Connection - Remote Yes :: local Yes :: local to remote No

[SixDegrees]

I have a Sonoff SV flashed to Tasmota. From the Raspberry Pi 2B running the Domoticz server with the local IP and I can turn the switch on/off.

I have configured my router for a fixed IP address for the Pi. I am having problems with the remote access from within my LAN. I have created a domain name on duckdns and using my cell phone not connected to my LAN I can load the Domoticz home screen running on the Raspberry Pi. So my port forwarding of 80-->8080 seems to be working and port 80 is not being blocked by my ISP.

If I try to connect from a browser to the remote IP address or through duckdns on wifi from my LAN it doesn't connect and times out. I also tried from the web browser on the Pi itself but it times out too. Where am I going wrong?

[gizmocuz]

Yes that is correct and how it supposed to work...
You are not able to connect to your external address/port from within your LAN network
And indeed testing it from your mobile phones browser (not connected to your WiFi) is a good test to see if all is working correctly

I would NOT forward port 80 to any machine internally. This is a very common port that is scanned a lot.
Port 8080 is better, but you could use any port like 8082 12080 ..... -> 8080

[SixDegrees]

Thank you! I am trying to create a certificate and so I am stuck at this step with letsencrypt and certbot failing to get to duckdns. I am not a network engineering so this is very hard for me.

[FireWizard]

Hi,

As @gizmocuz already said, this is how it is supposed to work.
What you try to achieve is, what is called NAT Loopback or hairpinning.

See: https://en.wikipedia.org/wiki/Hairpinning

You have to check your router if this function is supported.
See: http://opensimulator.org/wiki/NAT_Loopback_Routers
However the link is quite old.

A solution would be to use your own DNS server in your LAN.

Regards

[SixDegrees]

Ok thank you for explaining that part. I am so close to finishing this project - just the certificate part that has stopped me in my tracks. Rather than use a free cert with duckdns and then have to update the cert frequently, couldn't I simply use a different dns service and purchase a cert? The small cost would be worth it to avoid the regular updating. Have others done this and what service was used? Thank you so much for helping.

[HvdW]

Take the easy way out and the secure way in. (if you're on RPI)
Install PiVPN, open port 51820 on your router, point it to your RPI.

Install the WireGuard app on you smartphone and you'll have secure, encrypted access to your Domoticz from anywhere.

No tinkering with certificates, everything is set automagicaly.

[SixDegrees]

Ha! Great answer. I was about to abandon the whole thing. Going to give it a whirl

[SixDegrees]

Working now! Thank you. I followed the steps here:

https://www.youtube.com/watch?v=xdkafkfymrQ