What I am looking for by way of "pointers" is by what means to owners of say, CCTV systems where they can access the recorder remotely to see what has been going on. The one I have (although not used as such remotely) allows access direct and not via a central office etc. Obviously where the recorder is on a local network connected to a BT Business HUB.

Cheers!

Clive, as a wider more general question, than specifically remote access for heating controls…the answer, as with alot of things, is it really depends!

If you’re looking at “general” means of secure remote access, say for all devices on a network, as if you were locally connected, then the answer is to use a VPN client on the device your using to access and run a VPN server on the local network (as you can do with your Draytek)

If on the other hand it is specific accesss to certain ‘appliances’ that perhaps have their own apps for local and remote access, that requires nothing more than straightforward internet access and letting the devices securely connect to their “cloud” and you connect to the same cloud. I think this is what you mean when you say ‘central office’. To you it is seamless and there is nothing to configure or run, just open the specific app and it figures out how to connect. It’s really the default way of things now.

Personally I use both methods. I have probably 30 or 35 apps for ‘home systems’ access and control. All but one (Rako) will allow remote connection/control using their own cloud connection capability. Most things that plug into a power socket (and plenty that don’t) these days are ‘internet of things’ enabled out of the box.

This is a BQM graph from a BT Business Smart hub - literally out of the box. I have used many BT Smart Hubs on FTTC and FTTP and have never had to configure any of them - probably 10 or more in the past 12 months.

My Broadband Ping


I don't know what te Smart hub is listed as incompatible as both business and residential both work.

The BT Smart Hub 2 (latest iteration for home use) does not have any option to turn on the ICMP response and so cannot be configured with a BQM. The only way you could do it would be to have an internal device and port forward the pings to it so that the internal device does the ICMP response.

It is as I suspected then and not the consumer offerings that were being discussed.

This sounds similar to what we use. I suspect the "server" runs internally on the network and so you would need the details from Siemens (or the installers) as to what ports it requires and then forward those on the router to the IP address of the system controller/server. It may be as simple as requiring port 443 forwarded but it also could be much more complex.

I don't know anything about the Siemens system but a quick google suggests you might need the "Desigo Control Point" management station to allow IP access. There is a manual for this here which section 2.6 has information about enabling secure HTTP connection. With this configured it should be possible to use router port forwarding to allow it in - however, this depends on how trusted the device might be as if the firmware is poor from a security perspective it could end up being a route into the network from outside in which case a VPN would be the more secure option. Of course you should also ensure any passwords (especially admin) are changed from the default.

Your installer should really be able to advise on all of this.

It is Business Hub and they are not the SH2 variant.

An update!

Well, the heating controller engineer attended and despite what I had read about BT's Hub, found a menu which enabled the router to be pinged. In fact I have just pinged it from home. So please accept my apologies MHC for my doubts.


The router is described as a BT BHub6-C7M8 Note that this is on ADSL, not FTTC

The controller is a Siemens. He opened up the Router's Firewall and from home I can access the Siemens log-in screen via the above Router. Problem is keying in the same username and password which I use when using a PC connected to the BT BHub6 where all works well and I get a msg that the User Name and/or Password are incorrect.

The controller eng left scratching his head.

So thinking whether there is something that the BHub6 does not like etc, it may be worth trying another router. ISTR reading that with BT BB you don't need a username/password as you do with other ISPs, do I leave those fields blank or do I need to input something else?

Also any ideas re the Firewall? Could it be as simple as it wanting to know the IP address of authorised users (such as myself) in advance?

Many thanks.

Cheers!

You do need a user name however it can be the the "default" for a business hub which is [email protected] and pwd zer0touch

Firewall - try creating a rule that allow your home static IP through.


However, if you can see the login screen already then there must be some "corruption" of what you are inputting. Not necessarily a mistake on your part but a real oddity.

Can you change te Siemens logon to sometghing quite simple? ABCabc and 987xyz as pwd, savve in your PCs browser then immediately go home and try again calling up the "saved ID".

The login screen might be the remote administration login for the router. The router may well default to this on the standard 80/443 ports. If that is the case then it either needs a different port to be forwarded or for the remote administration to be disabled to allow those ports to be used.

In reply to a post by ian72:

The login screen might be the remote administration login for the router. The router may well default to this on the standard 80/443 ports. If that is the case then it either needs a different port to be forwarded or for the remote administration to be disabled to allow those ports to be used.

This!

Even if this is not the problem; it is still good administrative practice and ‘hygiene’, when accessing other system portals via remote access to NOT use the default ports on the external side of the port forward rule, to avoid any other possible “clashes” as your effectively accessing them via the same (external) IP address. It also helps slightly with network security, as default ports are usually the first ones port scanned. Randomise and put them way high up in the port numbering.