Jump to content

NAS - Remote Access

Windspeed36
 Share

Helpful to point out that you don't need dyndns on the router, and most routers support a very small amount of providers. You can run a client on your PC, and if you own your own domain or get a free one from freenom, you can configure dyndns with cloudflare and subdomains.

Comb it with a brick

Link to comment
Share on other sites

Link to post
Share on other sites

5 hours ago, .:MARK:. said:

Helpful to point out that you don't need dyndns on the router, and most routers support a very small amount of providers. You can run a client on your PC, and if you own your own domain or get a free one from freenom, you can configure dyndns with cloudflare and subdomains.

This is a good option, but having it run on the router itself - if suitable - in my opinion is a better option, since the router is always connected, and can update the IP instantly. If your IP changes while your client PC is turned off, but say you're out on vacation and need to access some files, you won't be able to run home and turn the PC on. If you're running it on a PC that is never shut off, for example, a server, then that might work, but I personally tend to favour letting the Router handle it.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

Just a note on PPTP VPNs, they're not really secure. The MS-CHAPv2 protocol that they very frequently use for authentication is no longer secure and even Microsoft themselves recommends the use of a different VPN protocol. While PPTP may be fine for normal, everyday, home use, if you need to access confidential or sensitive data please do not use PPTP. Your best option would be to use OpenVPN or L2TP/IPsec as they are far more secure than PPTP.

15" MBP TB

AMD 5800X | Gigabyte Aorus Master | EVGA 2060 KO Ultra | Define 7 || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, dalekphalm said:

This is a good option, but having it run on the router itself - if suitable - in my opinion is a better option, since the router is always connected, and can update the IP instantly. If your IP changes while your client PC is turned off, but say you're out on vacation and need to access some files, you won't be able to run home and turn the PC on. If you're running it on a PC that is never shut off, for example, a server, then that might work, but I personally tend to favour letting the Router handle it.

Totally agree, I was saying for those that can't do it on the router or don't want to use stupid services like no-ip. Where no-ip or dyndns is usually the only options.

Comb it with a brick

Link to comment
Share on other sites

Link to post
Share on other sites

  • 1 month later...

While I agree with @Blade of Grass that PPTP is insecure, in this instance it's the perfect protocol. It's extremely easy to setup, it has very little overhead, and is supported by basically every OS/device out there. I have both PPTP and L2TP setup on my home router, but I use PPTP more often than L2TP simply because it's faster and I don't need security. A good example of when you want to use PPTP over OpenVPN/L2TP is streaming content. If I connect to a PPTP VPN I can stream Netflix in HD just fine but I'm limited to SD over L2TP (even if the latency is nearly the same). I tried about half a dozen different VPN servers (both with PPTP and L2TP installed, some even in the same state) and there was absolutely no way for me to stream Netflix in HD. Now of course this is just an example, but imagine if you want to stream your 1080p home movies off your NAS while you're at your grandparent's house? Stick with PPTP unless you don't trust their network.

-KuJoe

Link to comment
Share on other sites

Link to post
Share on other sites

One thing to also note, if you use a service like DynDNS or No-IP to setup a DNS address to your home IP you should triple check that your router doesn't allow remote access by default, this can allow some really bad stuff even if you don't use the default login and password.

-KuJoe

Link to comment
Share on other sites

Link to post
Share on other sites

  • 3 weeks later...
On April 7, 2016 at 10:33 PM, KuJoe said:

One thing to also note, if you use a service like DynDNS or No-IP to setup a DNS address to your home IP you should triple check that your router doesn't allow remote access by default, this can allow some really bad stuff even if you don't use the default login and password.

This is true regardless of whether or not you have a domain name pointed to your router. The people who try to hack into open routers are usually just using a script, possibly in a botnet, to scan thousands of IPs per second.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, brwainer said:

This is true regardless of whether or not you have a domain name pointed to your router. The people who try to hack into open routers are usually just using a script, possibly in a botnet, to scan thousands of IPs per second.

This is very true, I just figured if people are setting up a DNS they might be sharing the DNS with friends/family so it's more likely to be targeted compared to random scans.

-KuJoe

Link to comment
Share on other sites

Link to post
Share on other sites

  • 3 weeks later...

Random side note: I actually do something kind of different with this. If I want internal access to my network, which is primarially composed of Linux machines, I'll SSH into my host machine and access my network through there. This involves you setting up openSSH servers on each machine (which is .. really not hard to do) and probably isn't as simple as what the OP has here, but it's what I do. To access files, I'll use SFTP, which is fairly safe. All of my data is stored on a single machine (the machine I connect to), so I don't suffer many problems. It's just a faster option if you're using Linux.

 

It's my way of being lazy around setting up an OpenVPN server, honestly. >.> Plus, I use a VPN to elsewhere when I'm out and about.

Link to comment
Share on other sites

Link to post
Share on other sites

On 15/05/2016 at 4:38 AM, Lildirt said:

Random side note: I actually do something kind of different with this. If I want internal access to my network, which is primarially composed of Linux machines, I'll SSH into my host machine and access my network through there. This involves you setting up openSSH servers on each machine (which is .. really not hard to do) and probably isn't as simple as what the OP has here, but it's what I do. To access files, I'll use SFTP, which is fairly safe. All of my data is stored on a single machine (the machine I connect to), so I don't suffer many problems. It's just a faster option if you're using Linux.

 

It's my way of being lazy around setting up an OpenVPN server, honestly. >.> Plus, I use a VPN to elsewhere when I'm out and about.

SFTP is great, but natively, the throughput of OpenSSH is slow.

Comb it with a brick

Link to comment
Share on other sites

Link to post
Share on other sites

  • 5 months later...
On 5/14/2016 at 10:38 PM, Lildirt said:

Random side note: I actually do something kind of different with this. If I want internal access to my network, which is primarially composed of Linux machines, I'll SSH into my host machine and access my network through there. This involves you setting up openSSH servers on each machine (which is .. really not hard to do) and probably isn't as simple as what the OP has here, but it's what I do. To access files, I'll use SFTP, which is fairly safe. All of my data is stored on a single machine (the machine I connect to), so I don't suffer many problems. It's just a faster option if you're using Linux.

 

It's my way of being lazy around setting up an OpenVPN server, honestly. >.> Plus, I use a VPN to elsewhere when I'm out and about.

So that I understand, you use key pairs for the ssh connection and supply the port for directing your router to whichever linux server you wish to access? and you also supply either  the WAN (routers external) IP or use a DNS in the ssh connection string?

Link to comment
Share on other sites

Link to post
Share on other sites

  • 1 month later...

hi guys newbie here. so new and such a noob that i have spent many house following many so called guides on manufacturer websites and got nowhere close to being able to set up a ftp server.

 

My goal at the end is this: To be able to setup my d link sharecenter as a ftp server and be able to have myself and a cousin access it over the internet. So far all i managed to do the first time around was to have my nas disappear from my network devices list and get it back somehow. Now the second time around after buying a Nighthawk x6 i changed some setting for the router and the sharecenter, forwarded some ports and created some Dynamic DDNS via some free account in the netgear  UI. Apparently i did it over here but had trouble verifying it in my sharecenter UI.

 

It says in my sharecenter UI that i have a FTP server running. I have no idea what that even means. I have no clue how to access it. It gives me some IP address there which is different from the IP my router says which is my sharecenter then there is the IP address which the DDNS IP address which is god knows used for what.

 

So i understand that i am very far away. Maybe you guys can get me closer. Or maybe in the correct direction with a noob friendly + idiot proof youtube guy/video or online guide.

 

Appreciate all the help i can get

IMG_20161230_053238.jpg

Link to comment
Share on other sites

Link to post
Share on other sites

  • 8 months later...

Since this is a sticky, and there seems to be a general difficulty when setting up OpenVPN servers (as some have said, don't use PPTP), take a look on this free OpenVPN management panel: https://pritunl.com/

 

It's free, really easy to setup and supports, 2-factor authentication, tons of configurations, everything handled from the web GUI.

Link to comment
Share on other sites

Link to post
Share on other sites

  • 1 year later...
On 2/26/2016 at 4:31 PM, Windspeed36 said:

So, you want to access your NAS/internal storage shares when you're out of the office or away from home? Well there's two ways of doing this.

 

Bring the network to you

or

 Put yourself in the network

Bring the network to you

 

This quite simply is allowing you to remote into the network without being a part of it. The common way of doing this is having a web page such as mystorage.myhomenetwork.com with a login page. You'll simply be able to go to that site, put in a username and password then download or upload whatever content you want. You'll see this quite commonly with services like Google Drive, Dropbox and OneDrive but it's not limited to that. QNAP and Synology alongside most NAS manufacturers as well as certain versions of Windows Server allow this. For example, QNAP call this feature 'Web File Manager' and more info on their implementation can be found here.

What do you need to do this?

  • You need a NAS setup that supports such an application - as mentioned, almost all NAS manufacturers do and most versions of Windows Server do as well - in server it is known as RWA or Remote Web Access. More info here.
  • You need to allow this process through router and local machine firewalls & forward the ports.
    • For the firewall, it'll depend on your device. You simply need to allow either the UDP or TCP (depending on connection type) through the device's firewall. I know QNAP will do this automatically when you enable the WFM.
    • You'll need to forward the ports as well - a guide on port forwarding for your router can be found here.
      • What this does is means that requests made to a specific port number, eg 8080 via your external IP eg, 144.55.26.62 are forwarded to an internal address. What you'll then be able to do is access http://144.55.26.62:8080 via a browser and be presented with the web interface for either the immediate file share or your NAS's remote management page depending on the OS & hardware you're using.
  • A lot of NAS manufacturers also support mobile apps to access content. They'll also need certain ports to be forwarded so they can communicate with the NAS.

Why do you need to forward ports?

Ports are closed by default for security so that people can't simply hack through basic login pages and gain access into your network.

 

Put yourself in the network

This means using a VPN connection to put yourself inside your network without physically being there. This is a really good option if you don't want the world to have immediate access to any open port rules or if you need to share quite a lot with the outside world. Eg, remote desktop, samba shares, terminal server ect.

 What does a VPN actually do?

A PPTP VPN (when setup on a device to forward all traffic) will put your device as a part of the same subnet that the VPN server is running on. Eg if you have a VPN server setup internally to assign an IP in the range of 192.168.1.100-192.168.1.120, you'll be put in the network and be able to access the rest of the network as if you were running at home. Any traffic sent from your device will first go through the VPN server then out to the wide world.

 What's the downside of running a VPN server?

If you've setup the client to send all traffic through this VPN server, you'll be limited by the speed of the internet connection on the VPN server. Eg this is fine if you're like me and have 100/100 fibre however if you're stuck with 10/1 ADSL or similar, this might be a problem and you'll want to reconsider the entire concept of file sharing from home if you can't get a better internet speed. Hence why Dropbox/Google Drive are so popular.

What do you need to do this?

  • A VPN server. Yep, that's it.
  • More specifically, most routers these days support running their own PPTP VPN server. Some more advanced units are able to comply with more advanced VPN types that are much more secure however I'm not going to delve too much into that - chances are if you understand them, you don't need this guide.

Why do you need a VPN?

Once you've got the VPN running and you're inside the same network that the NAS is, you'll be able to access everything as if you were there. Samba shares through file explorer and similar will all act as if you were right there next to it.

But putting in my IP in the browser or as the VPN doesn't always work? It used to connect and now it doesn't??!?

This is because you've got what is known as a dynamic IP. What this means is that your IP is changed randomly, normally on reboot of your modem or based on a lease expiry time by your ISP. However this doesn't mean that you're doomed = enter dynamic DNS.

To understand how this works, you need to understand what a DNS is. DNS is a domain name server, it's where you translate a host name: google.com into an IP address that is used to route packets. You can't really go to your router and say Hey, I'm a packet and I want to go to google.com  - a DNS server is contacted by your PC or router (depending on the PC's DNS settings) and says Hey, I want to go to google.com, what is that IP address - Oh, that IP for google is xx.xx.xx.xx

A dynamic DNS works by having an account with a dynamic DNS provider like DYNDNS - you put your account credentials into your router and regularly the router will contact DYNDNS saying Hey, my account is ABC and my external IP is 123.

When you then access your external domain such as http://mydomain.dyndns.org, the device your on will lookup what the IP for that is through a DNS server and get back your current external IP.

You can use this dynamic DNS process for anything where you need your external IP such as VPN server or the remote file access via a web browser. You'll simply need to put a port number on the end: eg mydomain.dyndns.org:8080

Keep in mind that not all routers support DYNDNS however those that do normally also support their own VPN server and it's becoming more and more common these days.

 

Hopefully this helps clear a few things up. Keep in mind that you will be limited by the upload and download speeds of the internet where the server is.

What is a good free VPN to connect to ur home network that can be used on windows,Mac,android,PC and Linux ?

 

Thanks 

Technology is NEVER easy :(

Link to comment
Share on other sites

Link to post
Share on other sites

18 hours ago, Trilex said:

What is a good free VPN to connect to ur home network that can be used on windows,Mac,android,PC and Linux ?

 

Thanks 

Are you talking about using a VPN to remote access your NAS while you're at, say, Work or Starbucks? In this case, OpenVPN is pretty much the standard for such endeavours - but there are other alternatives. OpenVPN Servers can be hosted on most OS's - typically Linux, though. Many routers also have built-in VPN Servers too (some even run OpenVPN specifically).

 

Client, wise, OpenVPN works on most OS's.

 

If you're talking about a "Commercial" VPN used for privacy, geolocation, or anonymity (such as PIA or NordVPN, etc), then there are dozens and dozens of choices that work on all OS's.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

  • 1 month later...
6 hours ago, soulreaper11207 said:

Umm easy solution... Team viewer file transfer. 

Very slow process. Even over LAN it’s slow. It’s simple and does work, but not ideal. 

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

  • 5 months later...

Hey I installed a DIY home surveillance camera system (2 cameras, POE Switch, Windows 10 machine running 'Blue Iris' capture software) and I want to access my home network in a vey secure manner. 

The community on my surveillance forum share scary stories when it comes to remotely accessing your network (due to botnets, etc) and they are also very divided when it comes to recommending the BEST way to access your home network. so im hoping to get some clarification from you guys.

Here are some options that I am looking into:

1. Run OpenVPN Server on my windows 10 machine (runs 24/7 to capture camera footage).
2. Run OpenVPN Server on a raspberry Pi attached to my network (as described here: https://www.youtube.com/watch?v=15VjDVCISj0&t=301s)
3. Getting an Asus router or EdgeRouter that supports OpenVPN server.
4. Getting something like a SonicWall or pfsense firewall that would give me the ability to VPN in.

 

my networking skills are pretty newbish but I enjoy DIY and learning new things. Since I don't want to spend money, my favourite initial option is to install OpenVPN on the machine I already have running but some have said that this potentially introduced vulnerabilities because its not a dedicated device. 

a) Is running a VPN server on Raspberry pi more secure than running it off my Windows machine?
b) Is it worth investing in a router with VPN capabilities?
c) should I just invest in a dedicated firewall appliance to manage the VPN?

 

your insights are appreciated


 

Link to comment
Share on other sites

Link to post
Share on other sites

9 hours ago, TheXiaosenJuan said:

Hey I installed a DIY home surveillance camera system (2 cameras, POE Switch, Windows 10 machine running 'Blue Iris' capture software) and I want to access my home network in a vey secure manner. 

The community on my surveillance forum share scary stories when it comes to remotely accessing your network (due to botnets, etc) and they are also very divided when it comes to recommending the BEST way to access your home network. so im hoping to get some clarification from you guys.

Here are some options that I am looking into:

1. Run OpenVPN Server on my windows 10 machine (runs 24/7 to capture camera footage).

Do not do this - for security and compartmentalization reasons, you don't want your VPN server running on any other server (unless it's jailed or a docker container or a VM).

9 hours ago, TheXiaosenJuan said:


2. Run OpenVPN Server on a raspberry Pi attached to my network (as described here: https://www.youtube.com/watch?v=15VjDVCISj0&t=301s)

Nothing wrong with that.

9 hours ago, TheXiaosenJuan said:

3. Getting an Asus router or EdgeRouter that supports OpenVPN server.

Nothing wrong with that either - and it'll be easier to setup.

9 hours ago, TheXiaosenJuan said:

4. Getting something like a SonicWall or pfsense firewall that would give me the ability to VPN in.

Nothing wrong with that, but it'll be more expensive and/or highly more complex (and troubleshooting will be more complex too).

9 hours ago, TheXiaosenJuan said:

my networking skills are pretty newbish but I enjoy DIY and learning new things. Since I don't want to spend money, my favourite initial option is to install OpenVPN on the machine I already have running but some have said that this potentially introduced vulnerabilities because its not a dedicated device. 

There is merit to their concerns.

9 hours ago, TheXiaosenJuan said:

a) Is running a VPN server on Raspberry pi more secure than running it off my Windows machine?

Yes and no. The problem is not so much running it off of a Windows machine, but rather that it's the same machine as your surveillance server - you want to isolate critical things from each other.

9 hours ago, TheXiaosenJuan said:

b) Is it worth investing in a router with VPN capabilities?

It would certainly make your life a lot easier, there's no question about that - and it would mean not needing to port forward, etc. So it really depends on if the easier nature of a router w/ VPN Server capabilities is worth it for you - or whether you can justify it in some other way (Eg: increased WIFI performance or range, other useful features, your current router being old and slow, etc).

9 hours ago, TheXiaosenJuan said:

c) should I just invest in a dedicated firewall appliance to manage the VPN?

 

your insights are appreciated

 

 

I'd recommend going the route of getting a Router with a VPN Server feature out of the box, but an alternative would be using a Pi or another dedicated computer/device to setup and run the VPN Server - it means more complexity, and certainly means a learning curve, but it may also be fun to try and get it up and running.

 

Both of these options are good ones, so it really depends on whether you want to go the easy route or the DIY route.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

  • 4 weeks later...

Worse thread ever . No nas should be placed with outside access. Only exception is Enterprise Grade security / networking gear in place. 99% of users don’t have. 

Link to comment
Share on other sites

Link to post
Share on other sites

  • 2 months later...
On 1/24/2020 at 12:15 AM, Wade_W_Wilson said:

Worse thread ever . No nas should be placed with outside access. Only exception is Enterprise Grade security / networking gear in place. 99% of users don’t have. 

Depends. DSM (Synology) and FreeNAS for example are very secure so it's a non-issue. You only port-forward to the apps that are needed for hosting content with SSL. It won't protect against weak passwords, but it will keep the session secure between client and the NAS. If going FTP, consider SFTP. I would *NOT* however expose SMB to the public directly via port. If you must access data via SMB, be sure you've established a VPN first. As other's have stated PPTP is very insecure. I highly recommend SSL/TLS based VPNs. OpenVPN is a good place to start.

Link to comment
Share on other sites

Link to post
Share on other sites

  • 3 months later...

From a security standpoint i think the first option shouldve left out altogether......  (consumer devices have infamously bad security)

Link to comment
Share on other sites

Link to post
Share on other sites

On 7/20/2020 at 6:12 PM, jagdtigger said:

From a security standpoint i think the first option shouldve left out altogether......  (consumer devices have infamously bad security)

There are some options that are usable for the first option. I agree the second option is the better one. VPN. but you can use services like say resilio sync which will allow file access securely.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×