SSH Port Forwarding on Zyxel VMG8924-B10A not working

Hi;

I have a router Zyxel VMG8924-B10A with different port forwardings, working without any problem, I can connect to my Zyxel from my WAN address, without any problem;



I have a raspberry connected on the ip 192.168.1.39 with a webcam on it, and I can connect without any problem with my external ip and :48461 but when I'd like to connect also to my raspberry using SSH, but I'm not able to do it:


if I try to connect to my raspberry from ssh seems like it's not jumping to 192.168.1.39 and shows this error:

unable to negotiate with x.x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

so basically it's Zyxel error, 

there's any other way to connect from external and jump from my ZyXEL router to my raspberry using the port 22?

no need to mention that when I connected on the same LAN everything is working fine.

Any help is highly appreciated, I'm getting crazy trying different combinations.


Thank you






«1

All Replies

  • JameslaJamesla Member Posts: 10  Freshman Member
    Hi, there

    Not sure which FW version you are using, I suggest you use the latest FW.
    Port 22 might been using for SSH on the VMG8924 and conflict with your setting.
    You can try WAN port 22 to LAN port 22 (but need to change router's SSH port 22 to other port).
    Or try WAN port 2222 to LAN port 2222.
    These both work on my router.

  • Current Firmware Version: V1.00(AAQU.1)b24

    I already tried changing port 22 to 30007 without success, is not jumping to the NAT rule.



    if it's working for you and you are able to jump to LAN ip from outside, could you please share screenshots for your NAT configuration? thank you
  • any update?
  • Hi, there

    Here is the my settings:
    Remote MGMT:


    Port Forwarding settings


    In this case , the port forwarding is working fine in my test. 
    You may can double check WAN interface is correct or not if other settings already the same.

    Thanks. 

  • thank you so much for your screenshots @Royoux

    and then how do you connect:
     ssh [email protected] 
    or
     ssh [email protected] -p 30007

    I tried different WAN interfaces and all of them I'm getting the same error:

    ssh: connect to host 2.110.64.135 port 30007: Operation timed out

  • JameslaJamesla Member Posts: 10  Freshman Member
    Hi,
    The setting works in our router.
    Not sure what's wrong in your side.
    Do you mind share your backup configuration file to us (via private message)?
    We can check your setting directly.
  • @Jamesla PM sent!

    thank you!
  • JameslaJamesla Member Posts: 10  Freshman Member
    edited January 25, 2019 4:57PM
    I found the WAN selection might wrong.
    It should be VDSL, not ADSL.

    Not sure if this is the only reason.
    In this setting, it should just use: ssh [email protected]<IP address>, since SSH default uses port 22 and we already set port forwarding WAN port 22 to LAN port 22.
    On the other hand, please also make sure that SSH server works on 192.168.1.39.  
  • I tried all different configuration 

    ETH
    VDSL
    ADSL

    same results, only I get “something” when everything is on port 22 then I’m getting another error.
  • RoyouxRoyoux Member Posts: 5
    edited January 28, 2019 4:41PM
    Hi , 
    I tried the configuration you provided for Jamesla. After configuration my WAN configuration.(VDSL) I  changed the WAN IP , Server IP address and "Wake up this target by Wake On Lan(WOL)" for ssh rule in the port forwarding setting. The settings is working fine. My ssh server can get the packets from WAN client. 

    Could you please connect a ssh client into VMG8924 LAN port. And please use this client initiate the ssh session to "raspberry"(ssh server) from VMG8924 LAN.
    In this case , if ssh session not work, maybe you can check the raspberry settings to continue this problem. 

    By the way , Jamesla also told me that you ever setting the remote MGMT and port forwarding in the same time. And got the message "no matching key exchange method found. Their offer: diffie-hellman-group1-sha1". In VMG8924 design , remote management priority is higher than port forwarding. So this message is sending by VMG8924.
    You can use the configuration you provided to Jamesla,and select the correct WAN interface in the port forwarding setting to continue the test.
Sign In to comment.