What is NAT, what does it prevent and why?
NAT stands for Network Address Translation.
This is what all routers do when they forward Ethernet frames from the outside to the internal local network, or vice versa.
So why does port forward not work?
It's because NAT is not the main obstacle, but because there is no public endpoint IP address at the site.
If the WAN side IP address and the POWER calculator "My IP address" window do not show the same IP address, then there is no public WAN side IP address.
This is usually called a NATed network, but it is actually the lack of a public IP address that is to blame.
The first step to solving the problem is to contact your ISP.
If the network is taken out of NAT you can use the new IP address straight away, if it's static then you have the easiest thing to do.
If it's dynamic, it's a good idea to use a DDNS service to always associate the ever-changing IP address with an easy-to-remember domain name of your choice.
Unfortunately, service providers are increasingly not making this change, claiming that there are very few public IPv4 addresses available.
In this case, you can usually use the factory service of the network device that still allows remote connection: this is often found under cloud, NAT, autoNAT, etc.
Let's look at the worst-case scenario:
No public endpoint IP address, no dynamic and not even vendor cloud service available.
The setup is simple, we just want to access an IP camera image remotely.
Now let's think!
If a server cannot be placed at the location, the client can still be. So, the solution is to have the client connect to a server, and we only need to access that external resource, as it already has a public IP address. By connecting to that, we can view the camera feed as well.
In fact, p2p and cloud work on similar principles.
Teltonika routers can be managed through a central interface called Teltonika RMS Cloud which requires registration. A 30-day free trial is included with registration, which can be extended by using Teltonika RMS Credit if you are satisfied.
Remote access to the devices connected to the router is incredibly simple. Through the RMS cloud, you can create a so-called remote access link, which allows you to access even non-Teltonika devices. This establishes an HTTPS connection between the camera and the device initiating access. This way, the camera becomes accessible, and the data connection is encrypted. Even if you forget to delete the generated link, you don't need to worry, as the system automatically terminates access after thirty minutes.
Yes, but the camera doesn't just need one port, it needs two: one to access the web interface and one to stream data. Besides, it can be a pain to manage links from a mobile phone.
However, it's a great way to log into a NAS management interface or even to use RDP, VNC services – especially since the VNC connection itself is not encrypted.
The winning option will be the built-in VPN hub.
Don't worry, it's a simple OpenVPN connection between the RMS server and the router, and you don't have to bother with the configuration because it's automatically loaded on the router.
If you also install this VPN configuration on your mobile, it's just like being on location, you can access the camera via its IP address from the app.
Your internet connection won't be slow either, by default the service doesn't route your internet traffic to the RMS VPN server, it only uses it to access the camera.
If you're a programmer, you can even go into the settings and configure them freely.
What cybersecurity certification does RMS meet?
All servers running RMS are hosted by AWS.
The RMS is compliant with the CIS v7 Infrastructure Security Certification, which has been developed in line with the latest cyber threat intelligence and reflects today's threat environment.
Furthermore, the RMS was tested by the Bell Canada Cyber Security Team using the OWASP methodology and found that the security posture of the Teltonika Networks RMS web application was found to be good and free of vulnerabilities.
Don't forget!
Always use applications/devices that support encrypted data traffic!
