OpenWebIf through HTTPS
Re: OpenWebIf through HTTPS #2
Posted 14 February 2020 - 12:21
I hate to disappoint you, but HTTPS does precisely zero to prevent intruders...
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: OpenWebIf through HTTPS #3
Re: OpenWebIf through HTTPS #4
Posted 14 February 2020 - 12:48
Use a VPN, most routers support them, most NAS devices too.
If really needed, you can install OpenVPN on the box itself, but it is a last-resort option, and requires commandline access to configure it.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: OpenWebIf through HTTPS #5
Re: OpenWebIf through HTTPS #6
Posted 16 February 2020 - 15:07
A VPN service is for connecting with a client in your home network to the outside world, and you need the other way, from a client on the internet securely to your home network.
Like I said:
- if your broadband router supports any VPN functionality (but ideally not PPTP), use it
- if you have a NAS or other device that supports OpenVPN, use it (with a port forward on your router)
- install OpenVPN on your box as a last resort (with a port forward on your router)
And the reason for that is two-fold:
- the box is not a security device, there is no privilege separation, everything runs as root
- there is no documentation I know of, and no GUI to configure it, so it requires knowledge or a lot of Google work
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: OpenWebIf through HTTPS #7
Re: OpenWebIf through HTTPS #8
Posted 16 February 2020 - 16:29
No.
Like I said, the box is not a security device, there isn't even a proper webserver running on the box, the webif is a python process listening to port 80 requests...
The alternative may be to use an SSH tunnel in combination with a public key instead of a password, but that requires knowledge as well.
There is an old guide about this (http://www.milosoftw...p?body=dropbear) in Dutch, maybe Google Translate may help here. It describes accessing the WebIf via the SSH tunnel.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: OpenWebIf through HTTPS #9
Posted 16 February 2020 - 17:00
uNo.
Like I said, the box is not a security device, there isn't even a proper webserver running on the box, the webif is a python process listening to port 80 requests...
The alternative may be to use an SSH tunnel in combination with a public key instead of a password, but that requires knowledge as well.
There is an old guide about this (http://www.milosoftw...p?body=dropbear) in Dutch, maybe Google Translate may help here. It describes accessing the WebIf via the SSH tunnel.
You can set that page easily to English (tp right). No translation needed.
Vu+ Ultimo 4K (4 TB HD, DVBS FSB, DVBC FBC & OpenPli 9),
Xtrend ET10000 (1 DVBS works via ethernet & OpenPli 9),
Xtrend ET10000 (DVBT2 & OpenPli 9, located in Thailand). Only latest stable releases.
Xtrend ET10000 (works via ethernet & OpenPli 9) and
Xtrend ET8000 (1 TB HD, 1 DVBT2 & works via ethernet & OpenPli 9)
Re: OpenWebIf through HTTPS #10
Posted 16 February 2020 - 19:20
The SSH method is safe and much easier than VPN. It encrypts everything, which can be taxing for low-end (i.e. old) boxes if you want to tunnel live video through it. Also works on most mobile phones and things like that.
(Don't be tempted to think that you can just open the web-interface without SSH or VPN and "it won't happen to me". It will happen to you and some enterprising criminal is likely to inject ransomware on everything on your home network.)
Re: OpenWebIf through HTTPS #11
Posted 29 February 2020 - 00:26
Re: OpenWebIf through HTTPS #12
Posted 29 February 2020 - 00:56
Yes. But pointless, it will be found almost as quickly. Security by obscurity never works.
Dropbear supports sshd style passwordless public key access, and disabling password logins, which might be a safer route.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: OpenWebIf through HTTPS #13
Re: OpenWebIf through HTTPS #14
Posted 29 February 2020 - 13:25
Ok, I’ve tested using SSH, it’s work fine, now i have another question for you: I would like to change the SSH default port from 22 to a port as 12345, in order to avoid to open 22 port on router to prevent port scan on port 22. Is possible to change SSH default port?
Just instruct your router to forward external port 12345 to internal port 22, no need to change the port on the box itself.
Re: OpenWebIf through HTTPS #15
Posted 29 February 2020 - 13:28
And if I use a strong password instead public key, is this bypassable?
For example: ti[dh-1)18]]75.
Even a "strong" password is way less secure than using keypairs. And keypair is much more convenient since you don't have to type it. The nice thing about keypairs is that even if someone is able to intercept and decrypt all your network traffic, he'll still be unable to reproduce your credentials.
Re: OpenWebIf through HTTPS #16
Posted 29 February 2020 - 14:40
Now I would like to test also VPN method, but I don’t have any PC in the same LAN in which is placed the box, I only have a router and the box. My question is: is possible to install OpenVPN as Server directly in the box so i can use a pc from outside as client and connect to the box through the VPN server installed in the box lot? Without connect to another server first?
Re: OpenWebIf through HTTPS #17
Posted 29 February 2020 - 14:46
Yes.
As long as you know how to configure it, and with the usual disclaimer that the box is not a security device, it doesn't even provide the normal linux OS security as everything runs as root.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: OpenWebIf through HTTPS #18
Re: OpenWebIf through HTTPS #19
Posted 29 February 2020 - 15:05
If you are limited to the box, I would go for SSH + keys. Just for the simplicity.
I have a firewall with OpenVPN support, so I use that myself.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: OpenWebIf through HTTPS #20
4 user(s) are reading this topic
0 members, 4 guests, 0 anonymous users