Router: ASUS RT-AC88U
Firmware: ASUS stock version
3.0.0.4.385_20631
Settings:
WAN/Internet Connection:
-WAN Connection Type: Static IP
-Enable WAN: Yes
-Enable NAT: Yes
-Enable UPnP: Yes
-IP Address: 192.168.1.254 (all traffic routed by my ISP to my router at this port)
-Subnet Mask: 255.255.255.0
-Default Gateway: 192.158.1.1
-DNS Server1: 192.168.1.1
-DNS Server2: 8.8.8.8
-Authentication: None
-Host Name: (empty, default)
...
LAN/LAN IP:
-Host Name: RT-AC88U-xxxx (default)
-RT-AC88U's Domain Name: (empty, default)
-IP Address: 192.168.2.1
-Subnet Mask: 255.255.255.0
LAN/DHCP Server:
-Enable the DHCP Server: Yes
-RT-AC88U's Domain Name: (empty, default)
-IP Pool, etc all in 192.168.2 network
-Default Gateway: (empty, default)
-DNS Server: (empty, default)-
-WINS Server: (empty, default)
-Enable Manual Assignment: Yes
...list of assigned IP addresses in 192.168.2 network
I have a registered domain name I will call XXX.org, with alias
www.XXX.org, on a public IP address. I can see this address using whatismyipaddress.com. I have port forwarding setup so that specific ports are forwarded to devices on my LAN. I keep a valid certificate for devices with a port exposed to the WAN to allow secure connections, using the XXX.org domain name.
Using nslookup on a machine on my LAN with default server (192.168.2.1) I can resolve XXX.org (and
www.XXX.org) to the correct public IP address. I can resolve similarly with server 192.168.1.1 and 8.8.8.8.
When outside my LAN (on the internet) I can access https://XXX.org
ortYYY).
When on my LAN, I cannot access
https://XXX.org:
forwardedPortYYY [Error: XXX.org refused to connect]
When on my LAN, I cannot access
https://myPublicIPAddress:
forwardedPortYYY [Error: myPublicIPAddress refused to connect]
When on my LAN, I
can access
https://192.168.2.ZZZ:
realPortYYY [but I get a warning that the connection is not secure, I presume due the domain name on my cert not matching the private LAN IP address]
I was told, when speaking with my (small, responsive) ISP that not being able to use my domain name for access when on my LAN is due to a "hairpin route", and there are workarounds but they are not simple. I thought that this might be avoided by setting up a DNS server on my LAN (the ASUS router) but this is just a guess.
I did try setting the Domain Name field(s) in the router configuration to my domain name (XXX.org), thinking that might help - but it did not. From further review of the tooltips offered when hovering over the Domain Name fields in ASUS configuration, I then concluded (perhaps incorrectly) that this field is only used for DHCP, transmitted as part of the response packet to the client, and is not used by the router itself for any routing.
I hope this helps. I'm open to other ideas on how to resolve the actual problem (can't access local, secure resources without warnings). I'm not committed to pursuing this domain name solution if there are others.