nametaken_thisonetoo Posted April 30, 2023 Share Posted April 30, 2023 (edited) Curious about peoples thoughts as to the best practice setup of Unraid Connect for remote access? Dynamic - UPnP Dynamic - Manual Port Forward Always On - UPnP Always On - Manual Port Forward From memory UPnP has/had some security issues on home routers, but I am far from an expert in the field so would prefer to defer to those in the know. Thanks Edited April 30, 2023 by nametaken_thisonetoo Clarity Link to comment
Solution ljm42 Posted April 30, 2023 Solution Share Posted April 30, 2023 If UPnP is enabled on your router, you might as well use it. If you have disabled UPnP in your router because you think your router's implementation has security issues then I'm not going to argue with you. There are several benefits to UPnP here: You don't have manually configure your router to do port forwarding, so it is easier In "Static - UPnP" mode, the system picks a new random WAN port every time you reboot the server. In "Dynamic - UPnP" mode, it picks a new random WAN port every time Remote Access is enabled from Connect. And the wan port is fully closed when remote access is disabled from the Connect side. So assuming you trust your router's implementation of UPnP, then "Dynamic - UPnP" is the best option to choose. If you don't trust your router's implementation of UPnP then I would choose "Dynamic - Manual Port Forward" For more information about Remote Access please see https://wiki.unraid.net/Connect#Remote_Access_.28optional.29 1 1 Link to comment
nametaken_thisonetoo Posted April 30, 2023 Author Share Posted April 30, 2023 2 hours ago, ljm42 said: If UPnP is enabled on your router, you might as well use it. If you have disabled UPnP in your router because you think your router's implementation has security issues then I'm not going to argue with you. There are several benefits to UPnP here: You don't have manually configure your router to do port forwarding, so it is easier In "Static - UPnP" mode, the system picks a new random WAN port every time you reboot the server. In "Dynamic - UPnP" mode, it picks a new random WAN port every time Remote Access is enabled from Connect. And the wan port is fully closed when remote access is disabled from the Connect side. So assuming you trust your router's implementation of UPnP, then "Dynamic - UPnP" is the best option to choose. If you don't trust your router's implementation of UPnP then I would choose "Dynamic - Manual Port Forward" For more information about Remote Access please see https://wiki.unraid.net/Connect#Remote_Access_.28optional.29 Thanks, really appreciate the detailed response. I guess the conundrum is that although I have no reason not to trust my router UPnP implementation (UPnP is currently disabled on my Synology RT2600ac), I also have no real way of knowing if it can/should be trusted. I'd imagine that might be similar situation for others too. Link to comment
Recommended Posts