Have you learned (intranet penetration remote office) intranet penetration nat, NAS, intranet device remote access, intranet penetration common solutions, there is always one for you,

NAS, intranet device remote access, intranet penetration common solutions and a list of advantages and disadvantages, there is always one for you

Hello, everyone. I believe there are more or less remote access requirements. For example, I have assembled a NAS. In addition to using it in the LAN, I also want to be able to remotely access the NAS at home at any time when I am outside. Because many brands of NAS have their own remote access functions, such as Qunhui’s QuickConnect, WeChat’s myQNAPcloud Link, etc., but the remote access of brand NAS is sometimes slow, and I have to look for other solutions.

There are many remote access and remote access solutions for WeChat. This article will briefly introduce common remote access solutions. This article is equivalent to summarizing and introducing common remote access solutions, and explaining their advantages and disadvantages. As for how to choose, it depends on your own needs!

Remote access solution 1: Public IP (as demonstrated by WeChat Unicom) is the best solution. If there is a public network, there is an internal network. The public network is also called a wide area network, which means that the private network of the Internet is also called a local area network. For example, if the local network under your router or switch has a public IP, it is equivalent to having a specific address or house number on the Internet. You can use this IP to directly access the equipment at home, The public IP can access each other with other computers on the Internet. For example, if you have a broadband public IP, you can enter this public IP under the external network to directly access the home. If you do port forwarding, you can use the public IP to seamlessly access any intranet device in the LAN.

The advantage of public IP is that it can be accessed directly. It doesn’t need a transit server to penetrate those remote solutions like other intranet solutions. The public IP direct connection speed is fast, and it can be easily accessed remotely without much hassle. However, the global IPv4 resources are exhausted, which is a little difficult to apply.

I have never owned public network ipv4. Because I can’t apply for it, I can’t demonstrate the V4 part. But ipv6 is available, and ipv6 is becoming more and more perfect. So I use IPV6 to complete remote access and easily access all devices in the LAN. I use IPV6 on the Unicom NAS to achieve remote access, and the speed is full of broadband uplink and downlink. Here is a simple demonstration of how to operate.

The NAS I use is the Verizon TS-462C, which is equipped with the latest N4505 processor. Its performance has improved a lot compared with the previous generation of the same positioning products. The most important thing is that the performance of the integrated display has improved greatly. The measured 4K is easy and smooth real-time transcoding. It has been shared. Interested friends can see the previous article.

Because the DDNS provided by WeChat Unicom supports IPV6 resolution, you need to enable IPV6 for your optical cat or main route. For example, I have IPV6 for my optical cat, and I also have V6 for the TP main route connected to my optical cat.

Then open Baidu Search for IPV6 test, find a test website at will, and see if there is the following IPV6 address prompt. If yes, it indicates that V6 has been successfully started.

Then, after entering the background of China Unicom, check whether the IPV6 address is obtained at the “Network and Virtual Switch” in the settings. If yes, it means that NAS has successfully obtained the V6 address.

Open the myQNAPcloud application of WeChat Unicom, log in to the account, open the DDNS function, customize the domain name, and then check whether the address is available at V6.

Then write down the previously customized DDNS domain name, which can be accessed on the mobile phone. Because it is V6, if you want to successfully access through V6 under the Internet, you need this device to also support IPV6 network. The mobile data is OK, but if you are connected to some public WIFI, IPV6 is generally not supported, so your access is not successful.

As shown in the figure below, I access the customized DDNS domain name in the form of data traffic on my mobile phone, and successfully access it. If I connect to the public WIFI, without IPV6, I cannot open it directly, because DDNS requires public IPV4 or IPV6. Unless you have public IPV4, you can successfully access it without V6.

Of course, if there is no V6 for the files such as the Qfile, the transfer server (which is slow and sometimes can’t be connected) provided by WeChat will still be used. If there is V6, then V6 will be preferred, which is very fast.

If you want to use this NAS as a springboard to remotely access other intranet devices in your home through V6, how do you do it? Simply find the “Automatic Router Configuration” in the myQNAPcloud panel. You can see that I successfully accessed the NAS background interface through the DDNS domain name+5000 port. Note the indication in the red box that it transferred the external port of the 5000 port to the 5000 port of the intranet. Because the intranet IP+5000 port can access the NAS background in the LAN, how can I forward it to any service in other NAS through the domain name?.

For example, I set up a Jellyfin server in NAS. I can access the Jellyfin background through the intranet IP: 8096. How can I set up to remotely access Jellyfin through the domain name: 8096? Click “Add NAS service”, fill in Jellyfin (write at will) in the NAS service, write the port of Jellyfin service in the port, click OK, and then check the front according to the setting in red letter 4 in the figure, and click “Apply to router” on the upper right to make it effective.

Now you can remotely access the Jellyfin service of NAS through the domain name: 8096 on your mobile phone. Is it very simple.

The previous settings can only forward external ports to NAS internal services. What if I want to access the management background of the superior router through DDNS+ports? Or to forward this traffic to the same level of Qunhui NAS, how to set it? At this time, we need to use the reverse proxy setting. The reverse proxy function has been added after Verizon QTS 5.0.

Find the reverse proxy as shown in the figure below, click Add, and write the name arbitrarily. It is recommended not to use 80 or 443 for the port number at the “source”. Select one at random. I write 83, and write the target you want to forward at the “target”, such as the parent routing address or peer NAS address. My parent routing address is 192.168.2.1, and the port is generally 80. OK, and the addition is completed.

Then, through the DDNS domain name: 83 port on the mobile phone, I can successfully access my superior master route. Is it very simple? If the address of another NAS at the same level is 192.168.2.3:5000, just write the target address and port on the target, and then customize an external port, such as 86, so that I can remotely access the 192.168.2.3:5000 NAS through the DDNS domain name: 86.

Because my own DDNS doesn’t seem to work, I can’t demonstrate Qunhui. If you are white, Qunhui also supports IPV6 resolution. According to the above process, you can also get the same effect of remote access solution 2: FRP (old penetration solution). If there is no public IPV4 and no public V6, you can consider intranet penetration. Self-built intranet penetration requires you to have a server. The server performance requirements are not high, But if you want to have a good speed experience, the larger the uplink and downlink bandwidth of the server, the better.

FRP is divided into FRPS (FRP server side) and FPRC (FRP client side). The FRPS in the figure is the server side. You need to have a server, and the FRPC represents the client side. For example, you can install FPRC through Docker on NAS to connect FRPS.

So the advantages and disadvantages of FRP are obvious: advantages: your own server, don’t worry about others spying on your traffic, and privacy don’t worry about disclosure disadvantages: you need to pay the server cost, domain name cost, and technology remote access solution that will be built 3: ZeroTier remote networking is free. When I first came out, I remember that it supports 500 client networking, and now it should be reduced to about 100, Since I used the IPV6 scheme mentioned above, I have abandoned this scheme. If you don’t have public V4 and V6, you might as well try this free scheme.

Zerotier can form a large virtual LAN from different LANs. All devices that join the network can access the devices in the “large virtual LAN”, and then achieve the purpose of remote access. If your network can get through P2P (peer-to-peer connection), the speed will be very fast, provided that your broadband uplink and downlink are fast enough; If I can’t get through P2P, I will use the transit server of Zerotier, but the server is not in China, and the transit speed will be relatively slow. I have used it for a while, and the speed of about 100KB is still available, which can ensure basic use.

Or you can build your own MOON transit server, similar to FRP. As long as your server speed is good, the experience is also good.

There are all clients on the platform. You can even install it on the soft route, and then set port forwarding and so on,

Advantages: It is easy to complete networking without self-built servers (or self-built servers), and it also supports P2P, which can bring better speed disadvantages: it is both advantages and disadvantages to not need self-built servers. If you cannot access P2P, you can only use transit servers, but the servers are not in China, so the speed may be slow. If it is mobile broadband, you may even be unable to connect.

Remote access scheme 4: DDNSTO and other paid services. There are also many paid schemes on the market, such as Xiaobao’s DDNSTO intranet penetration, which is currently 26 yuan/year and needs to be signed in every 7 days for renewal.

It is also very simple to use. There are also use documents on the official website. If you don’t want to build a transit server by yourself like the previous FRP, you might as well consider it.

There are many clients supported, which can be said to cover all kinds of devices on the market, as shown in the figure below.

Advantages: There is no need to build a self-built server, all kinds of clients are complete, and the official has complete use documents, so it is relatively easy to get started. Disadvantages: At present, the price is still OK, but it needs to sign in once the seventh day to renew the subscription. I hope to optimize the remote access solution 5: networking hardware solution to achieve the purpose of remote access.

In addition to the networking at the software level mentioned above, there is also a hardware networking solution, such as the well-known dandelion remote networking and sunflower intranet penetration, both of which belong to the products of Shanghai Beirui Technology, such as the introduction of common dandelion networking solutions. Taking the dandelion X1 intelligent networking box as an example, a special networking box with a network port can easily access the existing network. After the bypass mode is enabled, You can access all intranet devices at the same level and superior intranet devices, and then achieve the purpose of remote access.

The normal price is 99, and the discount can reach 69

Other routers such as dandelion X3A also support intelligent networking, which has more router functions than X1.

Advantages: like the X1 box discount, it is about 69. The networking setting is relatively simple, and the bypass form will not be invasive to the existing network. The free version supports three members. Generally speaking, one hardware member (such as X1 or X3A)+two software members (mobile phone or computer) are enough for ordinary users; The speed is limited to 3Mbps, and the flow is not limited.

If your network can get through P2P, there is no speed limit, and the experience will be better. Finally, I briefly shared several remote access schemes, and of course there are many other schemes. This article only introduces common and popular schemes. I hope it can give you a reference. It is better to set it according to your actual needs. Just like I have a Unicom NAS, which can completely use the built-in DDNS+ipv6 to meet the needs of accessing all devices in the LAN, And the speed is not bad, so this scheme is very suitable for me, so none of the above schemes is the best, and the scheme suitable for me is the best.

If you think this article is good, please click like, thank you for your support!