Remote access to the WebUI of the Teltonika router should only be enabled, especially with a public.IP, if the router is located at an external site without direct access. However, if the router is located at a local site with direct access, remote access should better be deactivated for security reasons. For this, please also note the FAQ Safety instructions to use a public.IP.
In order for the remote access to the WebUI of the Teltonika router to work, there are a few things to consider:
1. Activate remote access
At
Administration in the tab
Access Control the desired HTTP or HTTPS remote access must be activated:
WebUI |
|
Enable remote HTTP access |
The HTTP remote access to the router is enabled. |
Enable remote HTTPS access |
The HTTP remote access to the router is enabled. |
2. Set the correct Source zone
At
Network ->
Firewall in the tab
Traffic Rules the correct source zone must be set for the rules
Enable_HTTP_WAN (HTTP remote access) or
Enable_HTTPS_WAN (HTTPS remote access):
Traffic Rule |
Source zone |
Enable_HTTP_WAN |
From any host in wan |
HTTP remote access to the router with the IP address of the SIM card or WAN port. |
From any host in vpn |
HTTP remote access to the router with the mdex fixed.IP+/public via OpenVPN. |
Enable_HTTPS_WAN |
From any host in wan |
HTTPS remote access to the router with the IP address of the SIM card or WAN port. |
From any host in vpn |
HTTPS remote access to the router with the mdex fixed.IP+/public via OpenVPN possible. |
3. Hint about using DMZ Configuration (forwarding of all ports & protocols)
3.1 Legacy Firmware
If the option
DMZ Configuration (forwarding of all ports & protocols to a terminal device) is used at
Network ->
Firewall in the tab
General Settings, the router automatically creates the required port forwarding rule
tlt_allow_remote_http(s)_through_DMZ at
Network ->
Firewall in the tab
Port Forwarding. This rule still allows remote access to the router in this constellation with activated "DMZ Configuration":
Port Forwarding Rule |
Source zone |
tlt_allow_remote_http_through_DMZ |
From any host in wan |
HTTP remote access to the router with the IP address of the SIM card or WAN port |
From any host in vpn |
HTTP remote access to the router with the mdex fixed.IP+/public via OpenVPN. |
tlt_allow_remote_https_through_DMZ |
From any host in wan |
HTTPS remote access to the router with the IP address of the SIM card or WAN port |
From any host in vpn |
HTTPS remote access to the router with the mdex fixed.IP+/public via OpenVPN. |
If the router LAN IP address or the router HTTP(S) port is subsequently changed, this rule is automatically adjusted so that remote access to the router is still possible. Should "DMZ Configuration" be deactivated, this rule
tlt_allow_remote_http(s)_through_DMZ is no longer required and is automatically deleted.
When using an mdex fixed.IP+ via OpenVPN or mdex public.IP via OpenVPN please refer to the notes in the FAQ Important notes about using an mdex fixed.IP / public.IP via OpenVPN.
Problem with firmware RUT2XX_R_00.01.14.3 and RUT9XX_R_00.06.08.5
Due to a software bug in the firmware RUT2XX_R_00.01.14.3 and RUT9XX_R_00.06.08.5 the automatic rule tlt_allow_remote_http(s)_through_DMZ was erroneously deleted as soon as the tab General Settings on Network -> Firewall was called and left again. Now remote access to the router was no longer possible.
- As a remedy, all routers pre-configured by mdex in this constellation were supplied with an additional port forwarding rule Router Remote Access for remote access.
- In the event of subsequent changes to the router LAN IP address or the router HTTP(S) port, this additional Router Remote Access rule must also be manually adjusted under Network -> Firewall in the Port Forwarding tab. If remote access is no longer desired, this rule Router Remote-Access must also be deactivated or deleted.
This problem was solved with firmware RUT2XX_R_00.01.14.5 and RUT9XX_R_00.06.08.6, so that since then the routers are delivered in this constellation without additional rule Router Remote Access. Routers with older firmware versions should be updated.
3.2 Up from Firmware R_00.07.03
Warning: Can't find named section Workaround in topic Support.QNARUTMdexOVPNServiceEn