Forum Replies Created
Thanks a lot @Britgirl, that’s gold!
1. When I said “router’s from the ISP”, I meant that it’s not a regular model from netgear, tp-link, etc. In my case I do have access to it. But I understand now, and probably with the example of forwarding now I’ll be able to set it up under double NAT later on.
Good shout with the default ports article, I hadn’t seen it before. Just a humble thought here, perhaps documentation could have a centralized index page with all the topics divided into categories, and an internal automation tool for you guys that adds a page to that index every time a new functionality is implemented. Like a more simple version of that https://docs.unity3d.com/2019.3/Documentation/Manual/
2. Oh these two articles. They took me a while to understand what was I doing wrong. First I was trying to use the nx_client_key I made with the nx keygen as a private key on the client’s connection (instead of password), whereas this should be the private key generated in putty or alike.
3. Alright, got it now. Indeed, quite a few advanced functionalities there. But well, I eventually plan to get to a federated system, so I guess I’d better learn that by heart (sure, by then I would have purchased the enterprise version.
4. Great, so now I see another mistake I was doing. I wasn’t setting external port to the low range port like 4000, but rather to the high range port number I wanted the server to be.
Example, if the server’s connection would be 179.xxx.xx.xxx on port 24244 (which I defined in server.cfg), I was wrongly setting External port to be 24244 in the port forwarding, which probably caused some weird issues, and prevented me from connecting. Then in the firewall I was trying to set exceptions to port 4000 and 23456, and now I see I only need for 4000.
Thanks again, really helpful breakdown.
Thanks for getting back. I reinstalled NoMachine over the long weekend, and succeeded on connecting over internet.
Then I decided to move forward with configuring SSL to discover at which point it stopped working. So, as soon as I turned on EnableNXClientAuthentication 1 in the server.cfg, it wouldn’t connect anymore, and that apparently was the issue I was having, the SSL wasn’t properly done.
I managed to get it yesterday, it’s all good now. I removed all manual attempts of forwarding, and it works with automatic UPnP now, that I don’t have double NAT anymore.
From the documentation, it’s really not clear to me that just by enabling EnableNXClientAuthentication, I’m actually refusing connections without a correct SSL certificate (is that even the case?!). But perhaps it’s my ignorance in networks/security and I didn’t get it. Anyway, that’s something that could be more clear in the documentation between https://www.nomachine.com/AR10M00866 and https://www.nomachine.com/AR02L00785.
To me it’s not difficult to set a port forwarding and an exception in the firewall once we log in to the router. The difficult bit is to know exactly what ports and IPs are supposed to be in Internal, External, and if it needs tcp and udp.
And in case of a double NAT, should both routers be configured with exactly the same forwarding? As you can see even in the link you shared, that other fellow didn’t know which ports needed to be forwarded, and therefore probably exposed himself as easy target to hackers. Imagine the less tech-savy, how much can they expose themselves by trying to do the same, now that everyone is going online/remote.
I’m working on my own documentation how to set it up, and if you would like I can translate it back to English and share it. Just point me where to. It took me about 80h having different issues, but finally got it right, and I’m happy with that. Documentation was just getting me about half way through.
For the sake of helping others that might come across the same issue, I attached screenshots of the router’s screen when setting up the forwarding/firewall rules (it’s from the ISP), perhaps you could point what should I do to get it to work under double NAT. The secondary router, where the remote computer would be connected to is a TL-WR740N.