ControlR (Android/iOS app for unRAID)


Recommended Posts

7 hours ago, steve1977 said:

if still “just” VPN, can you advice how this works?

 

Not picking on just steve1977, but as a note to all who are asking for in-app external access:

 

With all respect to jbrodriguez and all the great work he's done on this app and the various plugins and dockers he's worked on, security isn't "just". It's hard work to get it right, and as he mentioned several pages back, if something goes wrong he'd feel responsibility for it, and some might try to (legally) make him responsible for it.

 

VPN access may be somewhat more complex and more of a hassle, but the OpenVPN project has a large(ish) team of people who know what they're doing and focus primarily on the security side of things so applications like this one don't have to. Remember - they have a commercial product that, according to their site, is used by a large number of paying customers - they have a lot on the line to get it right.

 

I've not set up the OpenVPN docker on my server yet, but that's my next project, and I, for one, will be more than happy with the minor hassle of having to go through a VPN client to keep my server secure. Once I've got it setup and working, I'm going to ensure I can get access to all my other dockers via VPN, then turn off their external access, too.

Link to comment

I have the Openvpn-as docker installed on my unRAID server and my iPad set up with the openVPN client configured with a connection profile to the unRAID server.    If I want to use ControlR away from home I simple start the openVPn client on my iPad (which only takes a few seconds) to open the VPN connection to my unRAID server, and then launch ControlR which now functions exactly as it does when my iPad is connected to my local LAN.

Edited by itimpi
  • Upvote 1
Link to comment
9 hours ago, FreeMan said:

 

Not picking on just steve1977, but as a note to all who are asking for in-app external access:

 

I don't perceive this at all as picking on me. Actually, I need to say that community members of this forum in general are among the most polite and helpful compared to all other forums I am engaging. Part of the reason what gets me interested to pursue more and more new Unraid related projects.

  • Like 1
Link to comment
On 12/2/2017 at 10:18 PM, FreeMan said:

If I type in the IP address in the the manual server add (with all the other info), it will add it immediately, no issues. If I enter the server name, though, I get an error telling me to "Please enter a valid IP address / Hostname"

Should work with a with a hostname. Can you send me the server's hostname to check why it's hitting the error ? (pm if you prefer)

 

On 12/2/2017 at 10:18 PM, FreeMan said:

I've been very impressed with the speed with which you've tracked down & patched bugs and released new features. Not bad at all for a solo effort!

Thanks for the kind words !

 

20 hours ago, steve1977 said:

Just browsed this threat and realized that a native implementation within the app is the most requested new feature. Is there still hope for native support?

steve1977, I'm still on the don't do it side of things.

 

 

Getting this feature right is sensitive and Freeman's post (below), provides a quite accurate summary of the reasons.

 

I think some users may be connecting externally via a reverse proxy, in a way similar to this 

 

but the helper plugin would still be unaccessible from the app.

 

So, my official suggestion is still to use OpenVPN or similar.

 

OpenVPN setup is not the most difficult thing you can find and operation is quite straightforward (as mentioned by itimpi)

 

 

 

 

 

Link to comment
22 hours ago, FreeMan said:

Server name is "NAS". I was quite creative in my naming...

 

I see :)

 

Well, it turns out I was half lying: when the app asks for a hostname, what it really wants is a fully qualified domain name (FQDN) O.o

 

That's why "NAS" is being flagged as an error.

 

I guess I'll just remove validations from this field, since it can be almost anything.

 

I forgot to address the issue you mentioned with automatic discovery.

 

It shouldn't return to the Servers screen so fast, I'll do some checks and get back to you.

 

 

 

Edited by jbrodriguez
Link to comment



 
I see
 
Well, it turns out I was half lying: when the app asks for a hostname, what it really wants is a fully qualified domain name (FQDN) 
 
That's why "NAS" is being flagged as an error.
 
I guess I'll just remove validations from this field, since it can be almost anything.
 
I forgot to address the issue you mentioned with automatic discovery.
 
It shouldn't return to the Servers screen so fast, I'll do some checks and get back to you.
 
 
 


Yeah, since it server isn't reachable from the outside world, it really doesn't have an FQDN... :)

Thanks for looking into the automatic discovery, too. Let me know if there's any additional info you need from my end.

Sent from Tapatalk

Link to comment

i found the best method currently implementing on my system is to open either UDP port 7 or 9 just for WOL package to arrive at our server (even if you don't have static public IP, you can always use dynamic free-ish service like no-ip, changeip etc...)

 

Then after you have woke your UnRaid, OpenVPN-AS to your server and woala, full control of the whole system #!

Link to comment
4 minutes ago, nuhll said:

Thats very very sad, why should i need this APP in my lan when im at home... Oo

 

And no, VPN is no option for me. They should really think about a Docker -> Contr Server -> Client modell, you dont need to expose anythign and if Contr Server is correct Security, no risk at all.

 

 

You mean something like the OpenVPN-AS docker?

Edited by wgstarks
Link to comment

No i mean something like some cameras do. SOmetimes tehy call it p2p network. Its just the unraid server (with contr docker) connect to the server of the contr app, and the client (contr app handy) connects to the contr app server  also, So you dont need to port forward.


Like teamviewer does. No port forwarding, no exposing, clean and simple user and pw (maybe add cert or whatever to make it more proov)

Edited by nuhll
Link to comment
3 hours ago, nuhll said:

No i mean something like some cameras do. SOmetimes tehy call it p2p network. Its just the unraid server (with contr docker) connect to the server of the contr app, and the client (contr app handy) connects to the contr app server  also, So you dont need to port forward.


Like teamviewer does. No port forwarding, no exposing, clean and simple user and pw (maybe add cert or whatever to make it more proov)

 

"something like some cameras do" - you mean like "Internet of things" cameras? You mean like the ones that were hacked within minutes giving bad guys immediate and complete access to people's home networks and every machine on them? No thanks!

 

Teamviewer is similar in concept to OpenVPN-AS as wgstarks mentioned. Both of those systems have large teams of people who do security for a living. As I've mentioned before (in this thread) jbrodriguez does a great job, but do you want to rely on him and only him to ensure the security of your home network? (BTW- he's said he's really not interested in adding this type of direct access via his app/plug-in combo.)

 

Install the OpenVPN-AS server on your unRAID box - it'll take you less than an hour to configure it, even if you struggle (look for my questions in the lsio thread to avoid the same pitfalls I hit). Install the OVPN client on your phone or tablet, then connect & voila, your device is on your home network & ControlR will work like a champ no matter where in the world you are with the minimum amount of risk to your server & other home computers.

  • Upvote 1
Link to comment

" You mean like the ones that were hacked within minutes giving bad guys immediate and complete access to people's home networks and every machine on them? No thanks!"

If he want to fugg it up. Or lets say, if someone hacks him, it doesnt matter what he has done or not, the hacker could itself just install a backdoor, so WAYNE!

 

ALSO what you are talking about are CAMERAS or INTERNET OF THINGS WHICH ARE EXPOSED TO THE INTERNET, SO EXCATLY THAT WAS WE HAVE TO DO NOW TO GET IT WORKING (INSTALL VPN).

 

Where the fugg do i live that i instsall openvpn JUST for one smartphone app? I dont need VPN connections in my network! ANother security flaw! welcome to 2018!

 

 

Link to comment
56 minutes ago, nuhll said:

" You mean like the ones that were hacked within minutes giving bad guys immediate and complete access to people's home networks and every machine on them? No thanks!"

If he want to fugg it up. Or lets say, if someone hacks him, it doesnt matter what he has done or not, the hacker could itself just install a backdoor, which gets automatic distrubuted between all users, so WAYNE!

 

ALSO what you are talking about are CAMERAS or INTERNET OF THINGS WHICH ARE EXPOSED TO THE INTERNET, SO EXCATLY THAT WAS WE HAVE TO DO NOW TO GET IT WORKING (INSTALL VPN).

 

Where the fugg do i live that i instsall openvpn JUST for one smartphone app? I dont need VPN connections in my network! Another security flaw! welcome to 2018!

 

 

 

Edited by nuhll
Link to comment
13 hours ago, nuhll said:

Thats very very sad, why should i need this APP in my lan when im at home... Oo

 

And no, VPN is no option for me. They should really think about a Docker -> Contr Server -> Client modell, you dont need to expose anythign and if Contr Server is correct Security, no risk at all.

 

 

This solution would require the controlr author to be providing a server which the current solution does not (unless I have misunderstood what you are asking for).  If a server is required how do you know it is secure?

 

The moment you let ANYTHING from the internet into your LAN there is a potential security risk, but I think the open VPN is one of the lowest risk options, particularly if you set it up to require a certificate to use it at the client end

Edited by itimpi
  • Upvote 1
Link to comment

Yes, he need server.

 

But you dont understand, you dont let the server connect to your lan, Its the LAN connect to the server.

 

VPN provide access to your WHOLE NETWORK. My solution would only allow access to the unraid interface. Also whats more likely to happen? Someone hack VPN (18923798127398127312749812931893891 mrd user) or someone hack a app which has <1000 user?

 

Also the server side part could be secured pretty easy, like with certificate, https, encryption, what ever. 

Edited by nuhll
Link to comment
2 minutes ago, nuhll said:

Yes, he need server.

 

But you dont understand, you dont let the server connect to your lan, Its the LAN connect to the server.

 

VPN provide access to your WHOLE NETWORK. My solution would only allow access to the unraid interface. Also whats more likely to happen? Someone hack VPN (18923798127398127312749812931893891 mrd user) or someone hack a app which has <1000 user?

 

Also the server side part could be secured pretty easy, like with certificate, https, encryption, what ever. 

I DO understand!    You want someone to pay for a and run server which is currently not required for the current I’m-lamentation.    Securing a server is a non-trivial task, so I would not be confident in such a server really being secure.   If anyone cracked it and got access to unRAID GUI it is a relatively trivial task to use that to access anything on the LAN.

 

VPN is easily secured using encryption and certificates so why is this much different to securing an (unneeded) server.    I agree that VPN is a more tempting target to try because of its large user base, but another way of looking at that is that is less likely to have flaws in the first place, and if there are any found there is great incentive to get them patched ASAP

 

 

  • Upvote 1
Link to comment
5 hours ago, nuhll said:

Yes, he need server.

 

But you dont understand, you dont let the server connect to your lan, Its the LAN connect to the server.

 

VPN provide access to your WHOLE NETWORK. My solution would only allow access to the unraid interface. Also whats more likely to happen? Someone hack VPN (18923798127398127312749812931893891 mrd user) or someone hack a app which has <1000 user?

 

Also the server side part could be secured pretty easy, like with certificate, https, encryption, what ever. 

You realize it's way more likely they would try to hack the server/app than your VPN, right?

Why can't you setup a VPN?  That is the correct way to use this app remotely.

If you have to have the webgui accessible remotely but refuse a vpn then your only real option is opening the gui to the internet.

 

@jbrodriguez, great app, I love it.  Don't need to use it too often but it's easier to use than the webgui on my cellphone.

Link to comment
3 hours ago, trurl said:

Maybe nuhll could provide this functionality for us for free.

 

Yes, ofc, i BUY a software and develop a free addon for it.

 

"You realize it's way more likely they would try to hack the server/app than your VPN, right?"

Thats just wrong. Why should anyone invest so much time and effort to hack this app to turn your array off...... 


SSH is also widley used and was servival times hacked already.

 

Why i dont want VPN? BECAUSE I DONT NEED IT... 

 

But: I dont care, do what you want, in this state, this app is useless for me. Its a suggestion, which many ppl would like, if you dont want to use it, make it configurable, its that easy.

Edited by nuhll
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.