test from enable remote management on your router and see if you can log in remotely using the static ip.
 
durbandave said:
Do you have another connection you can tracert to the incoming static from? To me it sound like they are not forwarding the incoming range to your router. If you have another connection to test from enable remote management on your router and see if you can log in remotely using the static ip.
Click to expand...

No I can't.
I can remote mange in to the router but only via the routers real ip - not via the vpn/static ip.
So I'm still running my web and email services via the dynamic DNS.

durbandave said:
To me it sound like they are not forwarding the incoming range to your router.
Click to expand...

That's what it sound like to me too - but they say no.
Axxess lady?

Has anyone here ever got this to work is what I want to know. If so please speak up.
 
Ivork said:
I want to host a email & web server on my pc at home.
Has ANYONE actually got this to work ??

The VPN is fine, everything going out shows it came from the static IP.

But incoming is ZIP!
Even if I chuck everything on my router (that Billion thing they made me buy) to a DMZ or direct to my pc a portscan shows everything is blocked on the static addy.

But of course the static IP is not sitting up against my front door/router - it's some server in JHB.
Surly only they can open and direct traffic from that static down to my home router?

But they retort with:


The port forwarding I setup is working but only via the dynamic DNS address (my routers actual addy)- not the static at the other end of the VPN.

What part of this plot am I missing?
How much more routing can I setup in these things?
I could configure those Cisco routers with bastard Frame Relay but these things have me screwed - and their documentation sucks!


I'm sure it's them that have to forward ports from their static ip in JHB down to my house's router...yet they deny it.

Help. Am I having a doff moment?

Thanks
Click to expand...
If a website shows you are coming from your static ip, then the setup on the ISP side is correct. Their VPN LNS is only acting as a router for the tunnel.

You will find, that you may need to change a firewall setting on that Billion router to allow packets inbound on the VPN tunnel. Remember, even if you set up the port forwarding (which you may need to do separately for the vpn to the pppoe session) you also need to open up the firewall on the vpn.

I am pretty certain, the problem is on the Billion router config, the problem however is, Axxess/Afrihost forcing this specific router down on you and not giving support on how to set up something specific like this.

It would be better if they allowed something like a mikrotik where it would be far easier than a billion router with their really crappy firmware.
 
Brilliant! Thanks.
I'll give it a try later.

There was no way to do it via the GUI web interface I could see that!
 
OK, well that works.........until the router reboots!
Is it just mine - must I take it back?

The settings are all saved - you can't add them again without deleting them first.
Then it works again - till a reboot. I tried various firmware versions but all do the same thing.

Maybe it's trying to NAT the interface before the vpn & static ip is up and then hangs or gives up?


[EDIT]
Easier way (but still not acceptable).

After reboot, and after the VPN has established so you got your static ip, via the GUI just go to Advanced -> config -> virtual server -> port forwarding and edit the port that now shows up on interface @ip_pppdevice16, without editing anything, hit the "edit/delete" button and it works again.

Just saves all the deleting and retyping via the telnet session.
 
Last edited:
jeanres said:
what routers are you guys using!
Click to expand...

BiPAC 7402GX - What they telling us to buy.

They don't use IPSEC which is why you can't just use any old router - most peeps in their right mind would never VPN without IPSEC.

But Hang Ten before you buy - no one I know has got them to work properly yet!!!
 
The question is why don't they use IPSEC, and why can they just not tie the IP to you via RADIUS, why the need for a VPN?
 
jeanres said:
The question is why don't they use IPSEC, and why can they just not tie the IP to you via RADIUS, why the need for a VPN?
Click to expand...

They need to use a VPN because in a simple sense Telkom does not give the ISP's the ability to assign Static IP's, correct me if I am wrong but all static IP solutions over ADSL in South Africa utilize VPN's because of Telkom's stance/infrastructure limitations.

This is not ideal because of extra overhead added by VPN tunnel, PPPOE used by ADSL already lowers the max MTU, so now you got a path of ATM -> PPPOE -> L2TP Tunnel, lots of extra overhead compared to pure ethernet.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X