KeenDNS is a convenient domain name service for remote access, which will allow you to get a permanent Internet address for your Keenetic. You will be able to connect from the Internet to built-in applications of the router and opened services in your home network using your own permanent domain name, for example, home.keenetic.link.
Unlike other similar services, KeenDNS is completely free of charge, and can work not only directly, but also through the cloud. In this case, remote access to the interface and built-in applications will work even without a public (white) IP address (for example, when connecting via a 3G/4G-modem).
With help of KeenDNS service you can solve 2 tasks:
- Remote access to the web interface of your Keenetic. This variant is described in this article;
- Remote access to resources (services) on the home network or router. For example, access to a device with a web interface - NAS, webcam, server, or Transmission torrent client interface running in the Keenetic router. This setting is covered in the article 'An example of remote access to home network resources with KeenDNS'.
1. On the 'Domain Name' page you can set up the KeenDNS service to assign a permanent domain name to your Keenetic, which is easy to use for accessing home servers and the Keenetic itself via the Internet.
2. Create and enter a name for Keenetic, click 'Register'.
3. Keenetic will give you information about free and occupied names.
Keenetic uses two domains - *.keenetic.pro and *.keenetic.link with automatic obtaining of SSL-certificate.
TIP: Note: A secure https connection with Let's Encrypt Authority certificates is used for remote connection to the router.
If the name is busy, Keenetic will offer you options of vacant names.
Choose one of the available variants.
4. The Keenetic Cloud service must be enabled for remote management to work (Its setting can be found on the 'System Settings' page).
If a message appears telling you that you must enable Keenetic Cloud (it is disabled by default), click 'Enable'.
5. Keenetic will automatically request a security certificate (SSL).
After receiving the SSL certificate, Keenetic will register in the KeenDNS service under the specified domain name.
NOTE: Important! The router can obtain the SSL certificate only if the standard port 80 is used for web access (if you change the HTTP port, the router will not be able to get the certificate).
6. The KeenDNS service allows you to use 2 modes of operation:
- 'Cloud access' (for private IP addresses);
- 'Direct access' (for public IP addresses).
'Cloud access' mode is for access over a secure HTTPS connection if the provider gives you a private IP address that is inaccessible from the Internet.
NOTE: Important! KeenDNS in the 'Cloud access' mode only supports HTTP/HTTTPS protocols on the following ports:
HTTP: 80, 81, 280, 591, 777, 5080, 8080, 8090 and 65080
HTTPS: 443, 5083, 5443, 8083, 8443 and 65083
In 'Cloud access' mode, you can only access the router's web interface. Access to the command line interface (CLI) of the router will not work.
'Direct access' mode allows you to use any protocol to access your home network, unless such access is restricted by your ISP.
When 'Direct access' is enabled and the WAN interface has a private IP address, you will see a message: 'Direct access is not possible with a private IP address'. Use 'Cloud access' mode or purchase a public IP address from your ISP.
TIP: Note: If you have a public IP address, you can use both 'Direct access' mode and 'Cloud access' mode, and if you have a public IP address, you can only use 'Cloud access' mode.
7. To access the web interface and web applications remotely, the 'Allow access from the Internet' option must be enabled. The same option is duplicated on the 'Users and access' page in the 'Remote access' section.
8. After the settings have been made, you can access the web interface of your Keenetic from anywhere on the Internet using the registered domain name.
TIP: Note: When you specify the router address in your web browser, you will be automatically redirected to a secure SSL connection over https.
TIP: Tip: If you have a port number for HTTP/HTTPS that is not supported, you can:
1. Configure forwarding of the supported external port to any neccessary internal port;
2. Change the port on the connected device to the supported port;
3. Use a 4th level domain name for access.