Separate names with a comma.
Discussion in 'Android and Enigma/Linux Based STB Discussion' started by raydio, Feb 20, 2019.
Found that user name is root and also found a place to enter a password
Would you be willing to document the OpenVPN process for accessing the STB from the Internet? The existing OpenVPN documentation is lacking!
raydio said he will publish a step by step instruction list here shortly. Keep in mind that we did not involve a VPN as part of this experiment- we opened a port in the router, made an exception in the firewall, and configured HTTP access in the Edision image for remote WebIf access. A strong username/password is suggested if going this route so as to block hackers from having access to the STB.
This is basically how the "old school" Slingboxes worked before Sling introduced their own servers
as intermediaries in the "slinging" process.
He might want to monitor his routers log file, and see how many port scanners are constantly testing it from the 'net. You might be amazed on how many that will be... If so, be very careful to make SURE things are locked down tightly. Most of those guys have all that stuff automated, and any holes will be probed and exploited immediately.
Yep. I advise a high amount of paranoia when opening up ports to your system
Well CN and I are still working on it...we have figured out part of the puzzle but still have issues with the VPN portion. Once we have it figured out and fully tested we will surely share our findings!
The trick is to use non-standard ports (or use standard ports for other protocols). Hackers find more than they can handle scanning ports for the traffic expected on those ports that they don't look for different protocols. There are five or six port numbers for e-mail alone that should get past most all firewalls and if you aren't using one of them for e-mail, you can use it for something else.
I suspect that the problem here is that the gateway is using port 443 for secure browser-based login to its remote configuration web interface. If remote (from the WAN side) maintenance is disabled (or using port 80 is chosen for the remote interface), the gateway may get out of the way.
If you're concerned about someone scanning for OpenVPN, you can monitor (either internally if the router supports logging or with computer software at the destination IP) what the router forwards for a while before you commit to using it. Further, without the RSA security key that comes along with the OpenVPN configuration, the hacker will get nowhere. OpenVPN requires a user name, password and 2048 bit security key to gain access by default.
Having ports that are open on the WAN is just a risk you're going to have to take if you want remote access. You can try using non-standard ports but hackers have access to port scanners like nmap and zenmap that can scan all ports. As I mentioned before, some hotspots block non-standard ports and even some standard ports. Just be sure to implement the best security techniques and keep your systems security up-to-date.
Open ports aren't the end of the world if you're careful about what is listening and on which side of the firewall. If you VPN into a router, that's all handled on the WAN side.
Using non-standard ports (other than 1194) will stymie most but those who are really out to get you personally. Once they've discovered the port number, they still have to hack your login, password and RSA key (a fairly monumental task).
This isn't like VNC, RDP or Slingplayer where only a user name and password are required and the listener resides on the LAN side of the firewall.
After several weeks of experimenting with streaming Openwebif I am canning the idea. If I am home and on my own LAN then latency is not an issue. However, since I do travel a lot for business, the idea was to find a better way than slingbox. The resolution is good but the latency issue makes it impossible to watch anything with decent resolution due to stuttering or buffering. This is with using an open port on my DSL router. I did purchase another router and was planning on installing VPN on it, however I doubt that would help or solve the latency issue.
DSL shouldn't have a lot of latency. Have you obtained a latency number from a broadband speed test for comparison?
The MIO's Webif screen has a tad of latency in it, even on your own lan. Sounds like it's worse when trying to use that for his outside streaming option.
I think what's happening here is the Edision is trying to push raw video (no transcoding) over the open port, and it's just too fast for the connection on the receiving end to handle. Or perhaps the upload speed at the upload location isn't sufficient. The Slingbox runs a transcoding buffer in between the video source and the destination device, so that is why it's probably working a lot better.
Even the best DSL uplinks may be insufficient for compressed HD video.
The Slingbox is a pretty nifty piece of equipment and with a strong password, it should be pretty secure.
Have you tried this method. I know nothing about it myself, and can't help. I simply found this during my searches for various info: Stream live television from your dreambox to the internet | TheYOSH.nl
No I have not Mike, but I took a look at it and will give it a try, thanks.
Any news on a wiki for doing this? I have a working openvpn setup on the Edision but DreamDroid is unable to access the box while WebIF works just fine from a web browser (but only on my LAN). openvpn connections between dreamdroid and the STB should work but it doesn't. I can ping the tunnel addresses though so the tunnel is present and the server sees all openvpn clients. openvpn works with all other apps I just, just not DreamDroid or any Enigma2 remote control apps. So, I am not currently using openvpn with the Edision at this time.
Here's a Wiki for OpenPLI images, not sure if Openvpn is in it, but it's a good read: OpenPLi Wiki
Here's an OpenVPN wiki: HOWTO – OpenVPN Community
I've never known openvpn to block any ports. Once the tunnel is established all traffic should be tunneled through the openvpn port. I don't know how openvpn keeps track of the traffic flow but it must have some way of routing the traffic to the correct destination. I can't get webif or dreamdroid to work over vpn on android devices. webif does work over vpn from a Linux box unless I activate the vpn client on the os mio. In other words, the Linux box (a vpn client) talks to a vpn server and then the traffic is routed to the non-vpn client os mio.It's kinda tuff explaining this in posts. But, if I figure it out I'll let you know.