1. raydio

    raydio Topic Starter K4ECP Supporting Founder Pub Member / Supporter

    Joined:
    Jan 6, 2005
    Posts:
    828
    Likes Received:
    713
    Location:
    Rio Rancho, NM
    Found that user name is root and also found a place to enter a password
     
    primestar31 and comfortably_numb like this.
  2. Titanium

    Titanium AI6US Lifetime Supporter

    Joined:
    May 23, 2013
    Posts:
    6,339
    Likes Received:
    6,538
    Location:
    Meadow Vista, Northern California
    Would you be willing to document the OpenVPN process for accessing the STB from the Internet? The existing OpenVPN documentation is lacking!
     
  3. comfortably_numb

    comfortably_numb Dogs have owners, cats have staff Pub Member / Supporter

    Joined:
    Nov 30, 2011
    Posts:
    7,320
    Likes Received:
    7,469
    Location:
    Missouri/Kansas
    raydio said he will publish a step by step instruction list here shortly. Keep in mind that we did not involve a VPN as part of this experiment- we opened a port in the router, made an exception in the firewall, and configured HTTP access in the Edision image for remote WebIf access. A strong username/password is suggested if going this route so as to block hackers from having access to the STB.

    This is basically how the "old school" Slingboxes worked before Sling introduced their own servers
    as intermediaries in the "slinging" process.
     
    raydio, Titanium and phlatwound like this.
  4. primestar31

    primestar31 SatelliteGuys Master

    Joined:
    Mar 15, 2005
    Posts:
    8,168
    Likes Received:
    4,407
    Location:
    Beta Omicron Delta III
    He might want to monitor his routers log file, and see how many port scanners are constantly testing it from the 'net. You might be amazed on how many that will be... If so, be very careful to make SURE things are locked down tightly. Most of those guys have all that stuff automated, and any holes will be probed and exploited immediately.
     
    Titanium and comfortably_numb like this.
  5. comfortably_numb

    comfortably_numb Dogs have owners, cats have staff Pub Member / Supporter

    Joined:
    Nov 30, 2011
    Posts:
    7,320
    Likes Received:
    7,469
    Location:
    Missouri/Kansas
    Yep. I advise a high amount of paranoia when opening up ports to your system :)
     
    Titanium likes this.
  6. raydio

    raydio Topic Starter K4ECP Supporting Founder Pub Member / Supporter

    Joined:
    Jan 6, 2005
    Posts:
    828
    Likes Received:
    713
    Location:
    Rio Rancho, NM
    Well CN and I are still working on it...we have figured out part of the puzzle but still have issues with the VPN portion. Once we have it figured out and fully tested we will surely share our findings!
     
    Titanium and comfortably_numb like this.
  7. harshness

    harshness SatelliteGuys Master

    Joined:
    May 5, 2007
    Posts:
    15,325
    Likes Received:
    2,182
    Location:
    Salem, OR
    The trick is to use non-standard ports (or use standard ports for other protocols). Hackers find more than they can handle scanning ports for the traffic expected on those ports that they don't look for different protocols. There are five or six port numbers for e-mail alone that should get past most all firewalls and if you aren't using one of them for e-mail, you can use it for something else.

    I suspect that the problem here is that the gateway is using port 443 for secure browser-based login to its remote configuration web interface. If remote (from the WAN side) maintenance is disabled (or using port 80 is chosen for the remote interface), the gateway may get out of the way.

    If you're concerned about someone scanning for OpenVPN, you can monitor (either internally if the router supports logging or with computer software at the destination IP) what the router forwards for a while before you commit to using it. Further, without the RSA security key that comes along with the OpenVPN configuration, the hacker will get nowhere. OpenVPN requires a user name, password and 2048 bit security key to gain access by default.
     
    raydio and primestar31 like this.
  8. johnnynobody

    johnnynobody SatelliteGuys Pro

    Joined:
    Aug 2, 2009
    Posts:
    2,209
    Likes Received:
    183
    Location:
    42N 103W
    Having ports that are open on the WAN is just a risk you're going to have to take if you want remote access. You can try using non-standard ports but hackers have access to port scanners like nmap and zenmap that can scan all ports. As I mentioned before, some hotspots block non-standard ports and even some standard ports. Just be sure to implement the best security techniques and keep your systems security up-to-date.
     
  9. harshness

    harshness SatelliteGuys Master

    Joined:
    May 5, 2007
    Posts:
    15,325
    Likes Received:
    2,182
    Location:
    Salem, OR
    Open ports aren't the end of the world if you're careful about what is listening and on which side of the firewall. If you VPN into a router, that's all handled on the WAN side.

    Using non-standard ports (other than 1194) will stymie most but those who are really out to get you personally. Once they've discovered the port number, they still have to hack your login, password and RSA key (a fairly monumental task).

    This isn't like VNC, RDP or Slingplayer where only a user name and password are required and the listener resides on the LAN side of the firewall.
     
    raydio and comfortably_numb like this.
  10. raydio

    raydio Topic Starter K4ECP Supporting Founder Pub Member / Supporter

    Joined:
    Jan 6, 2005
    Posts:
    828
    Likes Received:
    713
    Location:
    Rio Rancho, NM
    After several weeks of experimenting with streaming Openwebif I am canning the idea. If I am home and on my own LAN then latency is not an issue. However, since I do travel a lot for business, the idea was to find a better way than slingbox. The resolution is good but the latency issue makes it impossible to watch anything with decent resolution due to stuttering or buffering. This is with using an open port on my DSL router. I did purchase another router and was planning on installing VPN on it, however I doubt that would help or solve the latency issue.
     
    comfortably_numb likes this.
  11. harshness

    harshness SatelliteGuys Master

    Joined:
    May 5, 2007
    Posts:
    15,325
    Likes Received:
    2,182
    Location:
    Salem, OR
    DSL shouldn't have a lot of latency. Have you obtained a latency number from a broadband speed test for comparison?
     
  12. primestar31

    primestar31 SatelliteGuys Master

    Joined:
    Mar 15, 2005
    Posts:
    8,168
    Likes Received:
    4,407
    Location:
    Beta Omicron Delta III
    The MIO's Webif screen has a tad of latency in it, even on your own lan. Sounds like it's worse when trying to use that for his outside streaming option.
     
  13. comfortably_numb

    comfortably_numb Dogs have owners, cats have staff Pub Member / Supporter

    Joined:
    Nov 30, 2011
    Posts:
    7,320
    Likes Received:
    7,469
    Location:
    Missouri/Kansas
    I think what's happening here is the Edision is trying to push raw video (no transcoding) over the open port, and it's just too fast for the connection on the receiving end to handle. Or perhaps the upload speed at the upload location isn't sufficient. The Slingbox runs a transcoding buffer in between the video source and the destination device, so that is why it's probably working a lot better.
     
  14. harshness

    harshness SatelliteGuys Master

    Joined:
    May 5, 2007
    Posts:
    15,325
    Likes Received:
    2,182
    Location:
    Salem, OR
    Even the best DSL uplinks may be insufficient for compressed HD video.

    The Slingbox is a pretty nifty piece of equipment and with a strong password, it should be pretty secure.
     
    raydio and comfortably_numb like this.
  15. primestar31

    primestar31 SatelliteGuys Master

    Joined:
    Mar 15, 2005
    Posts:
    8,168
    Likes Received:
    4,407
    Location:
    Beta Omicron Delta III
    Have you tried this method. I know nothing about it myself, and can't help. I simply found this during my searches for various info: Stream live television from your dreambox to the internet | TheYOSH.nl
     
    raydio likes this.
  16. raydio

    raydio Topic Starter K4ECP Supporting Founder Pub Member / Supporter

    Joined:
    Jan 6, 2005
    Posts:
    828
    Likes Received:
    713
    Location:
    Rio Rancho, NM
    primestar31 likes this.
  17. johnnynobody

    johnnynobody SatelliteGuys Pro

    Joined:
    Aug 2, 2009
    Posts:
    2,209
    Likes Received:
    183
    Location:
    42N 103W
    Any news on a wiki for doing this? I have a working openvpn setup on the Edision but DreamDroid is unable to access the box while WebIF works just fine from a web browser (but only on my LAN). openvpn connections between dreamdroid and the STB should work but it doesn't. I can ping the tunnel addresses though so the tunnel is present and the server sees all openvpn clients. openvpn works with all other apps I just, just not DreamDroid or any Enigma2 remote control apps. So, I am not currently using openvpn with the Edision at this time.
     
  18. primestar31

    primestar31 SatelliteGuys Master

    Joined:
    Mar 15, 2005
    Posts:
    8,168
    Likes Received:
    4,407
    Location:
    Beta Omicron Delta III
    Here's a Wiki for OpenPLI images, not sure if Openvpn is in it, but it's a good read: OpenPLi Wiki

    Here's an OpenVPN wiki: HOWTO – OpenVPN Community
     
  19. johnnynobody

    johnnynobody SatelliteGuys Pro

    Joined:
    Aug 2, 2009
    Posts:
    2,209
    Likes Received:
    183
    Location:
    42N 103W
    I've never known openvpn to block any ports. Once the tunnel is established all traffic should be tunneled through the openvpn port. I don't know how openvpn keeps track of the traffic flow but it must have some way of routing the traffic to the correct destination. I can't get webif or dreamdroid to work over vpn on android devices. webif does work over vpn from a Linux box unless I activate the vpn client on the os mio. In other words, the Linux box (a vpn client) talks to a vpn server and then the traffic is routed to the non-vpn client os mio.It's kinda tuff explaining this in posts. But, if I figure it out I'll let you know.
     

Separate names with a comma.

More...