PDA

View Full Version : Remote squeezebox



Rob McKaughan
2007-02-12, 19:42
Any ideas on how to do this?

I want to go over to my friend's house and have her squeezebox connect to my server, thus being able to play and navigate my collection from her squeezebox. The key is that I want the UI to be the squeezebox, not the web interface. Ideally, too, I'd leave an m3u or some such to make it easy to connect via the squeezebox UI.

It's sorta like connecting to Squeezenetwork, but it connects to my server.

And, of course, I want to do this as securely as possible.

And a pony...


It doesn't appear that connecting to http://myhouse:9000/stream.mp3 helps because it doesn't let me navigate my collection from the squeezebox. I want her squeezebox to appear like it's on my LAN (unless, of course, she wants to play her own music).

azinck3
2007-02-12, 21:46
Any ideas on how to do this?

I want to go over to my friend's house and have her squeezebox connect to my server, thus being able to play and navigate my collection from her squeezebox. The key is that I want the UI to be the squeezebox, not the web interface. Ideally, too, I'd leave an m3u or some such to make it easy to connect via the squeezebox UI.

It's sorta like connecting to Squeezenetwork, but it connects to my server.

And, of course, I want to do this as securely as possible.

And a pony...


It doesn't appear that connecting to http://myhouse:9000/stream.mp3 helps because it doesn't let me navigate my collection from the squeezebox. I want her squeezebox to appear like it's on my LAN (unless, of course, she wants to play her own music).

The secure and good way to do this if you intend a long-term setup is to use SSH and port forwarding (just do a search in these forums, I'm sure someone's written a step-by-step). Doing this, however, is a nuisance for a number of reasons...not the least of which being that it requires that you run an SSH client on a computer on her LAN.

The easier, unsecure way to do it (indeed, the way that I do it) is to open port 9000 (tcp) and 3483 (tcp and udp) in your firewall and set up port forwarding on your router for those two ports so that all incoming requests on those ports go to your computer running slimserver. It's only insecure in as much as 1) communication between your squeezebox and server is unencrypted (who cares), 2) anyone who knows your ip address could stream music from you (unlikely, but possible) and 3) though there are no currently known exploits, it's possible that these open ports could more readily allow a hacker to attack and access your system.

The real trouble with the easy setup is that it only really works well if the network where slimserver is located has a static global ip address. Most home internet connections do not enjoy such a luxury. Services like ipupdater and dyndns provide the helpful ability to reference your home computer at any time via dns without having to know your current IP, but the squeezebox cannot resolve named addresses. So you might get lucky and have a static IP, or a dynamic IP that changes infrequently enough so as to be effectively static, but odds are that you'll have to look up your IP address every time you want to access your collection with her squeezebox. If you want the longer-term setup then use SSH.

peter
2007-02-14, 02:17
azinck3 wrote:
> Rob McKaughan;180061 Wrote:
>
>> Any ideas on how to do this?
>>
>> I want to go over to my friend's house and have her squeezebox connect
>> to my server, thus being able to play and navigate my collection from
>> her squeezebox. The key is that I want the UI to be the squeezebox,
>> not the web interface. Ideally, too, I'd leave an m3u or some such to
>> make it easy to connect via the squeezebox UI.
>>
>> It's sorta like connecting to Squeezenetwork, but it connects to my
>> server.
>>
>> And, of course, I want to do this as securely as possible.
>>
>> And a pony...
>>
>>
>> It doesn't appear that connecting to http://myhouse:9000/stream.mp3
>> helps because it doesn't let me navigate my collection from the
>> squeezebox. I want her squeezebox to appear like it's on my LAN
>> (unless, of course, she wants to play her own music).
>>
>
> The secure and good way to do this if you intend a long-term setup is
> to use SSH and port forwarding (just do a search in these forums, I'm
> sure someone's written a step-by-step). Doing this, however, is a
> nuisance for a number of reasons...not the least of which being that it
> requires that you run an SSH client on a computer on her LAN.
>

No, the secure and good way to do this is by using VPN technology.
SSH kind of works but is not very good at pretending to be a VPN.

> The easier, unsecure way to do it (indeed, the way that I do it) is to
> open port 9000 (tcp) and 3483 (tcp and udp) in your firewall and set up
> port forwarding on your router for those two ports so that all incoming
> requests on those ports go to your computer running slimserver. It's
> only insecure in as much as 1) communication between your squeezebox
> and server is unencrypted (who cares), 2) anyone who knows your ip
> address could stream music from you (unlikely, but possible) and 3)
> though there are no currently known exploits, it's possible that these
> open ports could more readily allow a hacker to attack and access your
> system.
>

I don't like 2) and 3) at all. This solution is perfectly fine as long
as you can use IP filtering, which is only really possible if both sides
have static IP's

> The real trouble with the easy setup is that it only really works well
> if the network where slimserver is located has a static global ip
> address. Most home internet connections do not enjoy such a luxury.
> Services like ipupdater and dyndns provide the helpful ability to
> reference your home computer at any time via dns without having to know
> your current IP, but the squeezebox cannot resolve named addresses. So
> you might get lucky and have a static IP, or a dynamic IP that changes
> infrequently enough so as to be effectively static, but odds are that
> you'll have to look up your IP address every time you want to access
> your collection with her squeezebox. If you want the longer-term setup
> then use SSH.
>
Or openvpn or hamachi, which works without any party having static ip
addresses.

Regards,
Peter

azinck3
2007-02-14, 07:33
azinck3 wrote:
> Rob McKaughan;180061 Wrote:
>
>> Any ideas on how to do this?
>>
>> I want to go over to my friend's house and have her squeezebox connect
>> to my server, thus being able to play and navigate my collection from
>> her squeezebox. The key is that I want the UI to be the squeezebox,
>> not the web interface. Ideally, too, I'd leave an m3u or some such to
>> make it easy to connect via the squeezebox UI.
>>
>> It's sorta like connecting to Squeezenetwork, but it connects to my
>> server.
>>
>> And, of course, I want to do this as securely as possible.
>>
>> And a pony...
>>
>>
>> It doesn't appear that connecting to http://myhouse:9000/stream.mp3
>> helps because it doesn't let me navigate my collection from the
>> squeezebox. I want her squeezebox to appear like it's on my LAN
>> (unless, of course, she wants to play her own music).
>>
>
> The secure and good way to do this if you intend a long-term setup is
> to use SSH and port forwarding (just do a search in these forums, I'm
> sure someone's written a step-by-step). Doing this, however, is a
> nuisance for a number of reasons...not the least of which being that it
> requires that you run an SSH client on a computer on her LAN.
>

No, the secure and good way to do this is by using VPN technology.
SSH kind of works but is not very good at pretending to be a VPN.


Ok, help me out here, why's a VPN better for this? I'm not an expert on either VPNs or SSH, so I'd love to learn. I would think SSH would be better since with SSH at least not all of your outbound traffic goes through the remote network--only the SB traffic.

peter
2007-02-14, 07:57
azinck3 wrote:
> Peter;180461 Wrote:
>
>> azinck3 wrote:
>>
>>> Rob McKaughan;180061 Wrote:
>>>
>>>
>>>> Any ideas on how to do this?
>>>>
>>>> I want to go over to my friend's house and have her squeezebox
>>>>
>> connect
>>
>>>> to my server, thus being able to play and navigate my collection
>>>>
>> from
>>
>>>> her squeezebox. The key is that I want the UI to be the
>>>>
>> squeezebox,
>>
>>>> not the web interface. Ideally, too, I'd leave an m3u or some such
>>>>
>> to
>>
>>>> make it easy to connect via the squeezebox UI.
>>>>
>>>> It's sorta like connecting to Squeezenetwork, but it connects to my
>>>> server.
>>>>
>>>> And, of course, I want to do this as securely as possible.
>>>>
>>>> And a pony...
>>>>
>>>>
>>>> It doesn't appear that connecting to http://myhouse:9000/stream.mp3
>>>> helps because it doesn't let me navigate my collection from the
>>>> squeezebox. I want her squeezebox to appear like it's on my LAN
>>>> (unless, of course, she wants to play her own music).
>>>>
>>>>
>>> The secure and good way to do this if you intend a long-term setup
>>>
>> is
>>
>>> to use SSH and port forwarding (just do a search in these forums,
>>>
>> I'm
>>
>>> sure someone's written a step-by-step). Doing this, however, is a
>>> nuisance for a number of reasons...not the least of which being that
>>>
>> it
>>
>>> requires that you run an SSH client on a computer on her LAN.
>>>
>>>
>> No, the secure and good way to do this is by using VPN technology.
>> SSH kind of works but is not very good at pretending to be a VPN.
>>
>>
>
> Ok, help me out here, why's a VPN better for this? I'm not an expert
> on either VPNs or SSH, so I'd love to learn. I would think SSH would
> be better since with SSH at least not all of your outbound traffic goes
> through the remote network--only the SB traffic.
>

That's not a prerequisite of VPN's. Only the traffic destined for the
other side of the tunnel can go over the VPN link. If you use Windows
VPN client you should uncheck 'use default gateway on remote network'
(or something) in the settings.

A nice thing about VPN's is that if you use a central 'hub' you don't
need to have static ip's (or you can move your laptop around and it will
still be on the vpn network). Using SSH as a tunnel is actually a kind
of poor man's vpn. Worse because it wasn't built to keep the link up (as
vpn's are).

I use openvpn clients that connect to each other with my colo server as
a hub, not all traffic goes over the VPN, just the stuff I want to.
That's a nice setup, but requires a colo server which makes it
impractical for most people. That's why hamachi ( http://www.hamachi.cc/
) is so nice. It can create vpn networks via a central registry, while
the traffic just moves between you and the peer. All IP addresses can be
dynamic.

With all tunneling setups you'll have to do some port forwarding if you
want to tunnel traffic to a (hardware) SqueezeBox, that's easier with
ssh which does that by default.

If the client & server have static IP's (which is usually the case in my
country) I'd just use ip filtering on the router that the slimserver is
behind. Simple, fast and plenty safe enough.

Regards,
Peter

jncraig
2007-02-14, 09:47
> The secure and good way to do this if you intend a long-term setup is
> to use SSH and port forwarding

For those of us who don't speak VPN and stuff, I've found that the
free Hamachi networking that's available via logmein.com works quite
well. It's pretty much self-configuring, and it gets around issues
related to dynamic IP and all of the other messes.

--


Joe

peter
2007-02-14, 14:00
Joe Craig wrote:
>> The secure and good way to do this if you intend a long-term setup is
>> to use SSH and port forwarding
>>
>
> For those of us who don't speak VPN and stuff, I've found that the
> free Hamachi networking that's available via logmein.com works quite
> well. It's pretty much self-configuring, and it gets around issues
> related to dynamic IP and all of the other messes.
>

Ah, at last another believer. I think Hamachi is an absolutely wonderful
VPN implementation for non-techies (or even for techies). If only it
would penetrate the firewall at the university as openvpn does, I would
be using it full time.

Regards,
Peter

JJZolx
2007-02-14, 14:12
If she has a relatively static IP address, such as those on many home cable and dsl connections, then you really don't have to bother with either a VPN or SSH. Just open the necessary ports in your router's firewall to _only_ her IP address. The convenience of this approach is going to depend on how static her IP address is. Any time it changes, you'll need to update the firewall rule.

Rob McKaughan
2007-02-15, 00:47
Cool. I love lively discussion. I'll look into these.

These'll get get the traffic through. What's the best way to set up something so I can switch to my server on the squeezebox? I know I can hold down the power button and reset it, but I'd like something like just browsing throught the menus (again like squeezenetwork).