SSH Port Forwarding on Zyxel VMG8924-B10A not working

soulpawa
soulpawa Posts: 12  Freshman Member
Friend Collector First Comment
edited August 2022 in WirelessLAN
Hi;

I have a router Zyxel VMG8924-B10A with different port forwardings, working without any problem, I can connect to my Zyxel from my WAN address, without any problem;



I have a raspberry connected on the ip 192.168.1.39 with a webcam on it, and I can connect without any problem with my external ip and :48461 but when I'd like to connect also to my raspberry using SSH, but I'm not able to do it:


if I try to connect to my raspberry from ssh seems like it's not jumping to 192.168.1.39 and shows this error:

unable to negotiate with x.x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

so basically it's Zyxel error, 

there's any other way to connect from external and jump from my ZyXEL router to my raspberry using the port 22?

no need to mention that when I connected on the same LAN everything is working fine.

Any help is highly appreciated, I'm getting crazy trying different combinations.


Thank you






«1

All Replies

  • SEJ
    SEJ Posts: 111  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi, there

    Not sure which FW version you are using, I suggest you use the latest FW.
    Port 22 might been using for SSH on the VMG8924 and conflict with your setting.
    You can try WAN port 22 to LAN port 22 (but need to change router's SSH port 22 to other port).
    Or try WAN port 2222 to LAN port 2222.
    These both work on my router.

  • soulpawa
    soulpawa Posts: 12  Freshman Member
    Friend Collector First Comment
    Current Firmware Version: V1.00(AAQU.1)b24

    I already tried changing port 22 to 30007 without success, is not jumping to the NAT rule.



    if it's working for you and you are able to jump to LAN ip from outside, could you please share screenshots for your NAT configuration? thank you
  • soulpawa
    soulpawa Posts: 12  Freshman Member
    Friend Collector First Comment
    any update?
  • Royoux
    Royoux Posts: 5
    First Comment
    Hi, there

    Here is the my settings:
    Remote MGMT:


    Port Forwarding settings


    In this case , the port forwarding is working fine in my test. 
    You may can double check WAN interface is correct or not if other settings already the same.

    Thanks. 

  • soulpawa
    soulpawa Posts: 12  Freshman Member
    Friend Collector First Comment
    thank you so much for your screenshots @Royoux

    and then how do you connect:
     ssh X@10.214.44.36 
    or
     ssh X@10.214.44.36 -p 30007

    I tried different WAN interfaces and all of them I'm getting the same error:

    ssh: connect to host 2.110.64.135 port 30007: Operation timed out

  • SEJ
    SEJ Posts: 111  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi,
    The setting works in our router.
    Not sure what's wrong in your side.
    Do you mind share your backup configuration file to us (via private message)?
    We can check your setting directly.
  • soulpawa
    soulpawa Posts: 12  Freshman Member
    Friend Collector First Comment
    @Jamesla PM sent!

    thank you!
  • SEJ
    SEJ Posts: 111  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2019
    I found the WAN selection might wrong.
    It should be VDSL, not ADSL.

    Not sure if this is the only reason.
    In this setting, it should just use: ssh X@<IP address>, since SSH default uses port 22 and we already set port forwarding WAN port 22 to LAN port 22.
    On the other hand, please also make sure that SSH server works on 192.168.1.39.  
  • soulpawa
    soulpawa Posts: 12  Freshman Member
    Friend Collector First Comment
    I tried all different configuration 

    ETH
    VDSL
    ADSL

    same results, only I get “something” when everything is on port 22 then I’m getting another error.
  • Royoux
    Royoux Posts: 5
    First Comment
    edited January 2019
    Hi , 
    I tried the configuration you provided for Jamesla. After configuration my WAN configuration.(VDSL) I  changed the WAN IP , Server IP address and "Wake up this target by Wake On Lan(WOL)" for ssh rule in the port forwarding setting. The settings is working fine. My ssh server can get the packets from WAN client. 

    Could you please connect a ssh client into VMG8924 LAN port. And please use this client initiate the ssh session to "raspberry"(ssh server) from VMG8924 LAN.
    In this case , if ssh session not work, maybe you can check the raspberry settings to continue this problem. 

    By the way , Jamesla also told me that you ever setting the remote MGMT and port forwarding in the same time. And got the message "no matching key exchange method found. Their offer: diffie-hellman-group1-sha1". In VMG8924 design , remote management priority is higher than port forwarding. So this message is sending by VMG8924.
    You can use the configuration you provided to Jamesla,and select the correct WAN interface in the port forwarding setting to continue the test.