satopenpli

Anyway, my workaround for now:

1. config.OpenWebif.auth=true in enigma settings
2. reverse proxy access to OpenWebif using nginx, while embedding credentials:
   proxy_set_header Authorization "Basic STR" where STR is base64 encoded root:box_password string

This way I can control access in a proper way, using either firewall rules or fully fledged HTTP auth solution, instead of half-baked and incorrect hack forced by OpenWebif.

And it is the other way around: "Enable access from VPNs" disables the local subnet check. I have to set that on every box as I have all of them on a seperate subnet.

I browsed OpenWebif source, access heuristics are even worse than I thought.
But at least particular source code comment ("...access is from private address space (Usually VPN)..") is honest, although assumption is inaccurate.

User visible option itself is completely misleading ("Enable access from VPNs").

https://github.com/E...pserver.py#L353

In IPv6 use of private address space and NAT is actually discouraged, so such check is mostly useless anyway.

OpenPLi wiki is also incorrect in this regard, quoting ... "VPN access (= any subnet from private address space)", when in fact VPN and private addressing are completely orthogonal and nonrelated things.

https://wiki.openpli.org/Webif

 

This discussion is going in circles.

 

I agree, got my answers, thank you for responding everybody.

A 2.6.32 kernel is still completely sufficient for the demands on an STB.
 

2.6.32 will surely provide STB with a kernel level support for:
1) DVB-T2 sticks currently available on market

2) recent WiFi USB adapters

3) mounting SMB2/SMB3 shares, instead of enabling insecure SMB1

4) Wireguard VPN
5) mounting exFAT formatted drive? or BTRFS formatted, LUKS encrypted and ZSTD compressed drive?

6) modern graphics and hardware video decoding stack, so that upstream versions of software like Kodi can run, instead of relying on questionable vendor hacks and patches

Or modern SAT STB needs nothing like that, right?

The challenge has more and more become the problem of decryption.

 

You could use a VU+ Duo 4K or Ultimo 4K with two FBC modules, and have 16 tuners to play with, but that doesn't give you much if you are stuck with a CI/CI+ module, and a one-transponder/two channels limit. If your provider does sell those modules.

 

I personally have such a setup in the attic, that does all the recording, and provide tuners (I use streaming, not SAT>IP which permanently blocks a tuner) to the other boxes in my house.

I only watch one encrypted provider, single smartcard slot is enough for me, rest are FTA.