NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

ijoffe's avatar
ijoffe
Aspirant
Jul 05, 2024
Solved

How to allow socket connections -- Nighthawk RAXE300

Hello,   I am building a socket-based application to connect a controller device to a mobile robot. The robot acts as the server and will remain connected to this WiFi network, and I want the contr...
  • Razor512's avatar
    Razor512
    Jul 06, 2024

    Hard to tell, but it looks like your RAXE300 is behind another router or gateway device, thus creating a double NAT. If that is the case, then most remote access functions will have issues.

     

    Ideally, it would be better to simply use a VPN to connect to the LAN then access devices on your network rather than forwarding ports and exposing them directly to the WAN, which increases your attack surface, and depending on how well the device is kept up to date (consider how many NAS devices there are where the company stopped releasing updates,and ransomware makers targeted unpatched vulnerabilities and attacked every vulnerable NAS exposed to the WAN).

Razor512's avatar
Razor512
Prodigy
Jul 06, 2024

Hard to tell, but it looks like your RAXE300 is behind another router or gateway device, thus creating a double NAT. If that is the case, then most remote access functions will have issues.

 

Ideally, it would be better to simply use a VPN to connect to the LAN then access devices on your network rather than forwarding ports and exposing them directly to the WAN, which increases your attack surface, and depending on how well the device is kept up to date (consider how many NAS devices there are where the company stopped releasing updates,and ransomware makers targeted unpatched vulnerabilities and attacked every vulnerable NAS exposed to the WAN).

  • ijoffe's avatar
    ijoffe
    Aspirant
    Jul 08, 2024

    Thanks, you are definitely right there. Is there any particular VPN setup you recommend? Would something like OpenVPN work to connect the devices via sockets?

    • Razor512's avatar
      Razor512
      Prodigy
      Jul 08, 2024
      For VPN, the router has a built in OpenVPN server, thus setting that up in would allow you to have client devices connect and access those resources from the LAN side. While it is not quite as convenient as a WAN facing resource, it is more secure.
      if you need to give access to a service to a large number of users or users who you do not want to have LAN access, then you will be stuck with port forwards and exposing the server directly to the WAN, thus a stronger focus on keeping up with updates and any relevant CVEs to determine if any additional security steps are needed.
      • ijoffe's avatar
        ijoffe
        Aspirant
        Jul 09, 2024

        Thanks for the info. What I ended up doing is using Tailscale (https://tailscale.com/). This makes the devices accessible to each through the double NAT.

         

        Thanks for your help!