I don’t want to use Tailscale or the glinet app.
I setup port forwarding on port 443 for both UDP and TCP. I am able to successfully login to the KVM from outside my network. However screen appears grey.
When using VPN and local IP, everything works fine.
Which protocols and ports are required to be forwarded for control outside of network without Tailscale or glinet app?
Nevermind.
Wonder if
Just open port 443 of comet.
That's unsafe. You are giving the entire internet access to your KVM... which inadvertently is your entire LAN due to being able to get access to the terminal of the KVM.
Why on earth would you not use tailscale to access it at the minimum...
Port 443 opens the web UI which is protected by 2FA+password. Unless there is a CVE that should be secure. Anyways I deactivated the port forwarding.
The thing is I have to access my KVM from a machine on which I cannot install a personal VPN, which is problematic. Tailscale is the same problem, needs to setup an exit node and limitation of funnel having to be a local host port makes it unsuitable, better to keep my Wireguard VPN.
Currently to bypass this I use my MT3000 setup with always-on VPN to bypass this limitation.
No chance I open port 80 on public internet.
I did. Loads UI but webRTC feed doesn’t transmit.
It's your device, Im not going to tell you how to use it. But you can't say I didn't warn you!
I know what I’m doing. If I’m going this way it is controlled and device will be isolated in its own vlan with authorized IPs to connect.
It doesn’t change that it’s not working when it should be.
I verified again and confirmed that only port 443 needs to be forwarded. Please check if your browser supports webrtc
Let me explain. Forwarding port 443 alone works. The fact that you can access the web page also indicates that it is working. However, for the video stream to work, the nat traversal of the webrtc protocol must be successful. In my test, the network where comet is located must be under the condition of nat1 for nat penetration to be successful and then you can see the video stream
VPN and lan working.
Attempts to use wan don't work.
When you test are you using same machines for test?
I ask myself what could be different.
? Does kvm know connection speed somehow?
Does router decide to block?
What exactly do you mean by
under the condition of nat1 for nat penetration to be successful?
Please find attached log files for both local and external connections. STUN should be working fine, I can see requests to stun google server.
system_logs_20250514_163203_external.zip (52.2 KB)
NAT1 means Router should enable fullcone nat function.It should be said that from the router with a public IP address to the upper-level router of COMET, all routers need to enable fullcone nat.Only in this way can it be regarded as NAT1, or you can use the nattypetest tool for testing
Yeah ,same machine
Obtaining a reply from the stun server doesn't mean anything. This is only the first step of nat traversal. The key lies in whether the device with another IP address can be accessed through the IP/PORT declared by the stun server. This is also the reason why NAT1 is needed
Can we provide MJPEG in a way that avoids the NAT issue?
Thanks for the detailed information! Will perform some testing.
The performance of MJPEG is too poor and the bandwidth occupation is too high. From any perspective, I don't want to introduce MJPEG