Cannot SSL access mynas.myqnapcloud.com
- bicyclefreak
- Starting out
- Posts: 39
- Joined: Sat Oct 31, 2009 5:25 pm
Cannot SSL access mynas.myqnapcloud.com
Hi,
I'm trying to use the local and remote access to my NAS via SSL only. Thus the list of ports opened is: 20, 21, 22, 8043(admin interface), 443(web server).
I have created a self-signed certificate with OpenSSL and loaded it onto my NAS with the admin interface as well as into the keychain of the accessing Macs. I have accepted the warnings about the certificate in Safari and Firefox and accepted a permanent exception.
The NAS is registered in myQNAPcloud and I do find it via the web access. I can ping the name and get the external IP address resolved. I also can SSL-access my NAS in the LAN via its local address.
but....
no access via Internet and the registered NAS name, /etc/hosts resolution doesn't work anymore in the local network. Checking the myQNAPcloud login from the NAS shows that this doesn't work, instead gives me an error in the admin interface. Re-registering doesn't work either (name is already known of course!). So what am I wrong here? I'm thinking there must be a login from the NAS to myQNAPcloud.com but I can't seem to find where to enter the credentials. Thanks for any hint!
....I forgot: QTS 4.1 beta, TS-239Pro, Mac OS 10.9.2
I'm trying to use the local and remote access to my NAS via SSL only. Thus the list of ports opened is: 20, 21, 22, 8043(admin interface), 443(web server).
I have created a self-signed certificate with OpenSSL and loaded it onto my NAS with the admin interface as well as into the keychain of the accessing Macs. I have accepted the warnings about the certificate in Safari and Firefox and accepted a permanent exception.
The NAS is registered in myQNAPcloud and I do find it via the web access. I can ping the name and get the external IP address resolved. I also can SSL-access my NAS in the LAN via its local address.
but....
no access via Internet and the registered NAS name, /etc/hosts resolution doesn't work anymore in the local network. Checking the myQNAPcloud login from the NAS shows that this doesn't work, instead gives me an error in the admin interface. Re-registering doesn't work either (name is already known of course!). So what am I wrong here? I'm thinking there must be a login from the NAS to myQNAPcloud.com but I can't seem to find where to enter the credentials. Thanks for any hint!
....I forgot: QTS 4.1 beta, TS-239Pro, Mac OS 10.9.2
You do not have the required permissions to view the files attached to this post.
239 Pro (still ging strong), 2*4TB HDS Deskstar
always on current firmware
4 Macs connected
always on current firmware
4 Macs connected
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Cannot SSL access mynas.myqnapcloud.com
After the registration with myQNAPcloud you received a confirmation e-mail - the link provided must be followed once to _validate_ the myQNAP cloud ID (QID) - it's mandatory AFAIK.
- bicyclefreak
- Starting out
- Posts: 39
- Joined: Sat Oct 31, 2009 5:25 pm
Re: Cannot SSL access mynas.myqnapcloud.com
of course I did this, myQNAPcloud was running, until I decided to use only SSL. I reverted back to non SSL but no chance to access the QNAP via Internet. Locally normal and SSL access is possible, but only per IP address, name resolution doesn't work. However in myqnapcloud.com the name is recognized. Any ideas?
239 Pro (still ging strong), 2*4TB HDS Deskstar
always on current firmware
4 Macs connected
always on current firmware
4 Macs connected
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Cannot SSL access mynas.myqnapcloud.com
No offence - the message says something different.bicyclefreak wrote:of course I did this, myQNAPcloud was running, ...
myQNPAcloud does not care (much) about services or protocol - it's mostly a DDNS service. Die the access link on the myQNAPcloud.com portal for your NAS link appropriately to https://whatvernameyouhavechoosen.myqnapcloud.com:8xxx ?bicyclefreak wrote:...until I decided to use only SSL. I reverted back to non SSL but no chance to access the QNAP via Internet.
BY LAN IP, by WAN IP, ...?bicyclefreak wrote:Locally normal and SSL access is possible, but only per IP address, name resolution doesn't work. However in myqnapcloud.com the name is recognized.
On your computer, check if the name can be resolved:
$ nslookup whatvernameyouhavechoosen.myqnapcloud.com
...
Does the result match to your router public IP address?
- bicyclefreak
- Starting out
- Posts: 39
- Joined: Sat Oct 31, 2009 5:25 pm
Re: Cannot SSL access mynas.myqnapcloud.com
yes, name resolution works, I'm receiving:
Server: 192.168.178.1
Address: 192.168.178.1#53
Non-authoritative answer:
Name: myqnapname.myqnapcloud.com
Address: 188.193.XXX.XXX - which is .... ähm, not my router, why?
Well, my provider recently changed to IPv6 and maintains IPv4 compatibility mode.
I can ping my router by its dyndns name, which works.
Server: 192.168.178.1
Address: 192.168.178.1#53
Non-authoritative answer:
Name: myqnapname.myqnapcloud.com
Address: 188.193.XXX.XXX - which is .... ähm, not my router, why?
Well, my provider recently changed to IPv6 and maintains IPv4 compatibility mode.
I can ping my router by its dyndns name, which works.
239 Pro (still ging strong), 2*4TB HDS Deskstar
always on current firmware
4 Macs connected
always on current firmware
4 Macs connected
- bicyclefreak
- Starting out
- Posts: 39
- Joined: Sat Oct 31, 2009 5:25 pm
Re: Cannot SSL access mynas.myqnapcloud.com
ok, assuming something got wrong with my old NAS name on myqnapcloud, I registered a new name. Resending the registration mail for the old name did not work (error: name already registered)
Via the new name I can call the Admin Interface on port 8080, and also on the assigned SSL port, from within my LAN. Need to test from outside.
How do I get rid of the old name. Didn't find any option to delete the registration.
regards, Dieter
Via the new name I can call the Admin Interface on port 8080, and also on the assigned SSL port, from within my LAN. Need to test from outside.
How do I get rid of the old name. Didn't find any option to delete the registration.
regards, Dieter
239 Pro (still ging strong), 2*4TB HDS Deskstar
always on current firmware
4 Macs connected
always on current firmware
4 Macs connected
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: Cannot SSL access mynas.myqnapcloud.com
Try the following from a SSH session to your NAS:bicyclefreak wrote:ok, assuming something got wrong with my old NAS name on myqnapcloud, I registered a new name. Resending the registration mail for the old name did not work (error: name already registered)
Via the new name I can call the Admin Interface on port 8080, and also on the assigned SSL port, from within my LAN. Need to test from outside.
How do I get rid of the old name. Didn't find any option to delete the registration.
regards, Dieter
Code: Select all
echo "WebUI Login: https://$(getcfg -f /etc/config/qnapddns.conf 'QNAP DDNS Service' 'Host Name').myqnapcloud.com:$(getcfg stunnel port)"
echo "Check with http://canyouseeme.org to ensure that $(getcfg stunnel port) is properly forwarded in your Router"
echo " "
nslookup $(getcfg -f /etc/config/qnapddns.conf 'QNAP DDNS Service' 'Host Name').myqnapcloud.com
#done
The Forum software will probably wrap those commands, so cut&paste these commands to your NAS as a single block of commands to ensure they are copied correctly.
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
- bicyclefreak
- Starting out
- Posts: 39
- Joined: Sat Oct 31, 2009 5:25 pm
Re: Cannot SSL access mynas.myqnapcloud.com
whow, I'm not that experienced on the cmd line, but it works. Thanks a lot! Host name and port are recognized correctly, DDNS local and WAN addresses are ok. I'll check tomorrow remotely from the office.
In the meantime I also found the link to delete the old hostname on myqnapcloud web interface.
regards, Dieter
In the meantime I also found the link to delete the old hostname on myqnapcloud web interface.
regards, Dieter
239 Pro (still ging strong), 2*4TB HDS Deskstar
always on current firmware
4 Macs connected
always on current firmware
4 Macs connected
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: Cannot SSL access mynas.myqnapcloud.com
I'm old enough, that my computer experience started with Mainframes, and later MS-DOS, so the command line makes sense to me. (Guess I'm old).bicyclefreak wrote:whow, I'm not that experienced on the cmd line, but it works. Thanks a lot! Host name and port are recognized correctly, DDNS local and WAN addresses are ok. I'll check tomorrow remotely from the office.
In the meantime I also found the link to delete the old hostname on myqnapcloud web interface.
regards, Dieter
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
- bicyclefreak
- Starting out
- Posts: 39
- Joined: Sat Oct 31, 2009 5:25 pm
Re: Cannot SSL access mynas.myqnapcloud.com
we seem to have a similar professional CV, I started on the mainframe, too, then DOS, OS/2, AIX and finally ended on Mac. But more from a distant perspective in sales.
regards, Dieter
regards, Dieter
239 Pro (still ging strong), 2*4TB HDS Deskstar
always on current firmware
4 Macs connected
always on current firmware
4 Macs connected
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: Cannot SSL access mynas.myqnapcloud.com
Did http://canyouseeme.org confirm that the port was open?bicyclefreak wrote: we seem to have a similar professional CV, I started on the mainframe, too, then DOS, OS/2, AIX and finally ended on Mac. But more from a distant perspective in sales.
regards, Dieter
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Cannot SSL access mynas.myqnapcloud.com
Sounds like one of these great ISP brainlessly converted to what is called DS Lite (dual-stack lite) - where large blocks of CPE are "carrier-grade-NATed" to one single IPv4 address - some known ones are KabelDeutschland or one with Munich in the name.bicyclefreak wrote:Address: 188.193.XXX.XXX - which is .... ähm, not my router, why? Well, my provider recently changed to IPv6 and maintains IPv4 compatibility mode.
Dual Stack Lite (German) -> http://de.wikipedia.org/wiki/IPv6#Dual- ... DS-Lite.29
Dual Stack Lite -> http://en.wikipedia.org/wiki/IPv6_trans ... DS-Lite.29
If your router dos no longer have an routable public IPv4 address on it's WAN or Internet Interface, but has an RFC 1918 private IP instead - it's obvious your ISPS does NAT somewhere beyond of your and the QNAP NAS control I'm afraid.
Hm, yoyu can ping a host interface somewhere out there - as you say, it's not your router...bicyclefreak wrote:I can ping my router by its dyndns name, which works.
If everything above is true - complain to your ISP, let them know you need a fully public reachable IPv4 address - otherwise you are going to pay just a fraction of the monthly costs, because you can't call home from everywhere by IPv4 anymore, just form places where IPv6 is available. These ISP have only surfing the Internet in mind - with no idea Internet connections are used for much more useful stuff, too.
And if your ISP does assign you a new IPv6 network (prefix delegation every 24 hours) I guess you might live around Munich then - with an ISP doing completely brain dead approach to IPv6.
Grüsse,
-Kurt.
- bicyclefreak
- Starting out
- Posts: 39
- Joined: Sat Oct 31, 2009 5:25 pm
Re: Cannot SSL access mynas.myqnapcloud.com
Kurt,
your assumptions are correct, it's the provider with "Kabel" in it's name. I will check with them.
btw, the ports I'm using are being recognized by canyouseeme, http as well as ssh and ssl. I haven't checked yet extensively from outside (home office and vacation )
regards, Dieter
your assumptions are correct, it's the provider with "Kabel" in it's name. I will check with them.
btw, the ports I'm using are being recognized by canyouseeme, http as well as ssh and ssl. I haven't checked yet extensively from outside (home office and vacation )
regards, Dieter
239 Pro (still ging strong), 2*4TB HDS Deskstar
always on current firmware
4 Macs connected
always on current firmware
4 Macs connected