more G-Labs products

Author Topic: how to secure remote access  (Read 1009 times)

March 23, 2017, 02:12:32 AM
Read 1009 times

ramdisk

  • *
  • Information
  • Newbie
  • Posts: 3
How do you guys secure your remote access to HG?

March 23, 2017, 12:21:20 PM
Reply #1

OldLodgeSkins

  • *
  • Information
  • Newbie
  • Posts: 21
Hi

You can use SSL with HG, it will be a self-signed certificate but it's better than nothing. I'm not sure if you can replace that with another certificate (I'd like to know, actually, as at some point I'll probably consider it).
You can also change the port it runs on so that nobody could guess it.

Seb.

March 24, 2017, 07:08:39 AM
Reply #2

nolio

  • *****
  • Information
  • Global Moderator
  • Posts: 544
Hi,
I use VPN.
The following thread can probably be interesting for you :
http://www.homegenie.it/forum/index.php?topic=1001
++

March 24, 2017, 10:24:41 AM
Reply #3

siepacz

  • *
  • Information
  • Newbie
  • Posts: 6
Hi there
Agree with nolio. I'm using VPN also.
Just bought orange pi (budget was tight,  less than 20 euro   :( ). Hassle free software used on orange pi - DietPi (dietpi.com/).
Just burn dietpi image ,install Open VPN. Generate certificates for all clients you need and there you go,
you have access to you home network from anywhere  8)
 Once you connected just use your HG local IP address i.eg 192.168.1.100
Good luck.

March 24, 2017, 12:36:32 PM
Reply #4

[email protected]

  • *****
  • Information
  • Hero Member
  • Posts: 271
Changing the port is not securing it!! don't even consider exposing it!

i did a guide that used nginx as a reverse proxy and letsencrypt for an SSL cert..

I also added basic auth with NGINX and fail2ban too.. (mine is also only open to all with certain source ip's, IE work :) - there are a couple of api's exposed to any soruce ip for "if this then that" to connect to.

I also have a vpn via ddwrt firmware on my router too

March 24, 2017, 04:39:39 PM
Reply #5

OldLodgeSkins

  • *
  • Information
  • Newbie
  • Posts: 21
You are correct, changing the port alone is nowhere near enough obviously. I wasn't suggesting to do only that.
I set up my server a couple of years ago so I didn't remember this properly but now that you're saying it, I'm using Nginx too. Which is what allows me to have an SSL connection.  Chances are I used your tutorial at the time actually!

March 27, 2017, 09:41:49 AM
Reply #6

[email protected]

  • *****
  • Information
  • Hero Member
  • Posts: 271
:) sorry I know I am stating the obvious, but I dont want people exposing interfaces when they rely on software security and have electronic door locks :o :)

March 27, 2017, 11:45:58 PM
Reply #7

ramdisk

  • *
  • Information
  • Newbie
  • Posts: 3
david@wallis2000

that's weird typing that and it's someone else besides me (my name is David Wallis also)

do you have a link to your video of how you secured HG. Thanks

March 28, 2017, 01:22:56 PM
Reply #8

[email protected]

  • *****
  • Information
  • Hero Member
  • Posts: 271
Crazy co-incidence :)

I haven't created a video of how I secured it, I just posted a shell script of the process I used to do the install, its on this forum if you search raspberry pi Jessie - I would have thought that would find it :)

April 04, 2017, 03:20:00 PM
Reply #9

jmcgee

  • **
  • Information
  • Jr. Member
  • Posts: 26
My home router running Tomato firmware has an OpenVPN server running on it.  I connect to home network,  then I am inside network. I can run Home genie Plus on my Android,  ZMNinja on my Android and Mythtv Player on my Android.

April 04, 2017, 05:22:20 PM
Reply #10

bkenobi

  • *****
  • Information
  • Global Moderator
  • Posts: 1525
I'm running DD-WRT on my router and it presumably has PPTP VPN server.  If it doesn't, I can update the firmware so that it will.  How do you connect your Android clients to the VPN without adding a bunch of steps?

April 05, 2017, 04:13:44 PM
Reply #11

[email protected]

  • *****
  • Information
  • Hero Member
  • Posts: 271
You can do a vpn on dd-wrt as thats what I am using You need to check if your build has it configured..

I can then connect from my phone :)

April 05, 2017, 05:18:58 PM
Reply #12

bkenobi

  • *****
  • Information
  • Global Moderator
  • Posts: 1525
It looks like Android has a builtin VPN client so I guess it should be pretty easy to use.

April 06, 2017, 09:37:51 AM
Reply #13

[email protected]

  • *****
  • Information
  • Hero Member
  • Posts: 271
it is, however pptp isn't really secure that secure these days, l2tp is better but if you can do openvpn then you should be able to download an app for the phone..