HomeGenie Forum
General Category => General Discussion => Topic started by: ramdisk on March 23, 2017, 02:12:32 AM
-
How do you guys secure your remote access to HG?
-
Hi
You can use SSL with HG, it will be a self-signed certificate but it's better than nothing. I'm not sure if you can replace that with another certificate (I'd like to know, actually, as at some point I'll probably consider it).
You can also change the port it runs on so that nobody could guess it.
Seb.
-
Hi,
I use VPN.
The following thread can probably be interesting for you :
http://www.homegenie.it/forum/index.php?topic=1001 (http://www.homegenie.it/forum/index.php?topic=1001)
++
-
Hi there
Agree with nolio. I'm using VPN also.
Just bought orange pi (budget was tight, less than 20 euro :( ). Hassle free software used on orange pi - DietPi (dietpi.com/).
Just burn dietpi image ,install Open VPN. Generate certificates for all clients you need and there you go,
you have access to you home network from anywhere 8)
Once you connected just use your HG local IP address i.eg 192.168.1.100
Good luck.
-
Changing the port is not securing it!! don't even consider exposing it!
i did a guide that used nginx as a reverse proxy and letsencrypt for an SSL cert..
I also added basic auth with NGINX and fail2ban too.. (mine is also only open to all with certain source ip's, IE work :) - there are a couple of api's exposed to any soruce ip for "if this then that" to connect to.
I also have a vpn via ddwrt firmware on my router too
-
You are correct, changing the port alone is nowhere near enough obviously. I wasn't suggesting to do only that.
I set up my server a couple of years ago so I didn't remember this properly but now that you're saying it, I'm using Nginx too. Which is what allows me to have an SSL connection. Chances are I used your tutorial at the time actually!
-
:) sorry I know I am stating the obvious, but I dont want people exposing interfaces when they rely on software security and have electronic door locks :o :)
-
david@wallis2000
that's weird typing that and it's someone else besides me (my name is David Wallis also)
do you have a link to your video of how you secured HG. Thanks
-
Crazy co-incidence :)
I haven't created a video of how I secured it, I just posted a shell script of the process I used to do the install, its on this forum if you search raspberry pi Jessie - I would have thought that would find it :)
-
My home router running Tomato firmware has an OpenVPN server running on it. I connect to home network, then I am inside network. I can run Home genie Plus on my Android, ZMNinja on my Android and Mythtv Player on my Android.
-
I'm running DD-WRT on my router and it presumably has PPTP VPN server. If it doesn't, I can update the firmware so that it will. How do you connect your Android clients to the VPN without adding a bunch of steps?
-
You can do a vpn on dd-wrt as thats what I am using You need to check if your build has it configured..
I can then connect from my phone :)
-
It looks like Android has a builtin VPN client so I guess it should be pretty easy to use.
-
it is, however pptp isn't really secure that secure these days, l2tp is better but if you can do openvpn then you should be able to download an app for the phone..