Tighten Security From Outside Attacks on my VU+ boxes.
Re: Tighten Security From Outside Attacks on my VU+ boxes. #21
Posted 29 November 2016 - 17:24
Some router make it quite easy to setup VPN. I e.g. have a fritzbox and iPhone. Fritzbox setup is only some mouse clicks. iPhone setup was not so easy, but you can find instructions in the Internet.
I would prefer to use a router with good firmware support to create VPN tunnel. Another option is to install OpenVPN on the receiver...
Re: Tighten Security From Outside Attacks on my VU+ boxes. #22
Posted 29 November 2016 - 18:42
Thanks. The Fritzbox looks pretty cool maybe something for the future since I got a new router with my fiberline a couple of months ago, but it doesn't have VPN built in.
VPN is really interesting. @betacentauri, when you mean setting up a OpenVPN on the receiver, do you mean VU+ box as being the receiver?
Edited by kermith, 29 November 2016 - 18:43.
Re: Tighten Security From Outside Attacks on my VU+ boxes. #23
Re: Tighten Security From Outside Attacks on my VU+ boxes. #24
Posted 29 November 2016 - 18:58
Very simple indeed. The safest thing to do would also have all of the computers off line, and then just connect the network cable when needed. I'm not ironic, it is the safest thing. My question is more of a "if" I need WAN share what would be the best alternative being aware of the consequences.
Re: Tighten Security From Outside Attacks on my VU+ boxes. #25
Re: Tighten Security From Outside Attacks on my VU+ boxes. #26
Posted 29 November 2016 - 19:04
1. WAN sharing = illegal, so not supported. So there should be no "if".
2. When you do WAN sharing (with or without VPN) , you forward a port in your router to expose your share on the internet. So you expose your hardware to the internet which means it can be hacked.
Normal internet traffic by a pc is a totally different thing. Then you don't have to open/forward a port.
Re: Tighten Security From Outside Attacks on my VU+ boxes. #27
Re: Tighten Security From Outside Attacks on my VU+ boxes. #28
Posted 29 November 2016 - 21:48
Setup a site-to-site VPN between your home and your country house. Then both internal networks can talk to each other, without exposing them to the internet.
I do the same here, both my routers support IPSec.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: Tighten Security From Outside Attacks on my VU+ boxes. #29
Re: Tighten Security From Outside Attacks on my VU+ boxes. #30
Posted 29 November 2016 - 21:53
The Fritz (the standard OS) does IPSec as well. With a couple of limitations, and not the easiest of configs. But it can be done, we have two of them connected to our office router.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: Tighten Security From Outside Attacks on my VU+ boxes. #31
Posted 29 November 2016 - 22:20
But didn;t you need special software installed on the Fritzbox....
I'm still considering to post a how-to, how to install and configure OpenVPN on your box and how to create (as example) good keys a..... and how te create a .opvn file for your iPad/iPhone... but as the preferable safety is to use the VPN of your server I did not post it yet...
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Re: Tighten Security From Outside Attacks on my VU+ boxes. #32
Posted 29 November 2016 - 22:20
No, you don't. And afaik both boxes are 7490's.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: Tighten Security From Outside Attacks on my VU+ boxes. #33
Posted 29 November 2016 - 22:26
I've connected my Linksys running StrongSwan on LEDE to two Fritz!Boxes.
Gesendet von meinem Siemens C25 mit Tapatalk
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
Re: Tighten Security From Outside Attacks on my VU+ boxes. #34
Posted 30 November 2016 - 09:00
I'm still considering to post a how-to, how to install and configure OpenVPN on your box and how to create (as example) good keys a..... and how te create a .opvn file for your iPad/iPhone... but as the preferable safety is to use the VPN of your server I did not post it yet...
The how-to would indeed be very useful.
ET9000, OpenPLi 4.0, 13E, 19E
HD51, OpenPLi 6.2, 75E - 30W
Re: Tighten Security From Outside Attacks on my VU+ boxes. #35
Posted 30 November 2016 - 15:39
I'm still considering to post a how-to, how to install and configure OpenVPN on your box and how to create (as example) good keys a..... and how te create a .opvn file for your iPad/iPhone... but as the preferable safety is to use the VPN of your server I did not post it yet...
The how-to would indeed be very useful.
1. WAN sharing = illegal, so not supported. So there should be no "if".
2. When you do WAN sharing (with or without VPN) , you forward a port in your router to expose your share on the internet. So you expose your hardware to the internet which means it can be hacked.
Normal internet traffic by a pc is a totally different thing. Then you don't have to open/forward a port.
I think your answer has a point but if I'd count on how many times most people cross that line everyday it would take a whole different discussion and I wont even go there.
With receiver I mean E2 box.
Oh, OK, thanks.
I'm still considering to post a how-to, how to install and configure OpenVPN on your box and how to create (as example) good keys a..... and how te create a .opvn file for your iPad/iPhone... but as the preferable safety is to use the VPN of your server I did not post it yet...
The how-to would indeed be very useful.
Yeah, that would be appreciated.
But also how about just allow devices with specific mac address to be able to logon to the router or the box?
Would that work?
Re: Tighten Security From Outside Attacks on my VU+ boxes. #36
Posted 30 November 2016 - 15:41
MACs can be spoofed.
And also only the traffic inside the LAN cares about MACs, it's IP based through the outside world.
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
Re: Tighten Security From Outside Attacks on my VU+ boxes. #37
Re: Tighten Security From Outside Attacks on my VU+ boxes. #38
Posted 30 November 2016 - 20:16
Execute the following commands to generate and install a key pair on your E2 box:
dropbearkey -t rsa -f ~/.ssh/id_rsa dropbearkey -y -f ~/.ssh/id_rsa | grep "^ssh-rsa " >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/* chmod 700 ~/.ssh chmod 700 ~You should now be able to login to your box using the private key file id_rsa located in /home/root/.ssh of your box (See the instructions of your ssh client on how to use key auth).
If this succeeds, make the content of /etc/default/dropbear read
DROPBEAR_EXTRA_ARGS="-s"This will disallow password logins for ssh entirely (let alone logins with empty passwords, which is the default for all oe-a images) (The only way to recover from ssh login problems would then be telnet).
You can transfer the file /home/root/authorized_keys to other boxes too, to use the same key file for multiple boxes, but make sure to adjust the file rights after copy:
chmod 600 ~/.ssh/* chmod 700 ~/.ssh chmod 700 ~With ssh, you have everything you need:
- ssh gives you shell access, just like telnet but secure (when using key auth)
- ssh gives you file access, either using scp (secure copy) or sftp (FileZilla supports sftp, you can access your box' files just like you could using ftp).
- ssh allows to tunnel ports from the remote machine (= your E2 box) to your local machine.
You can for example tunnel port 80 of your E2 box to port 80 of your smartphone and port 8001 of your E2 box to port 8001 of your smartphone.
As long as the tunnel is established, you can login to your E2 webif using address "http://localhost" on your smartphone and use streaming, just as if your smartphone would be your E2 box.
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
Re: Tighten Security From Outside Attacks on my VU+ boxes. #39
Re: Tighten Security From Outside Attacks on my VU+ boxes. #40
Posted 30 November 2016 - 21:05
Nope... on ssh the iPad with iOS >= 7 will "blow-up" the tunnel after the app that did open the tunel is not on the foreground for approx 5 min... The only option for iPad I found is openVPN...
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
14 user(s) are reading this topic
0 members, 14 guests, 0 anonymous users