PDA

View Full Version : SSH Port Forwarding and Squeezelite



bernt
2015-11-30, 06:41
Hi!

I have been using Squeezelite and Neorouter for a long time to stream music from home to work.

Did some reading about SSH Port Forwarding and wanted to try it out.

I have set up a SSH tunnel to my Vortexbox with port 9000 and 3483 forwarded. I can browse LMS and the player shows up.

The problem is that I can only use trancode to mp3 and it's says trancoded to pcm? flac don't play at all.

Bithastighet: 1083kbit/s VBR (Converted to 1411kbit/s PCM)

Another thing, I have setup iPeng the same way and it works as it should.


Regards
/Bernt

d6jg
2015-11-30, 06:46
Hi!

I have been using Squeezelite and Neorouter for a long time to stream music from home to work.

Did some reading about SSH Port Forwarding and wanted to try it out.

I have set up a SSH tunnel to my Vortexbox with port 9000 and 3483 forwarded. I can browse LMS and the player shows up.

The problem is that I can only use trancode to mp3 and it's says trancoded to pcm? flac don't play at all.

Bithastighet: 1083kbit/s VBR (Converted to 1411kbit/s PCM)

Another thing, I have setup iPeng the same way and it works as it should.


Regards
/Bernt

Not an advisable thing to do at all - see
http://forums.slimdevices.com/showthread.php?102819-Help-me-set-up-VPN-for-remote-playback-w-iPeng-etc&p=837415&viewfull=1#post837415

bernt
2015-11-30, 06:53
Not an advisable thing to do at all - see
http://forums.slimdevices.com/showthread.php?102819-Help-me-set-up-VPN-for-remote-playback-w-iPeng-etc&p=837415&viewfull=1#post837415

So no one should ever use SSH?

DJanGo
2015-11-30, 06:59
So no one should ever use SSH?

the first s in that 3char shortcut is SECURE
If you didnt have a real vpn connection and some strong limited routes you shouldnt use ssh out of your local lan.

bernt
2015-11-30, 07:07
the first s in that 3char shortcut is SECURE
If you didnt have a real vpn connection and some strong limited routes you shouldnt use ssh out of your local lan.

You are probably right then I think about it. Well, back to Neoruter, but it's so slooooww!

d6jg
2015-11-30, 07:58
You are probably right then I think about it. Well, back to Neoruter, but it's so slooooww!

If you post a bit about your network then people may be able to advise the best options for you. What router do you have ?

bernt
2015-11-30, 08:08
If you post a bit about your network then people may be able to advise the best options for you. What router do you have ?


It's a Telia branded Thomson with no vpn-capabilities. No static outside ip-address. A Vortexbox (static address) and a few devices on the inside.

d6jg
2015-11-30, 08:10
It's a Telia branded Thomson with no vpn-capabilities. No static outside ip-address. A Vortexbox (static address) and a few devices on the inside.

Is that router ADSL2 ?

d6jg
2015-11-30, 08:20
I would recommend swapping the router to one that supports dial-in VPN and DynamicDNS - eg the Draytek range.

In UK the cheapest VDSL/ADSL routers in their range that support what you would need are the 2860/2860n

bernt
2015-11-30, 08:20
Is that router ADSL2 ?

No, ethernet, I have a fiber connection with IP-tv and IP-phone so it's not recommended to replace it.

d6jg
2015-11-30, 08:54
No, ethernet, I have a fiber connection with IP-tv and IP-phone so it's not recommended to replace it.

If you can't change the router then you are a bit snookered. You mention that you want to stream remotely from work. Does work have a fixed IP address and can you at least change your SSH port forwarding rule to only allow connections from the work IP address ?

DJanGo
2015-11-30, 10:36
No, ethernet, I have a fiber connection with IP-tv and IP-phone so it's not recommended to replace it.

? You can (thats the reason why i am not that nice) nat port 22 - then you can also nat Port 500 UDP and maybe Port 4500 to a real vpn router!
This feature is named VPN Passthrough.

Do you think someone in his office uses his router as a vpn firewall? No there is always a router in front of it.

bernt
2015-11-30, 23:31
If you can't change the router then you are a bit snookered. You mention that you want to stream remotely from work. Does work have a fixed IP address and can you at least change your SSH port forwarding rule to only allow connections from the work IP address ?

Yes, I can do ip-restriction, but still, why does Squeezelite behave strange over ssh?

I can also use vpn-passthrough and use Vortexbox as a vpn server. I did look at it a long time ago and it seemed a bit complicated to setup on Vortexbox. In that case it would be nice to use Cisco vpn client as we use it at work and it's a default client in iPhone.

d6jg
2015-12-01, 01:58
Yes, I can do ip-restriction, but still, why does Squeezelite behave strange over ssh?

I can also use vpn-passthrough and use Vortexbox as a vpn server. I did look at it a long time ago and it seemed a bit complicated to setup on Vortexbox. In that case it would be nice to use Cisco vpn client as we use it at work and it's a default client in iPhone.

Over a standard VPN (lan2lan ipsec & pptp) squeezelite works fine. You say you have iPeng working using the SSH tunnel - are you using bitrate limiting in iPeng ? I am wondering if the SSH overhead is simply too great for FLACs ?

On vpn passthrough I think what Jan is suggesting is a separate vpn router inside your network. You could put openVPN onto Vortexbox but there doesn't appear to be a very good howto anywhere that I can see.

bernt
2015-12-01, 02:05
Over a standard VPN (lan2lan ipsec & pptp) squeezelite works fine. You say you have iPeng working using the SSH tunnel - are you using bitrate limiting in iPeng ? I am wondering if the SSH overhead is simply too great for FLACs ?

On vpn passthrough I think what Jan is suggesting is a separate vpn router inside your network. You could put openVPN onto Vortexbox but there doesn't appear to be a very good howto anywhere that I can see.

Both flac and bitrate limiting was working fine over ssh in iPeng.

d6jg
2015-12-01, 02:19
Both flac and bitrate limiting was working fine over ssh in iPeng.

If you can't get a proper VPN going and given that iPeng works I'd suggest leaving that running via the SSH tunnel (as I assume you want to be able to use that anywhere) but as far as streaming at work using squeezelite is concerned why don't you just set up explicit port forwarding rules on your router 9000 TCP & 3483 TCP & UDP for the work IP address only or are they blocked outbound?

d6jg
2015-12-01, 02:25
If you can't get a proper VPN going and given that iPeng works I'd suggest leaving that running via the SSH tunnel (as I assume you want to be able to use that anywhere) but as far as streaming at work using squeezelite is concerned why don't you just set up explicit port forwarding rules on your router 9000 TCP & 3483 TCP & UDP for the work IP address only or are they blocked outbound?

The squeezelite answer is possibly 3483 UDP - just read elsewhere that iPeng doesn't need it but other players do - I expect you haven't forwarded it have you?

DJanGo
2015-12-01, 03:30
On vpn passthrough I think what Jan is suggesting is a separate vpn router inside your network. You could put openVPN onto Vortexbox but there doesn't appear to be a very good howto anywhere that I can see.

yapp.

Its not a wise decision to use something else on your firewall.
May that's the reason why you cant find a proper howto.

Vortexbox should be Fedora, there are plenty howtos to setup openvpn on Fedora.
Why not using a RPi2?
eg. http://www.bbc.com/news/technology-33548728

Julf
2015-12-01, 04:05
The squeezelite answer is possibly 3483 UDP - just read elsewhere that iPeng doesn't need it but other players do - I expect you haven't forwarded it have you?

I guess you need 3483 UDP if you can't tell your client the address of your server.

bernt
2015-12-01, 05:03
Thanks for your suggestions.