Home of the Squeezebox™ & Transporter® network music players.
Results 1 to 10 of 10
  1. #1
    Senior Member stereoptic's Avatar
    Join Date
    Jan 2012
    Location
    NY
    Posts
    280

    VPN Question - Connecting to LMS - Netgear Nighthawk Router

    Previously I was able to connect to my LMS through VPN on my android phone while I was on 3G, 4G, or another wireless network. I was using a Raspberry pi and "Open VPN for Android" on my Samsung Galaxy. Click on Orange Squeeze, select my server (192.168.n.nnn) and I was set to go.

    I recently upgrade my router to a Netgear Nighthawk r7000. I set up VPN on there using my dyndns account. I am able to connect to the files on my LMS server (using file management tools like File Expert) and also 'puTTY' in (using Connectbot), but when I try to access the LMS server page (192.168.n.nnn:9000) on the internet, or through any apps such as Orange Squeeze, I get a "Connection error, unexpected end of stream on connection).

    I do not have any ports forwarded on the router.

    I understand that there are difference in the Raspberry pi VPN software and the Nighthawk software. I am not sure why the Rpi VPN would connect to LMS and the router VPN won't.

    Any assistance would be appreciated - Do I have to make some changes on the router side or the dyndns side, or both?

    thanks in advance

  2. #2
    Senior Member
    Join Date
    May 2017
    Posts
    206
    What platform is lms server running on? Are files stored on lms server?
    SqueezeBoxes: 2x SB2 (Living room and study), 1x Radio (Kitchen), 1x Boom (Dining room), 1x piCorePlayer (jacuzzi), 1x piCorePlayer (Garden) 1x OSMC + Squeezelite (Movie room), 1x Touch (Bedroom)
    Server: LMS on Pi3 7.9.1. on PcP 3.21
    Network: AVM Fritzbox, D-Link Smart Switch 24p, 3x Ubiquity

  3. #3
    Senior Member stereoptic's Avatar
    Join Date
    Jan 2012
    Location
    NY
    Posts
    280
    LMS is running on a Mac Mini Mac OS. The files are on an external drive connected to the Mac Mini. Thanks for the reply is there any other information that I can supply that would help?

  4. #4
    Senior Member stereoptic's Avatar
    Join Date
    Jan 2012
    Location
    NY
    Posts
    280
    I no longer leave those 2 ports open to the internet through the router. But when I did, I had also selected "Block Incoming Connections" and had my internal IP in the approved IP addresses field.

    I unchecked the block incoming connections and now I can connect to the LMS server through VPN. I am assuming that there shouldn't be a security issue under these conditions?

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Location
    Paris, France
    Posts
    2,128
    Quote Originally Posted by stereoptic View Post
    I am assuming that there shouldn't be a security issue under these conditions?
    Sorry I tried but I don't see what's up with your openvpn setup.
    But here is a generic tip: run a port scan against your router and you'll see if anything is exposed to the Internet. (This one from whatismyip.org assumes you run the test from behind your router. Others usually allow scanning any IP address.)
    3 SB 3 • Libratone Loop, Zipp Mini • iPeng (iPhone + iPad) • LMS 7.9 (linux) with plugins: CD Player, WaveInput, Triode's BBC iPlayer by bpa • IRBlaster by Gwendesign (Felix) • Server Power Control by Gordon Harris • Smart Mix, Music Walk With Me, What Was That Tune? by Michael Herger • PowerSave by Jason Holtzapple • Song Info, Song Lyrics by Erland Isaksson • AirPlay Bridge by philippe_44 • WeatherTime by Martin Rehfeld • Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins.

  6. #6
    Senior Member stereoptic's Avatar
    Join Date
    Jan 2012
    Location
    NY
    Posts
    280
    Quote Originally Posted by epoch1970 View Post
    Sorry I tried but I don't see what's up with your openvpn setup.
    But here is a generic tip: run a port scan against your router and you'll see if anything is exposed to the Internet. (This one from whatismyip.org assumes you run the test from behind your router. Others usually allow scanning any IP address.)
    Thanks much! Great idea - I'll run a port scan - I have the software on the Mac.

  7. #7
    Senior Member
    Join Date
    Apr 2008
    Location
    Paris, France
    Posts
    2,128
    Quote Originally Posted by stereoptic View Post
    Thanks much! Great idea - I'll run a port scan - I have the software on the Mac.
    Actually, I've run the whatismyip.org scanner against a router of mine, I don't think it scans UDP ports.
    http://nmap.online-domain-tools.com this one is listed in the nmap.org website. It's a bit trickier to use because it exposes the nmap command-line arguments. But it does the job better.

    Also: what you want is port scanning from the exterior of your network, and get to see what an attacker would see. So either run an online tool or run your own software from another network, like at friends. Make sure that network allows any outgoing port/protocol, a hotspot usually does not.

    EDIT. And in case you find scan results that look unbelievably bad, consider these days a naked machine exposed to the internet might get infected in 5 minutes.
    Last edited by epoch1970; 2017-10-04 at 05:06.
    3 SB 3 • Libratone Loop, Zipp Mini • iPeng (iPhone + iPad) • LMS 7.9 (linux) with plugins: CD Player, WaveInput, Triode's BBC iPlayer by bpa • IRBlaster by Gwendesign (Felix) • Server Power Control by Gordon Harris • Smart Mix, Music Walk With Me, What Was That Tune? by Michael Herger • PowerSave by Jason Holtzapple • Song Info, Song Lyrics by Erland Isaksson • AirPlay Bridge by philippe_44 • WeatherTime by Martin Rehfeld • Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins.

  8. #8
    Junior Member
    Join Date
    Oct 2017
    Posts
    1
    I'm using the same setup with OpenVPN for Android on OP3T and R7000. All works fine. No port forwarding on the router. Router is configured to Netgear DNS server. OpenVPN is configured with "tls-cipher DEFAULT:@SECLEVEL=0" in the advanced custom options, and "192.168.0.0/24" in the routing options.

  9. #9
    Senior Member
    Join Date
    May 2017
    Posts
    206
    In my opinion no routing issue since the music share is accessible.
    SqueezeBoxes: 2x SB2 (Living room and study), 1x Radio (Kitchen), 1x Boom (Dining room), 1x piCorePlayer (jacuzzi), 1x piCorePlayer (Garden) 1x OSMC + Squeezelite (Movie room), 1x Touch (Bedroom)
    Server: LMS on Pi3 7.9.1. on PcP 3.21
    Network: AVM Fritzbox, D-Link Smart Switch 24p, 3x Ubiquity

  10. #10
    Senior Member stereoptic's Avatar
    Join Date
    Jan 2012
    Location
    NY
    Posts
    280
    Quote Originally Posted by epoch1970 View Post
    Actually, I've run the whatismyip.org scanner against a router of mine, I don't think it scans UDP ports.
    http://nmap.online-domain-tools.com this one is listed in the nmap.org website. It's a bit trickier to use because it exposes the nmap command-line arguments. But it does the job better.

    Also: what you want is port scanning from the exterior of your network, and get to see what an attacker would see. So either run an online tool or run your own software from another network, like at friends. Make sure that network allows any outgoing port/protocol, a hotspot usually does not.

    EDIT. And in case you find scan results that look unbelievably bad, consider these days a naked machine exposed to the internet might get infected in 5 minutes.
    Quote Originally Posted by amitgil View Post
    I'm using the same setup with OpenVPN for Android on OP3T and R7000. All works fine. No port forwarding on the router. Router is configured to Netgear DNS server. OpenVPN is configured with "tls-cipher DEFAULT:@SECLEVEL=0" in the advanced custom options, and "192.168.0.0/24" in the routing options.
    Quote Originally Posted by edwin2006 View Post
    In my opinion no routing issue since the music share is accessible.
    Thanks all!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •