Someone please me determine what I need.

[maxse]

Guys, I need your help, PLEASE.

 

So I have been working on this server for almost a month now and I am back to square one.

I need to be able to do these things on ym media server:

 

1. Server will be going to parents' house. I MUST be able to remote login somehow, either to trouble shoot and more importantly to administer sabnzbd and sickbeard

2. Run sabnzbd and sickbeard

3. Run Plex server-recently found out about it, and would be great to stream the media over the internet connection (5 Mbps upload conection).

 

 

-At first I installed unRAID, even purchased a license for 6 drives. I set it up, and basic sharing was working great. I kind of gave up when it came time to set up sabnzb and sickbeard, I was just too confused. Also around this time is when I learned that opening the server to the internet is not secure and not recommened, and this is a must for me to be able to remotely administer sabnzbd and sickbeard since this will be at a different location.

 

-I had a WHS 2011 license, so I purchased FlexRAID and finally got it going. Well live RAID  worked for 4 days then wouldn't let me write to the server. No one could really help me out on the forums except say that snapshot was more stable.

Well I finally got snapshot working and I am still having random recycle bin errors, stuttering playback on my WDTV Live SMP.

 

I can't really put this box at my parents' place like this because I can't even figure out how to get it working stable in my own home! They currently have a WHS V1 that was working great, but now some drives failed so they need an upgrade. I am upgrading their server now.. But really don't know what to do.

 

So I have decided to go back with unRAID and just suck it up and figure out how to install those few apps that I need.

My main issue is that I MUST be able to remotely log in either to trouble shoot when a drive fails, but also for daily sabnzbd and sickbeard operation. There has got to be a way that you guys can help me out with to do this securely some how.

 

I have spent almost a month my entire time after coming home from work trying to get this going. I didn't even have any time to watch any movies on it. I have a WDTV LIVE SMP at my home for streaming at the moment...

 

I would really appreciate your help guys if you could guide me.

[sacretagent]

hi,

 

I think you can achieve all what you want by installing hamachi

on your server and home computer

it is a vpn solution and it should be safe

 

i use it from work but not to steam things as my upload at home sucks

 

try it out

[maxse]

Thank you!

I am not sure what that is though. Is that the same as logmein? I  have used logmein before (the free version) to administer WHS V1... But I don't see anything for Hamachi there, it is a bit confusing on their web page.

 

Is it something that I have to pay for?

[sacretagent]

it is free

it just adds a by vpn protected network on your unraid box

since you have the same vpn network on your main windows machine are you able to use the hamachi IP to connect to it with putty or with explorer or even the gui's from plex sab and so on

 

example

 

unraid server has hamachi ip  5.x.x.1

so i can use putty to connect to this IP

i can get the unraid gui on this ip

i can use unmenu, sab and so on with this ipby using their ports

and if you right click in the little ap window on your windows machine on the ip address of your unraid machine then you can choose to browse and an explorer window will open...

 

see this how to

http://www.howtogeek.com/77164/beginner-how-to-use-logmein-hamachi-to-access-your-files-anywhere/

 

 

[maxse]

WoW I hAD no idea that this was possible!

Then why do people keep saying unRAId isn't mean to be exposed to the web, etc...

 

Under hamachi it seems like there is a "Buy" option so you have to buy it, no?

 

Am I correct that if I have hamachi loaded on unRAId and on my windows machine and running. It basically makes it appear like the two computers are on the same network?

[Influencer]

Unraid is not meant to be open to the web. This doesn't mean you can't modify or add to the os to do so.

 

Hamachi is free for private use, I think it limits the number of pcs you can have on one account.

 

And yes, with hamachi on both the server and your workstation it will appear as if they are on the same private network.

[maxse]

Wow, that is just awesome! I had no idea.

 

Can you guys point me to a how-to to install this on UnRAID?

 

Wish I knew of this earlier. I wouldn't have bothered struggling with FlexRAID and WHS

[JonathanM]

WoW I hAD no idea that this was possible!

Then why do people keep saying unRAId isn't mean to be exposed to the web, etc...

Because it isn't. By installing this software, you are only exposing the machine to people with your hamachi information, not exposing unraid to the internet.

[maxse]

That is just amazing. I really wish I knew that, would have saved me a lot of grief to try to get FlexRAID and WHS 2011 working without problems. Although, I was still doing a ton of research trying to have sabznbd and sickbeard installed and going, which is why I gave up on unraid originally...

 

So can you guys point me to a nice how-to guide for this on unraid? The guide you linked to earlier is installing it on a windows machine which is much easier.

[kizer]

You could check this out for 5+

http://lime-technology.com/forum/index.php?topic=15674.0

[maxse]

Seems like at the end of the thread that you linked to it says the GUI doesn't really work very well, not sure if that's a good thing.

Also, I am a total newb to this so I don't even know how to configure this thing. Don't I need to create an acount at logmein first?

 

Do I just drop this plugin into the "plugin folder?" Is this something that would start up automatically even when the server gets rebooted?

 

I just want to make sure that this is running absolutely perfect because once I drop this at the parents' place I won't be able to physically do anything for a while. SO need to make sure it is running perfectly and that I could remote log in easily to configre stuff. Is there a step-by-step guide for this? Like the one that was posted for windows setups.

[Influencer]

I'm not 109% on the hamachi install but for Sab look at the link in my Sig. Pretty painless install, will run on reboot. Also check out the wiki on my github for pointers as well.

[jumperalex]

WoW I hAD no idea that this was possible!

Then why do people keep saying unRAId isn't mean to be exposed to the web, etc...

Because it isn't. By installing this software, you are only exposing the machine to people with your hamachi information, not exposing unraid to the internet.

 

Well technically you are.  Because you are opening a port that was not open before (through your router and then on unraid) and allowing people to hammer it with attempts to gain access.  You are assuming the responsibility of ensuring the service behind that port, Hamachi in this case, is up-to-date and secure.  Further you are assuming the responsibility that if a vulnerability is found that you make the risk determination of living with it until patched, or taking it offline until patched.  You also assume the responsibilty of keeping track of auditing access logs and mitigation strategies to slow down brute force attacks and blacklist known bad actors (read up on DynHosts plugin as part of the OpenSSH plugin package http://lime-technology.com/forum/index.php?topic=20848.0). 

 

So when people say don't open unraid to world + dog this is what they are talking about.  The underlying unraid system provides no segmented protection from a service being breached (read: no sandboxing), and its installed services (samba, nfs, afp, telnet, ftp, webgui) are not secured, audited, or maintained with security in mind.  And once they are in, you data is all at risk and so is your larger network like your PC.

 

That said, IMO the knee-jerk, "ZOMG THE WEBZ ARE DANGEROUS" tone of unraid is a bit overboard. Then again, if it keeps people from running services and exposing ports willy-nilly (and I don't want to see anyones nilly or willy on this board!!!) then that is probably for the best.

[JonathanM]

Because you are opening a port that was not open before (through your router and then on unraid) and allowing people to hammer it with attempts to gain access.  You are assuming the responsibility of ensuring the service behind that port, Hamachi in this case, is up-to-date and secure.

I assumed (wrongly I guess) that hamachi internally established and maintained the connection with the logmein server network and relayed the connections from there. I wasn't aware of a need to forward a port as you do with a traditional VPN. I learn something new every day.

[maxse]

Oh man.

 

Yes that is what I also thought? That hamachi is always running and connected with logmein servers. I thought I wouldn't need to open ports on the router. Do I?

 

That's how logmein worked. I would install it on a windows system and didn't need dyndns services at all. It would always just run and connect through the logmein servers with no ports needing to be open on the router.

 

Is that not how hamachi works?

[jumperalex]

In the case of Hamachi I am sure there is something I'm missing, I'm not a Hamachi expert.

 

But I don't see how anything on one side of your firewall/router is going to talk to anything on the other side, without there being an open port and a service listening to that port.  It doesn't have to be open all the time, it can be triggered by the internal client making a connection to the outside (like my torrent client does).  But once the port is open, then attackers can start hitting it with packets and then the client has to hopfeully ignore them.  But what if it doesn't because there is a bug in the implementation that allows the servers to be spoofed, or cause the service to crash while executing arbitrary code with elevated priviledges?

 

I don't know how the Hamachi client does its thing, but that is the point, you'd want to know that.  And then you need to keep an eye out for announced security vulnerabilities and stay on top of risk assessment, patching, auditing, etc.

 

And not to be doom and gloom ... there is, IMO, no more risk to using Hamachi on UnRaid than on your WinTel PC.  But know that is IS a risk in both situations.  Well ... there could be a higher risk if the company is more responsive / dedicates more resources to one platform or the other.

 

EDIT: and just to be clear, I'm sure the client is talking to the servers so you don't need to run DynDNS or other such service.  But regardless of who the client service is talking to, you directly or via Hamachi servers, it is talking to someone via an open port.

[maxse]

Right I understand. But with logmein I didn't have to open any ports on the router. I believe it talks to the logmein servers via standard secure Internet ports. I'm asking if hamachi does the same or I will permanently need to forward ports on the router.

 

Also if anyone could give me some advice on how to , to read about it and install the most current version would be great.

 

Does it work like logmein? Where it communicates with their severs or do I have to connect to it directly by typing the ip address via a dyndns application?

[jumperalex]

Right I understand. But with logmein I didn't have to open any ports on the router. I believe it talks to the logmein servers via standard secure Internet ports. I'm asking if hamachi does the same or I will permanently need to forward ports on the router.

 

Also if anyone could give me some advice on how to , to read about it and install the most current version would be great.

 

Does it work like logmein? Where it communicates with their severs or do I have to connect to it directly by typing the ip address via a dyndns application?

 

"standard secure internet ports" I'm not sure what you mean by that? Do you mean it talks over port 80?  Regardless of the port, unraid only responds on port 80 for the webgui, maybe 8080 if you have unmenu installed, and then whatever port you have SSH listening on.  And none of those ports should be reachable from the outside if your router is setup correctly.  That is to say anyone randomly scanning ports through your router should not get a response. 

 

Now that said, the first link in google when I searched "logmein open ports" gets me this: http://help.logmein.com/selfserviceknowledgerenderer?type=FAQ&id=kA030000000DGD6CAO

 

Which ports and protocols does LogMeIn Hamachi use?

 

If you receive a relayed tunnel, it can be caused by a failure to negotiate a port for the data connection.  Try following the port forwarding instructions at the bottom of this document.

 

Hamachi uses several ports to achieve connectivity to the mediation servers, and to peers.

Server Connectivity

 

    TCP 12975 (initiator port)

    TCP 32976 (session port)

 

If the above ports cannot be used to achieve a connection, Hamachi will try again using SSL (TCP 443).

Peer Connectivity

 

Peer connectivity has several methods and ports.  By default, Hamachi will broker a peer connection over UDP.  UDP uses random ports by specification, so it is not possible to open a single port for peer connections for UDP.

 

If UDP direct connectivity cannot be established, Hamachi will try to initiate a relayed UDP connection.  This is done with the target of:

 

    UDP 17771 (relay connection port)

 

If UDP direct and relayed methods fail, it is unlikely that TCP connectivity will work.  In some environments, a hardware firewall is used to block traffic on specific ports, but not protocols.  As such, Hamachi will try to broker a connection between peers over TCP 443 (non-SSL)

 

And lastly, Hamachi will try a relayed connection over TCP 443 (non-SSL) before giving the user a message that the peer is unreachable.

Note:

TCP peer connections are very unlikely to be successful in cases where UDP connections would not work, because the triggers for them not working are the same (router issues, improperly configured NAT, multiple NAT devices on both ends).

Additional Information

 

You can set a static UDP listening port and TCP handshake port by configuring it in System > Preferences > Settings > Advanced Settings under Peer Connections.  Complete both values if you have multiple Internet connections.

Note:

If you are behind a router you must forward the port's UDP/TCP traffic from your router to the machine.  Follow the instructions for your router from PortForward.com.  If you have multiple machines behind the same router, you will need to choose different ports for each to avoid conflicts

 

So. ports are being opened, from the inside, to speak to the outside.  And the point here is that someone looking to hack a system, who knows about a vulnerability in Hamachi, will try to send packets to those now ports to exploit the vulnerability hoping your client will be fooled into thinking it is a valid connection (read: an authentication hack) or into executing arbitrary code (read: something like a buffer overflow hack).

 

Again, this isn't to say not to do it, but you need to understand the likelihood of exploitation, and the consequences of it.  Those two together are your risk.  So how much risk can you stomach?  And what is your plan to audit to know when someone is targeting you vice just doing a drive-bye?