RT-AC66U - port forwarding and DynDNS issues

[LoneWolf]

Hi all,

I just got an RT-AC66R to replace my aging Buffalo WZR-HP-G300NH. I've got most of my configuration set, but I'm experiencing two issues.

First off, I have a domain set up through DynDNS, which worked perfectly fine on the Buffalo router. When I have it set up on the ASUS, authentication fails in the logs, using the exact same settings. I've tried using both DynDNS and DynDNS (Custom) in the ASUS settings (as it is a registered domain, not one of DynDNS' sub-domains); it doesn't change. It is a .us domain, don't know why that would cause any issues, but I'm noting it here for better troubleshooting.

Secondly, my home server is running Windows Server 2012 Essentials; Access Anywhere is set up, which just requires a port-forward of 443 to the server IP address. Once again, no problem in the Buffalo router, I manually set it up, but WS2012E also worked with its UPnP setup without issue. When I try to do the same with the ASUS router, it is recognized with UPnP, but I get the error that port forwarding of 443 is not set up correctly. I manually created the port-forward and am still having the issue; this further concerns me because if one port-forward is broken, what about the other custom port-forwards I have set up?

I am running the latest 3.0.0.4.266 firmware; I upgraded within minutes of purchasing the router. If anyone can provide some assistance, I'd greatly appreciate it.

Note that if I can't get this working, I'd be willing to consider downgrading to the RT-N66R if it would resolve my issue. I bought the newer model mostly because I figured support would probably extend a little further out (when I buy a router, I buy one to last), but if this is a firmware issue and firmware is more mature on the N66 I'd do it.

Lastly, a question to RMerlin if you see this thread; might going to your firmware resolve the issues I'm having, or could there just be a setting I'm missing?

 

[LoneWolf]

Well, on the bright side, Dynamic DNS decided to start working for me after I re-entered the info in a few more times. One issue down.

However, port forwarding of 443 is still reported as an issue. I'm not sure why. I have it set manually via a standard rule, directing TCP 443 traffic to the LAN IP of the server. I removed the rule from the table and re-added it just in case, which has not resolved the issue.

EDIT: Curious, I have just confirmed that even though the server gripes about the router, that port 443 traffic is being redirected; I can access the server from my smartphone. Now I'm trying to find out why Windows would be griping about my shiny new router, and not my old one.

 

[RMerlin]

Asuswrt needs port 443 for AiCloud, so you can't forward that port to your own server.

 

[LoneWolf]

Asuswrt needs port 443 for AiCloud, so you can't forward that port to your own server.

Do you know if there's a way to either set AiCloud to another port, or disable it? I suppose my third option is to see if I can run Access Anywhere on another port, but I'd prefer to stick with the standard HTTPS. I might use AiCloud at some point, but for now, I'm not, Server 2012 Essentials provides at least some of the features that AiCloud does.

Alternately, would it work to redirect another port on the WAN side to 443 internally?

 

[RMerlin]

Do you know if there's a way to either set AiCloud to another port, or disable it? I suppose my third option is to see if I can run Access Anywhere on another port, but I'd prefer to stick with the standard HTTPS. I might use AiCloud at some point, but for now, I'm not, Server 2012 Essentials provides at least some of the features that AiCloud does.

Alternately, would it work to redirect another port on the WAN side to 443 internally?

AiCloud port can't be reconfigured at this time.

Redirecting a different port to your server's port 443 should work.

 

[LoneWolf]

AiCloud port can't be reconfigured at this time.

Redirecting a different port to your server's port 443 should work.

While I love this router for everything else, I think of that as a serious flaw. Port 443 is used for a lot of other things, and the inability to configure it on a top-end enthusiast-level router is highly disappointing. There are any number of people who might wish to use HTTPS for something other than AiCloud.

I tried redirecting another outside port to 443, but Server 2012 Essentials still gripes about it. In an additional troubleshooting step, I think I've done more harm than good by temporarily changing the default bindings in IIS for the Default website to another port to change things that way. It was unsuccessful, and while I reversed the change, I may have broken my SSL certificate in the process and have to figure out how to fix it, as I'm now getting errors about Remote Desktop services not working properly for Anywhere Access when running the repair utility that I wasn't getting before.

I have good backups, and I look on that as my issue rather than blaming ASUS, but this seems like a pretty significant oversight on a $180-200 router, and I'm sure it's the same way on the AiCloud-enabled RT-N66U and RT-N65U. To end it all, I tried to register for the ASUS support forums to discuss it and that part of the website is down for one reason or another.
It's a shame; the routing throughput and wireless speeds are incredible, and I'm fairly impressed with the hardware.

 

[LoneWolf]

RMerlin - I just had a thought;

If I downgraded to an RT-N66U and used DD-WRT or Tomato, would I be able to get around this? I don't have a huge need for the wireless AC and won't for the foreseeable future.

EDIT: Update: As I found this complaint to be one had by others, as well as the complaint where ASUS blocks UPnP in the lower port ranges, I found this mentioned by someone else in another article:

The UPnP issues however isn't related to the type of the access. Since AirCloud is essentially a web server it uses ports 80 and 443 (there is no way to change AirCloud's port binding I am aware of). So in order to avoid the situation when these ports are taken over by other application Asus just decided to block UPnP for the ports below 1024. That applies to both LAN and WAN. In order to re-enable the UpnP for low ports you need to disable AirCloud, enable Telnet access to the router and issue following commands:
nvram set upnp_min_port_int=1
nvram set upnp_max_port_int=65535
nvram set upnp_min_port_ext=1
nvram set upnp_max_port_ext=65535
nvram commit
reboot

I have performed this, and at this time, Anywhere Access was able to complete router setup without complaints.

 

[c4u]

What'm I missing?

RMerlin - I just had a thought;

If I downgraded to an RT-N66U and used DD-WRT or Tomato, would I be able to get around this? I don't have a huge need for the wireless AC and won't for the foreseeable future.

EDIT: Update: As I found this complaint to be one had by others, as well as the complaint where ASUS blocks UPnP in the lower port ranges, I found this mentioned by someone else in another article:

I have performed this, and at this time, Anywhere Access was able to complete router setup without complaints.

LoneWolf,

Could you please explain what is your router setup, because I'm trying to open 2 ports (443 and 80) for a web server and I think I missed something:

0) Merlin Firmware - (RT-AC66U_3.0.0.4_270.26b)
1) AirCloud - OFF
2) Firewall - OFF
3) Telnet - ON
4) Running UPNP commands
5) Telnet - OFF
6) Port Forwarding ( http , port range 80, web server ip, local port 80, tcp/udp)
7) reboot

After setup I tried to connect from a tablet with 3g connection (different provider) but it doesn't connect.
I tried with few application for port forwarding check (PFPortChecker) but it says the port is not open or not reachable. If I try form LAN the web server is accessible, so I think I missed something.

Thank you

 

[kublai]

I have the free dynamic.dyndns also and I get auth failure. Which option did you choose? dyndns or dyndns(custom)?

Well, on the bright side, Dynamic DNS decided to start working for me after I re-entered the info in a few more times. One issue down.

However, port forwarding of 443 is still reported as an issue. I'm not sure why. I have it set manually via a standard rule, directing TCP 443 traffic to the LAN IP of the server. I removed the rule from the table and re-added it just in case, which has not resolved the issue.

EDIT: Curious, I have just confirmed that even though the server gripes about the router, that port 443 traffic is being redirected; I can access the server from my smartphone. Now I'm trying to find out why Windows would be griping about my shiny new router, and not my old one.

 

[TeHashX]

Go to http://192.168.1.1/Advanced_AiDisk_webdav.asp
Enable WebDav to Samba
Change port 443 and see if your server works

 

[Gadgetguru]

LoneWolf,

Could you please explain what is your router setup, because I'm trying to open 2 ports (443 and 80) for a web server and I think I missed something:

0) Merlin Firmware - (RT-AC66U_3.0.0.4_270.26b)
1) AirCloud - OFF
2) Firewall - OFF
3) Telnet - ON
4) Running UPNP commands
5) Telnet - OFF
6) Port Forwarding ( http , port range 80, web server ip, local port 80, tcp/udp)
7) reboot

After setup I tried to connect from a tablet with 3g connection (different provider) but it doesn't connect.
I tried with few application for port forwarding check (PFPortChecker) but it says the port is not open or not reachable. If I try form LAN the web server is accessible, so I think I missed something.

Thank you

c4u, any luck with getting this working?

LoneWolf, any guidance?

I've tried the same as c4u, however I am using the stock ASUS firmware 3.0.0.4.376_3602 and I didn't turn the firewall off. I am also port forwarding both port 80 and 443, TCP only. Also tried what TeHashX suggested with no luck. Any help!?