Almost there, remote access help please

cgi2099 · July 8, 2019, 11:02am

Nextcloud version: 16.0.2RC1snap1
Operating system and version: Ubuntu 19.04
Apache or nginx version: don’t know
PHP version: don’t know

I have a very brief understanding on networking so please take that into consideration

I have followed this guide on installing the nextcloud snap for Ubuntu: https://github.com/nextcloud/nextcloud-snap

Everything works great if I am connected to LAN but if I try to connect from a different network I don’t have access.

My server has a static LAN IP through my router and I have configured a DDNS on my router with DuckDNS and dnsomatic and have added it to the config.php file.
So as long as I am on my LAN I can connect to xxxx.duckdns.org no problem

I have looked through the forums and have found ports 80 and 443 needs to open, so I did this with port forwarding, but if I check the ports for my WAN IP (which is what is linked to duckdns) they are still blocked

To add to this:
I use teamviewer a lot for work and I see that they use ports 5938, 80 & 443. My teamviewer works fine but if I check those ports they all say blocked, how is teamviewer working?

So basically I am pretty sure I have set the network part of this up wrong. Could someone walk me through the setup for my network

Also I will call my ISP today and see if they are blocking ports 80 and 443 as soon as they open

Thank you so much for any help!

p.s
I have also tried to set up ssl with lets encrypt but it fails validation

UPDATE:
I enabled “Respond ICMP Echo (ping) Request from WAN” on my router and I can NOW ping my DDNS from off network but I still cannot connect to nextcloud remotely

ANOTHER UPDATE:
I called my ISP and the said they do not block any ports, I told them I wasn’t sure if that was correct though because I could run a port checker connected directly to the modem and they still came up blocked. They informed me that level 3 tech support would get back with me sometime today. But if they are correct and the ports aren’t blocked on the ISP, I have no clue on how to proceed, obviously I have something configured completely wrong if they are correct about the ports

Josh

Schmu · July 8, 2019, 2:49pm

Hi,

Are you trying to access your server via IPv4 (like 80.123.211.100) or IPv6 (like 2001:abcd:…) WAN address? If you are using IPv4: do you have a dedicated IPv4 address?
In case you have a “Dual Stack Lite” (DS Lite) internet connection it means you actually share “your” external IPv4 address with other users and you would need to use the IPv6 address for external access or request Dual Stack (not Lite), meaning you get one IPv4 address only for yourself.

If the above is not helping yet, can you maybe show us via screenshot how you configured your port forwarding? As long as only the internal IP address and the ports are shown, this isn’t a security risk for you.
Maybe we can see something obvious.

cgi2099 · July 8, 2019, 3:04pm

I believe I have my DDNS linked to the the WAN IP on the router (that is what my asus router calls it) I assume it is IPv4 (xx.xx.xx.xxx is the format)

I do believe my ISP does the “Dual Stack Lite” format, they told me everyone in a block “shares” (whatever that means)

How do I set it up to use IPv6? My ISP wants an insane amount of $$$ for me to have a static IP

If screenshots will help I can post some later this evening

Thank you so much for helping, I am feeling a little overwhelmed with the networking part of this

Schmu · July 8, 2019, 3:34pm

Most systems (Windows 10, Linux, Android) support IPv6 and have it enabled by default. Routers often have it disabled by default. Somewhere on the router’s web GUI there is a switch to enable IPv6 usually. It usually means, that all connected system get an IPv6 address as well and have both IPv4 and IPv6 addresses.
For IPv6, port forwarding works differently. You open the desired ports for a device just like with IPv4, but the WAN IP address you have to use for external access is the device’s IPv6 global scope address then and not the external IPv6 address of the router.

You wouldn’t need a static IP. Only Dual Stack (instead of Dual Stack lite) is important. That’s usually not that expensive.

cgi2099 · July 8, 2019, 3:45pm

I am so sorry I am not well informed, this is all brand new and I am learning as I go, but a few questions?

For me to go the IPv6 route does my ISP have to support it or is that all internally generated at the router? My ISP has not switched to IPv6 yet

How do I confirm I am on Dual Stack vs Dual Stack Lite, is this an ISP question?

Which route is better to go if I have the option?

cgi2099 · July 8, 2019, 5:55pm

So upon further investigation with my ISP they do not use IPv6 and aren’t going to switch until they have to. Also ports 80 and 443 are confirmed open on their end they also said most ports will be open as they only “filter” a few. I don’t have a static IP but I thought that is where the DDNS service comes into play?