Originally posted by DJanGo
Never having set up a VPN I think that for solo usage like mine, SSH using public keys seems to be the simplest solution that should be reasonably secure.
-
OK - thanks.
Never having set up a VPN I think that for solo usage like mine, SSH using public keys seems to be the simplest solution that should be reasonably secure.LMS 8.1 on PC, Xubuntu 20.04, FLACs 16->24 bit, 44.1->192kbps. 2 Touches & EDO.
LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
Also Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
Wireless Xubuntu 20.04 laptop firefox/upplay or Android mobile with Squeeze-Ctrl/BubbleUPnP controls LMS/Minimserver. -
Am I safe?
I have been using my Synology NAS, which sits behind my cable TV router, as a VPN Server for connections to my LAN from remote locations.
The only use I have for this is for using LMS/Player combinations, usually but not exclusively on my Android Phone, on the rare occasions that I am away from home.
The only port that is open on my router is that which is required by the Synology NAS VPN plugin and this port is forwarded by my cable TV router.
I have been following, but not fully understanding this thread, for quite a while and thought I'd better ask the question.
I'm not sure I'm up to setting up and understanding all the logging that is needed to examine this issue and it wouldn't be too much of a wrench for me to simply stop doing this as I must admit my use is rather more experimental than useful.
My only significant discovery has been that my free hospital wifi blocks the Synology VPN port and I have to revert to a 4G phone connection which can be expensive if used for any significant time.Comment
-
IMPORTANT: Stop forwarding your LMS ports to theinternet!
> I have been following, but not fully understanding this thread, for
> quite a while and thought I'd better ask the question.
I think if you're using VPN to access your LMS at home, then you're on
the safe side. Nothing to log or investigate.
--
Michael
Michael
"It doesn't work - what shall I do?" - "Please check your server.log and/or scanner.log file!"
(LMS: Settings/Information)Comment
-
-
Open VPN only seen as cellular
Hi,
after opening the ports today I found this thread.
Now I set up OpenVPN and it works fine, only one issue:
In iPeng I set the Audio Bitrate for cellular to 192kbit and for WiFi to unlimited .
Unfortunately this doesn’t work with open vpn. All music is transcoded to 192 when connected to OpenVPN.
When using port forwarding instead it works fine, untranscoded flac when connected to WiFi, transcoded to 192 when cellular.
Does Anybody have a hint for me?
Thanks
PommesThe Earth Has Music For Those Who ListenComment
-
Even when connected via wifi to a hostspot?Open VPN only seen as cellular
(or with an alternate ovpn config that specifies the "remote" address as the router OVPN server LAN address, eg 192.168.1.1 instead of 77.16.32.250)
If from within your own (wifi) LAN the iPhone can't reach the public address of your OVPN gateway (due to the 'hairpin' routing problem), I suspect it would send that traffic to cellular which is an external network.Last edited by epoch1970; 2018-02-25, 14:14.2 SB 3 • 1 PCP 7 • Libratone Loop, Zipp, Zipp Mini • iPeng (iPhone + iPad) • LMS 8.1 (docker) with plugins: CD Player, WaveInput by bpa • Material Skin by Craig Drummond • IRBlaster by Gwendesign (Felix) • Smart Mix, Music Walk With Me, What Was That Tune? by Michael Herger • PowerSave by Jason Holtzapple • Song Info, Song Lyrics by Erland Isaksson • BBC Sounds by Stuart McLean • AirPlay Bridge by philippe_44 • Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins.Comment
-
I tested again:Originally posted by epoch1970 View Post
When I connect my iPhone from remote to my LMS at home via openvpn, it connects as cellular, both on WiFi and 4g/lte
When I connect my iPhone from remote to my LMS at home via public ip/ open ports, it connects as WiFi, both on WiFi and 4g/lte
That’s both fine with me, I just thought that iPeng would check the connection on my phone.
But:
When connecting via openvpn, all my iPads,Mac, iPhones work well, but my old windows7 squeezeplay laptop buffers every few seconds.
When connecting via public ip/ open ports the windows squeezeplay works fine, as all other devices.
So I would rather keep connecting via public ip/ open ports.
I have put a user/password into LMS, so do you really think it’s a huge security problem with the open ports???
Pease let me know what you honestly think of the security risks.
Thanks
PommesThe Earth Has Music For Those Who ListenComment
-
There's no known, major issue yet. But LMS has not been developed with security in mind. A lot has been added to lower the risks. But I wouldn't be surprised if there were major issues we don't know yet.Originally posted by Pommes View PostMichael
"It doesn't work - what shall I do?" - "Please check your server.log and/or scanner.log file!"
(LMS: Settings/Information)Comment
-
Thank you Michael,Originally posted by mherger View Post
I think I will leave the ports open for now. It is just working much better than with OpenVPN and more convenient.
The server is actually only serving audio and video files. The audio gets backuped every week, I don’t care about loosing the video.
PommesThe Earth Has Music For Those Who ListenComment
-
(I don't understand your connection test report. Anyways.)
Are you using an UDP tunnel or a TCP tunnel for OpenVPN? I would think UDP works much better.Originally posted by Pommes View Post
There seems to be a Win7-specific OVPN issue with network buffer sizes: https://community.openvpn.net/openvpn/ticket/640
According to bug report, setting this in the Win7 client config file:or having this in the corresponding ccd on the server side:Code:sndbuf 131072 rcvbuf 131072
could solve the issue you see with Win7.Code:push "sndbuf 131072" push "rcvbuf 131072"
2 SB 3 • 1 PCP 7 • Libratone Loop, Zipp, Zipp Mini • iPeng (iPhone + iPad) • LMS 8.1 (docker) with plugins: CD Player, WaveInput by bpa • Material Skin by Craig Drummond • IRBlaster by Gwendesign (Felix) • Smart Mix, Music Walk With Me, What Was That Tune? by Michael Herger • PowerSave by Jason Holtzapple • Song Info, Song Lyrics by Erland Isaksson • BBC Sounds by Stuart McLean • AirPlay Bridge by philippe_44 • Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins.Comment
-
Sorry but I don’t understand that .Originally posted by epoch1970 View Post
I am just a user with no programming nor Linux skills.
My router runs the OpenVPN server and I just imported the ovpn file into open vpn GUI on windows 7.
The tunnel is udp and runs fine on Mac, iPad and iPhoneThe Earth Has Music For Those Who ListenComment
-
In other words, try to addin the OpenVPN configuration file of the Win7 machine and see if squeezelite works better.Code:sndbuf 131072 rcvbuf 131072
2 SB 3 • 1 PCP 7 • Libratone Loop, Zipp, Zipp Mini • iPeng (iPhone + iPad) • LMS 8.1 (docker) with plugins: CD Player, WaveInput by bpa • Material Skin by Craig Drummond • IRBlaster by Gwendesign (Felix) • Smart Mix, Music Walk With Me, What Was That Tune? by Michael Herger • PowerSave by Jason Holtzapple • Song Info, Song Lyrics by Erland Isaksson • BBC Sounds by Stuart McLean • AirPlay Bridge by philippe_44 • Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins.Comment
-
Open ports are dangerous. If you can see them externally then so will others (and they will look).Originally posted by Pommes View Post
You will need to ask Pippin about why iPeng sees the openvpn connection as cellular and not wifi when it is wifi but it could be to do with the outgoing public IP that is detected i.e. if it isn't public then perhaps iPeng assumes it to be cellular. I use an SSL VPN connection on my iPhone and that seems to work correctly.Jim
VB2.4 storage QNAP TS419p (NFS)
Living Room Joggler & Pi4/Khadas -> Onkyo TXNR686 -> Celestion F20s
Office Joggler & Pi3 -> Denon RCD N8 -> Celestion F10s
Dining Room SB Radio
Bedroom (Bedside) Pi Zero+DAC ->ToppingTP21 ->AKG Headphones
Bedroom (TV) & Bathroom SB Touch ->Denon AVR ->Mordaunt Short M10s + Kef ceiling speakers
Guest Room Joggler > Topping Amp -> Wharfedale Modus CubesComment
-
I edited my ovpn file on windows, squeezeplay still not able to play flac without buffering every few seconds.Originally posted by epoch1970 View Post
I stream from my satelite reciever via openvpn, and this does work a lot better after i edited the ovpn file the way you asked, so thanks for that.
But for streaming flac with squeezeplay i will use the open ports.The Earth Has Music For Those Who ListenComment
-
Mhh. FLAC or WAV take a lot of bandwidth, probably the tunnel can't keep up.Originally posted by Pommes View Post
I have used bridged OpenVPN tunnels from time to time, everything is fine for mp3/AAC/near CD-quality stuff but for hi-def or lossless I've seen issues.
The server side uses its upload link to send the data, with asymmetric connexions (small upload/large download bandwidths) you get a bottleneck there.
You can try addingto your configs (all clients and server). It might help but probably not. The first 2 options are related to network QoS and are not portable, your linux server will probably be happy to comply but the Win machine I don't know. Use the subset that works on both sides.Code:fast-io passtos comp-lzo no
NOTE: If an option is not supported the OpenVPN process may fail. Don't change these options over the tunnel...
The last option says to disable compression. You're sending binary data, there is nothing to compress there, so by default OpenVPN will just spend a bit of time trying to compress data before changing its mind. Just disable it.
(In openvpn 2.4 there is a new "compress <algo>" option. The way to say "compress no" is to remove/comment the option.)Last edited by epoch1970; 2018-02-28, 11:05.2 SB 3 • 1 PCP 7 • Libratone Loop, Zipp, Zipp Mini • iPeng (iPhone + iPad) • LMS 8.1 (docker) with plugins: CD Player, WaveInput by bpa • Material Skin by Craig Drummond • IRBlaster by Gwendesign (Felix) • Smart Mix, Music Walk With Me, What Was That Tune? by Michael Herger • PowerSave by Jason Holtzapple • Song Info, Song Lyrics by Erland Isaksson • BBC Sounds by Stuart McLean • AirPlay Bridge by philippe_44 • Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins.Comment
Comment