Accessing unRAID Remotely (also VPN questions)


Recommended Posts

Hello,

sorry if this sounds dull or stupid.

 

I have OPENVPN client setup on my unRAID box, using PIA as my VPN provider.

 

I would really like to access my box remotely on multiple ports for different services, remote management, FTP, PMS etc.

 

Is there a way of doing this through the VPN?

And what are people's thoughts on not using a VPN, and just forwarding ports to allow access to the control panel / ftp? Is it safe?

I've been Googling for hours and cant find anything recent enough about unRAID and security and remote access that I can draw any conclusion from.

If is safe to forward your control panel and FTP, how do you root only certain traffic through OPENVPN client, such as sabnzbd or Deluge? (yes I know about DelugeVPN)

 

Once again sorry if this sounds confused or stupid or muddled. I'm not particularly knowledgeable in this area, so any help is gratefully received.

 

Thanks. :)

 

 

Link to comment

I dont understand why you have a vpn client on your box? Then the unRAID machine will connect to that vpn, but you want to connect to the server?

 

If you set up a vpn server instead, and download the client to your computer, you can access your home network, and from there just type in the ip Andreas of the server. Then you have full access to your server from outside.

Link to comment

I dont understand why you have a vpn client on your box? Then the unRAID machine will connect to that vpn, but you want to connect to the server?

 

If you set up a vpn server instead, and download the client to your computer, you can access your home network, and from there just type in the ip Andreas of the server. Then you have full access to your server from outside.

 

I have a VPN client for security reasons and hiding my IP address and location etc. Also, connecting to usenet and torrenting is far safer and anonymous behind a VPN. Yes, I want to be able to access the server, but I want to maintain security and anonymity.

Link to comment

Why not use delugevpn/rtorrentvpn for that?

 

As I said in my initial post, I know about various plugins and dockers that have vpn support, but there are also many that don't exist. As far as I'm aware, couchpotato doesn't have a vpn version.

With all due respect, and I do appreciate you trying to help, please read and understand my post before suggesting things.

 

:)

Link to comment

Hello,

sorry if this sounds dull or stupid.

 

I have OPENVPN client setup on my unRAID box, using PIA as my VPN provider.

 

I would really like to access my box remotely on multiple ports for different services, remote management, FTP, PMS etc.

 

Is there a way of doing this through the VPN?

And what are people's thoughts on not using a VPN, and just forwarding ports to allow access to the control panel / ftp? Is it safe?

I've been Googling for hours and cant find anything recent enough about unRAID and security and remote access that I can draw any conclusion from.

If is safe to forward your control panel and FTP, how do you root only certain traffic through OPENVPN client, such as sabnzbd or Deluge? (yes I know about DelugeVPN)

 

Once again sorry if this sounds confused or stupid or muddled. I'm not particularly knowledgeable in this area, so any help is gratefully received.

 

Thanks. :)

 

I shall endeavour to answer your questions, however I MUST first ask you to read this:

 

Please read this re your statement of connecting your unRAID Server to an open VPN Service. This is NOT recommended for security reasons.

 

The way vpn services work, they aggregate groups of subscribers together, and funnel them through a common gateway elsewhere on the internet. While the internet in general can't get back to your box, everybody else that is connected with you through that service can. The VPN client and server plugin for unraid are meant to set up a private vpn between your devices, not to connect your server to a vpn service. Either set up your vpn service on an endpoint firewall as an alternate connection with a firewall between you and the vpn, or use the specific downloaders with vpn built in that are specifically created to isolate the vpn from your other devices. Binhex has vpn torrent and usenet downloader dockers that work well.

 

http://lime-technology.com/forum/index.php?topic=19439.msg458877#msg458877

 

The preferred method is to run it from a Client on your ROUTER. Anyway, you have been warned, to your questions. I am going to give you my answer utilising the unRAID preferred method of running applications => Docker. There is a Plugin solution (and I do get PM'd regularly reminding me that Plugin's are STILL supported and I should NOT give advice just for Docker BUT I have decided NOT to advise that way anymore) BUT it is not the preferred method. Doing this can somewhat invalidate some of my advice below as your LAN machines are not entirely just not the LAN anymore. But anyway ....

 

I would really like to access my box remotely on multiple ports for different services, remote management, FTP, PMS etc.

 

Is there a way of doing this through the VPN?

 

Yes. OpenVPN-AS by linuxserver.io. OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.

 

https://lime-technology.com/forum/index.php?topic=43317.0

 

Once you are connected to the VPN your unRAID Server is available as if you were connected to the LAN. If you have Services running on your Server on different ports you will be able to access them on that port without issue. You will NOT be able to access them until you are connected to the VPN service, thus keeping the service secure.

 

There are a plethora of Dockers available for as much applications as you can think of. If you have not done so yet, please install Community Applications plugin.

 

http://lime-technology.com/forum/index.php?topic=40262.0

 

This plugin will allow you to easily search for and add any of the unRaid docker or plugin applications.

 

And what are people's thoughts on not using a VPN, and just forwarding ports to allow access to the control panel / ftp? Is it safe?

 

If you are behind a router and only have access to the ports of the unRAID (or any other computer / server on your LAN for that matter) when you are connected via VPN then you are as safe as you can be. You effectively only have one port open on your router and that is what you connect to your LAN through. However, if you have then connected your unRAID Server to a VPN Service - well, that is where there some invalidation of this advice as per my comment above and the quote from jonathanm.

 

I think this answers your questions. Be careful.  :)8)

  • Upvote 1
Link to comment

If you want a VPN for couchpotato for whatever reason (which I don't see :) ), you can use pipework to give couchpotato a own ip address, then set up in your router to route only that ip address through VPN.

 

https://lime-technology.com/forum/index.php?topic=43970.0

You could also configure any app you want to access the vpn through the privoxy setup that binhex has helpfully provided with all his vpn enabled downloaders.

 

BTW, by connecting your unraid directly to the VPN provider, you are bypassing any protection your router firewall is providing. Most likely anybody on the same subnet inside the VPN can access your unraid box. At this point you are relying on your VPN provider to isolate your box from their other customers, which is not typical.

Link to comment

Hello,

sorry if this sounds dull or stupid.

 

I have OPENVPN client setup on my unRAID box, using PIA as my VPN provider.

 

I would really like to access my box remotely on multiple ports for different services, remote management, FTP, PMS etc.

 

Is there a way of doing this through the VPN?

And what are people's thoughts on not using a VPN, and just forwarding ports to allow access to the control panel / ftp? Is it safe?

I've been Googling for hours and cant find anything recent enough about unRAID and security and remote access that I can draw any conclusion from.

If is safe to forward your control panel and FTP, how do you root only certain traffic through OPENVPN client, such as sabnzbd or Deluge? (yes I know about DelugeVPN)

 

Once again sorry if this sounds confused or stupid or muddled. I'm not particularly knowledgeable in this area, so any help is gratefully received.

 

Thanks. :)

 

I shall endeavour to answer your questions, however I MUST first ask you to read this:

 

Please read this re your statement of connecting your unRAID Server to an open VPN Service. This is NOT recommended for security reasons.

 

The way vpn services work, they aggregate groups of subscribers together, and funnel them through a common gateway elsewhere on the internet. While the internet in general can't get back to your box, everybody else that is connected with you through that service can. The VPN client and server plugin for unraid are meant to set up a private vpn between your devices, not to connect your server to a vpn service. Either set up your vpn service on an endpoint firewall as an alternate connection with a firewall between you and the vpn, or use the specific downloaders with vpn built in that are specifically created to isolate the vpn from your other devices. Binhex has vpn torrent and usenet downloader dockers that work well.

 

http://lime-technology.com/forum/index.php?topic=19439.msg458877#msg458877

 

The preferred method is to run it from a Client on your ROUTER. Anyway, you have been warned, to your questions. I am going to give you my answer utilising the unRAID preferred method of running applications => Docker. There is a Plugin solution (and I do get PM'd regularly reminding me that Plugin's are STILL supported and I should NOT give advice just for Docker BUT I have decided NOT to advise that way anymore) BUT it is not the preferred method. Doing this can somewhat invalidate some of my advice below as your LAN machines are not entirely just not the LAN anymore. But anyway ....

 

I would really like to access my box remotely on multiple ports for different services, remote management, FTP, PMS etc.

 

Is there a way of doing this through the VPN?

 

Yes. OpenVPN-AS by linuxserver.io. OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.

 

https://lime-technology.com/forum/index.php?topic=43317.0

 

Once you are connected to the VPN your unRAID Server is available as if you were connected to the LAN. If you have Services running on your Server on different ports you will be able to access them on that port without issue. You will NOT be able to access them until you are connected to the VPN service, thus keeping the service secure.

 

There are a plethora of Dockers available for as much applications as you can think of. If you have not done so yet, please install Community Applications plugin.

 

http://lime-technology.com/forum/index.php?topic=40262.0

 

This plugin will allow you to easily search for and add any of the unRaid docker or plugin applications.

 

And what are people's thoughts on not using a VPN, and just forwarding ports to allow access to the control panel / ftp? Is it safe?

 

If you are behind a router and only have access to the ports of the unRAID (or any other computer / server on your LAN for that matter) when you are connected via VPN then you are as safe as you can be. You effectively only have one port open on your router and that is what you connect to your LAN through. However, if you have then connected your unRAID Server to a VPN Service - well, that is where there some invalidation of this advice as per my comment above and the quote from jonathanm.

 

I think this answers your questions. Be careful.  :)8)

 

If you want a VPN for couchpotato for whatever reason (which I don't see :) ), you can use pipework to give couchpotato a own ip address, then set up in your router to route only that ip address through VPN.

 

https://lime-technology.com/forum/index.php?topic=43970.0

 

If you want a VPN for couchpotato for whatever reason (which I don't see :) ), you can use pipework to give couchpotato a own ip address, then set up in your router to route only that ip address through VPN.

 

https://lime-technology.com/forum/index.php?topic=43970.0

You could also configure any app you want to access the vpn through the privoxy setup that binhex has helpfully provided with all his vpn enabled downloaders.

 

BTW, by connecting your unraid directly to the VPN provider, you are bypassing any protection your router firewall is providing. Most likely anybody on the same subnet inside the VPN can access your unraid box. At this point you are relying on your VPN provider to isolate your box from their other customers, which is not typical.

 

Thank you all for your help and advice. I have heeded your warnings, and have followed your advice, and my server is far safer now!

Great example of the excellent members of this community - thank you! :)

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.