How do you help if you want to access your pictures, documents or other important files from the road? The solution is remote access or remote access (RAS). Via RAS, data in the home network can be accessed by any client at any online access, for example from the desktop in the workplace, from the notebook to the WLAN hotspot or directly from the mobile phone via the mobile radio connection
The hard way to switch to DS-Lite is the remote access
In recent years, however, a really positive development on the Internet has decisively influenced the various possibilities of remote access - but in the negative sense. In other words, certain methods of remote access, which were previously possible without problems, no longer work on many Internet connections today. For the Internet, a large-scale change of addressing systems is taking place: from IPv4 to IPv6. This conversion takes place slowly and involves disadvantages in the conversion phase.
VPN may not (yet) with IPv6
The current major drawback is that some users with a modern IPv6 connection can no longer access their home networks from the outside - or at least not as easily as before. There are currently differences in the Internet connections and the Internet protocols that are supported. And this does not only depend on your own provider or network operator, but it may also be at the selected tariff or at the terminal technology.
Obtain IPv4 address for VPN
Basically, of course, all providers and network operators are interested in bringing the IPv6 protocol as quickly as possible to the people or to the connections. Deutsche Telekom AG is the most cautious of all. The market leader equips its upgraded connections with a public IPv6 and IPv4 address. Such a two-track connection is also referred to as a dual stack. The home network (router) of a dual stack customer is thus accessible from the outside via the IPv4 and the IPv6 protocol.
Thus, the remote access with IPv4 address via port forwarding
Problems exist, however, for customers of most other German-wide or regional network operators. Here you can get a so-called DS-Lite connection with a new contract or after the modernization of the online access. DS-Lite means that the provider no longer provides a public IPv4 address. The home network router can then only be reached via its IPv6 address.
Lesetipp: home network in the remote access - Fritzbox and NAS
In order for devices from the home network to continue to reach IPv4 addresses on the Internet, the provider provides a so-called DS-Lite tunnel. This ensures that IPv4 packets are tunneled through the provider's IPv6 network and can be routed to the IPv4 network at the other end. This way, unfortunately, does not work otherwise. Anyone attempting to access their router or device behind the router from the home network from an IPv4 network will fail.
Another problem is the remote access via VPN: even if you access the DS-Lite router and the activated VPN server from an IPv6 network, the encrypted access will not work. Many VPN solutions are still not IPv6-capable, or on the router runs an older version. For this reason, business customer connections that use a VPN access are always equipped with at least one public IPv4 address. Also AVM, whose Fritzboxmodems some models have an integrated VPN server, explicitly points to this problem in their online FAQs.
So if you want to access your home network remotely via VPN, you will not be happy with a DS-Lite access. Too many Stolpersteine currently still prevent a reliably functioning VPN connection - if it can be set up at all. This is annoying, as the access via VPN tunnel to the home network is very safe and particularly comfortable. If the VPN server is integrated into the router, you can access the entire network, including all network devices installed in it. Thus, only telecom customers with dual-stack connections can benefit from a VPN access?
Not quite: As already mentioned, some providers also offer dual stack connections within the framework of their business plans. However, business connections are always somewhat more expensive than the private ones. And if you only use such a connection privately, it still pays for services and functions, even if it does not need it at all. Some providers, such as M-Net, offer a public IPv4 address as an additional option to their private DS-Lite ports. However, monthly additional costs of around five euros also apply here. How to do it: Only those who currently have a public IPv4 address are open to all remote access options.
If, for example, you wish to access your IP camera remotely, you only have to pay attention to the following points
In addition to the classic access via port forwarding, remote access via VPN also works easily when the online access runs via a public IPv4 address. To set up access, the following steps are required:
Note: The VPN tool FritzFernzugang does not yet work with Windows 10. A corresponding alternative describes AVM on its service portal.
This is how remote access works with IPv4 address and VPN server
Users with a DS-Lite port whose routers can currently only be reached via a public IPv6 address can not (yet) use the previously described access options. In principle, the access from an IPv6 access to the IPv6 router in the home network and the connected home network device would be possible. To do so, you first need a DynDNS service that can pass IPv6 addresses. In the meantime, there are such DynDNS services.
For a DS-Lite router, IPv6 is already enabled, otherwise it could not establish an online connection. The settings for IPv6 can be found in the Fritzbox something hidden under Home / Network / Network settings behind the IPv6 addresses button. And of course, in addition to the router, the target device must understand IPv6. Many NAS devices now support IPv6.
Why the classic remote access via IPv6 mostly does not work
You can enable the protocol in the network settings of the NAS Web menu. Now only the firewall in the router for IPv6 requests from the outside needs to be opened accordingly. Here, you now set up a corresponding IPv6 share in the router. In the Fritzbox you find this setting possibility under Internet / Freigaben / IPv6. Once you have done everything right, you can access your DS-Lite router from an IPv6-enabled online access and a home network IP6 device. The major obstacle in remote access via IPv6, however, concerns the remote access from the smartphone: although the changeover to IPv6 seemingly imminent, the mobile networks still communicate with IPv4. And thus the remote access to the IPv6 home network does not work. The only useful transitional solution for DS-Lite connections is to move access to the corresponding home network into the Internet or into the cloud.
Instead of direct access from the outside, which is not possible due to incompatible IP protocols, obsolete devices and software, or incorrectly set firewalls, the NAS or an IP cam from the home network connects to a server on the Internet. The remotely accessing client also logs on to the server. In this way, both devices can communicate with one another via a kind of intermediate station on the Internet.
In the meantime many NAS manufacturers offer such a service on their network stores. The registration takes place directly from the web interface of the NAS. Once the NAS has established a connection to the server, each authorized client can access the contents of the NAS after logging on to the server. The transmission speed of these services, also referred to as "relay" connections, is not as high as a classical direct connection. However, the capacity of a relay connection should be sufficient for remote access to documents and photos.
Remote Access Point: Cloud or Relay Server
Lesetipp
Conclusion and Outlook
If you depend on secure, comfortable remote access to the home network via VPN, does not get around an IPv4 address (yet). One problem is that an IPv6-to-IPv6 VPN connection can only be used when IPv6 is available everywhere. Mobile radio networks certainly play an important role here. If these are IPv6-enabled, then the current disadvantages of the DS-Lite connections with regard to remote connections will quickly turn into advantages.
No comments:
Post a Comment