KeenDNS is a convenient domain name service for remote access, which will allow you to get a permanent Internet address for your Keenetic. You will be able to connect from the Internet to built-in router applications and opened services in your home network using your permanent domain name, for example, home.keenetic.link.
Unlike other similar services, KeenDNS is entirely free of charge and can work directly and through the cloud. In this case, remote access to the interface and built-in applications will work even without a public (white) IP address (for example, connecting via a 3G/4G modem).
With the help of the KeenDNS service, you can solve two tasks:
- Remote access to the web interface of your Keenetic. This variant is described in this article;
- Remote access to resources (services) on the home network or router. For example, access to a device with a web interface - NAS, webcam, server, or Transmission torrent client interface running in the Keenetic router. This setting is covered in the article An example of remote access to home network resources with KeenDNS.
NOTE: Important! The digital certificate and HTTPS private key are stored directly on the endpoint (Keenetic router). A secure tunnel is built up to the router when accessing a cloud server via HTTPS, ensuring the security and confidentiality of data transmitted over the Internet. The session is established using end-to-end encryption. This means, among other things, that the information transmitted between the router and your browser over HTTPS is not available to KeenDNS cloud servers, which provide transport layer data. With cloud access via HTTP, a secure channel is established between the router and the KeenDNS server using a KeenDNS digital certificate, which guarantees security and protects data from interception.
For KeenDNS to work in your router, the 'Cloud-based remote control and KeenDNS' component from your operating system must be installed. You can check if this component is installed by clicking 'Component options' on the 'General system settings' page in the 'KeeneticOS update and component options' section.
1. On the 'Domain Name' page, you can set up the KeenDNS service to assign a permanent domain name to your Keenetic, which is easy to use for accessing home servers and the Keenetic itself via the Internet.
2. Create and enter a name for Keenetic. Click 'Register'.
3. Keenetic will give you information about free and occupied names.
Keenetic uses two domains — *.keenetic.pro, *.keenetic.name and *.keenetic.link with automatic obtaining of SSL-certificate.
TIP: Note: A secure HTTPS connection with Let's Encrypt Authority certificates is used for remote connection to the router.
If the name is busy, Keenetic will offer you options for vacant names.
Choose one of the available variants.
4. Keenetic will automatically request a security certificate (SSL).
After receiving the SSL certificate, Keenetic will register in the KeenDNS service under the specified domain name.
5. The KeenDNS service allows you to use two modes of operation:
- 'Cloud access' (for private IP addresses);
- 'Direct access' (for public IP addresses).
'Cloud access' mode is for access over a secure HTTPS connection if the provider gives you a private IP address that is inaccessible from the Internet.
NOTE: Important! KeenDNS in the 'Cloud access' mode only supports HTTP/HTTPS protocols on the following ports:
HTTP: 80, 81, 280, 591, 777, 5080, 8080, 8090 and 65080
HTTPS: 443, 5083, 5443, 8083, 8443 and 65083
In 'Cloud access' mode, you can only access the router's web interface. Access to the command-line interface (CLI) of the router will not work.
'Direct access' mode allows you to use any protocol to access your home network unless your ISP restricts such access.
When 'Direct access' is enabled and the WAN interface has a private IP address, you will see a message: 'Direct access is not possible with a private IP address'. Use 'Cloud access' mode or purchase a public IP address from your ISP.
TIP: Note: If you have a public IP address, you can use both 'Direct access' mode and 'Cloud access' mode, and if you have a private IP address, you can only use 'Cloud access' mode.
6. To access the web interface and web applications remotely, the 'Allow access from the Internet' option must be enabled. The same option activates automatically when the 'Access to the web interface' is set to 'HTTP and HTTPS' or 'HTTPS only' on the Users and access page in the 'Remote access' section.
7. After the settings have been made, you can access the web interface of your Keenetic from anywhere on the Internet using the registered domain name.
TIP: Note: If a KeenDNS name is registered in the router (in either *.keenetic.pro, *.keenetic.link or *.keenetic.name domain) and an SSL certificate is obtained for it when connecting from the local network to the router web interface, entering my.keenetic.net in a browser address bar will cause an unconditional redirect to the KeenDNS 3rd level name via HTTPS. This ensures a secure connection to the web interface, even from the router's local network.
1. If you have a port number for HTTP/HTTPS that is not supported, you can:
a. Configure forwarding of the supported external port to any necessary internal port;
b. Change the port on the connected device to the supported port;
c. Use a 4th level domain name for access.
2. If you get an error when accessing the router by the domain name, refer to the article KeenDNS service error codes. There you will find explanations of common errors and solutions to them.