1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WebIF - can it be accessed from the WAN?

Discussion in 'HD/HDR-FOX T2 Customised Firmware' started by makem, Jan 18, 2012.

  1. makem

    makem Member

    It would be an advantage for me as I travel for long periods.
     
    Trevor Jasper likes this.
  2. Teacup9095

    Teacup9095 New Member

    Easiest way would be to set up IP Forwarding on your router.
     
  3. af123

    af123 Administrator Staff Member

    The remote scheduling portal was built to fulfil the remote access needs of most people. Have a look at http://wiki.hummy.tv/wiki/Remote_Scheduling if you haven't seen it already. Otherwise, yes, you'll need to port forward and the mongoose package doesn't currently support SSL (it's on my todo list!)
     
  4. makem

    makem Member

    Yes, I was aware that port forwarding would be needed. My question was raised to ask whether today it was practical. I will await SSL. I appreciate my requirements are not those of the majority. Thank you for bearing with me.
     
  5. af123

    af123 Administrator Staff Member

    The latest version of the webif now supports running with SSL - there's a new toggle on the settings screen under general options and if you change it to yes then it will enable HTTPS alongside the standard HTTP.

    If you want to change the port number or add another, then you can edit /mod/etc/mongoose.conf. Just be sure to put an s after the port number to indicate SSL.

    If you want to change the key length or certificate fields, look at the /mod/sbin/mongoose_mkcert script or place your own certificate and unprotected private key in /mod/etc/mongoose.cert.
     
  6. makem

    makem Member

    Thank you :)

    Now I can record while in Asia.
     
  7. makem

    makem Member

    The sites I connect to via SSL all have a logout facility. Is it necessary for our purpose?
     
  8. af123

    af123 Administrator Staff Member

    It's using HTTP authentication so your browser is sending the credentials along with every request rather than using cookies and creating a server side session. Closing the browser is sufficient unless you have told it to remember the password.
     
  9. gebbly

    gebbly New Member

    I think setting up a VPN would answer this use case too as your remote machine would be seen as being on your home network via a secure tunnel. Then just access with your home ip address for the humax (e.g 192.168.x.x).
     
  10. makem

    makem Member

    In our case a password is not requested.
     
  11. makem

    makem Member

  12. af123

    af123 Administrator Staff Member

    if you add a user in the settings screen then restart, it will start prompting for authentication.
     
    makem likes this.
  13. gebbly

    gebbly New Member

    Hi makem,
    Regarding the VPN suggestion. Its not exactly SSH. SSH sets up a tunnel onto a machine allowing you to run command prompt commands from that shell window.

    A VPN usually involves some small setup on your home networks router to allow something like a PPTP VPN, hard to advise as each router is slightly different. You then run a client on your remote machine (I mention PPTP because windows comes with the client by default). The client establishes a connection to your home router and from that point on your machine behaves exactly as though your internet connection was established from within your home network. You will have full access to your home networks devices by using their local ip addresses for example 192.168.x.x. This means no port forwarding would be needed. All encryption and authentication is handled by the VPN making it look like you were a device on the local network. Also you would not need to open your humax or any ports up to the dark world of the internet as it would see itself as being accessed from its local network :)
     
  14. makem

    makem Member

    Would a VPN setup be more secure than SSH? I also gather that SSH can but used over VPN. I travel in Asia, China in particular. I use a Netgear WGT624 v3 router and I would feel more secure using one or both of the above. Are you able to point me to a guide?
     
  15. Black Hole

    Black Hole Felonius Gru

    I think you might need to be careful. I hear China is touchy about uncensored Internet access, and sending encrypted traffic or using a VPN might be seen as a means to bypass the censorship system and have the authorities down on you. I may be wrong, but I think you need to be sure what the situation is.
     
  16. makem

    makem Member

    Yes, that is true but I can seek advice locally. I also travel in Malaysia and Singapore this year so it would be helpful there. Later, on the other side of the world hopefully. In fact wherever I travel it would be an advantage.

    Accessing UK banking is encrypted? I have never had a problem there (yet!)
     
  17. Black Hole

    Black Hole Felonius Gru

    That's fine, only raising it as something to be aware of.
     
  18. gebbly

    gebbly New Member

    Ah, good point Black Hole I hadnt thought about that. However after some digging for what is legal I found http://www.streetarticles.com/cyber-law/vpn-in-china-is-it-legal. Seems it isnt illegal and a use such as communicating with a home network wouldnt pose any problems. However it seems its best to use something other than PPTP and L2TP as they are disabled for one reason or another.

    With regards to security you can indeed use SSH to achieve your VPN. There are many guides online, simply search for "VPN" and "SSH" for example http://bodhizazen.net/Tutorials/VPN-Over-SSH
     
    makem likes this.
  19. makem

    makem Member

    From the web page you suggest I gather this:

    Disadvantages :
    1. As of yet I do not know of a windows client which will use this protocol.
    This means I cannot use a VPN over SSH if I am using windoz?

    You say PPTP and L2TP are disabled, can you suggest an alternative protocol for me to research? You will have gathered I don't have my foot on the first rung yet.
     
  20. Sam Widges

    Sam Widges Active Member

    You don't need a full VPN to access your Humax remotely - you only need to forward the ports that are of interest, typically 23 (telnet) and 80 (http). I wouldn't bother trying to forward 21(ftp) due to the slow speeds you would get.

    This is best done using PuTTY. You need to port forward from your router to the ssh service (22) on the Humax and then set up a tunnel under the PuTTY SSH settings. First, get SSH working remotely, then add a local tunnel to 127.0.0.1, from port 80 to port 80 and save the config. Close your PuTTY session and restart it and then point your browser to http://127.0.0.1 and you should see the WebIF. It's surprisingly straightforward once you have done it a couple of times. You don't need to bother with SSL either because the SSH session is already encrypted. If you want to do the same with telnet, then make sure that the ports are 23 at either end of the tunnel and then telnet to 127.0.0.1 (windows systems don't normally have telnet open so that should be fine).

    What you are doing with this setup is you are telling your computer to echo the service that is at the other end and to make it appear like it is actually running on your machine.

    Once you are happy with the basics of SSH, you should do 2 more things:
    1) Change the port to something that isn't guessable, because hackers go looking for open SSH services
    2) Disable keyboard authentication and use keys instead, even if a hacker or 'bot finds the port, they're not going to get in unless they are really lucky (the odds of winning the UK and euro lotteries on the same week are probably more likely)
     
    makem likes this.