Fma965 Posted January 6, 2017 Share Posted January 6, 2017 you can use your own domain with most DDNS providers just by setting a CNAME record from xxx.domain.com or domain.com to ddnsdomain.ddns.net or whatever. Quote Link to comment
De1taE1even Posted January 6, 2017 Author Share Posted January 6, 2017 you can use your own domain with most DDNS providers just by setting a CNAME record from xxx.domain.com or domain.com to ddnsdomain.ddns.net or whatever. Great! When I was talking about having my own domain, this is what I was thinking. Quote Link to comment
De1taE1even Posted January 6, 2017 Author Share Posted January 6, 2017 I have another related question and maybe it justifies its own thread, but I'll ask here first since we're on the subject. At work we use certificate authentication for most of our access, with some systems only requiring basic auth (username/password), and others requiring both. Is there a way to set up my home network to be exposed to the outer world (scary, I know), but be protected behind both certificate and basic authentication (two-factor authentication)? Seems like there could be an easier, yet still secure, way to gain access to my home network, other than VPN. Admittedly, there isn't much info on this thought, so I'm guessing many people much smarter than I would have done this already, if it were "remotely possible" (haha nerd puns). Thoughts? Thanks again. Quote Link to comment
ashman70 Posted January 6, 2017 Share Posted January 6, 2017 What you are suggesting is possible but pretty complex, it would be far simpler to go the VPN route. Quote Link to comment
SnickySnacks Posted January 6, 2017 Share Posted January 6, 2017 I have another related question and maybe it justifies its own thread, but I'll ask here first since we're on the subject. At work we use certificate authentication for most of our access, with some systems only requiring basic auth (username/password), and others requiring both. Is there a way to set up my home network to be exposed to the outer world (scary, I know), but be protected behind both certificate and basic authentication (two-factor authentication)? Seems like there could be an easier, yet still secure, way to gain access to my home network, other than VPN. Admittedly, there isn't much info on this thought, so I'm guessing many people much smarter than I would have done this already, if it were "remotely possible" (haha nerd puns). Thoughts? Thanks again. VPN is the way to do this. The reasoning being that in theory you could expose single services and add authentication to them, but this requires that each exposed service be properly secured (and many do not support strong security. There's no safe way to expose many services that we take for granted as being "safe" inside our internal networks). VPN does the same thing but allows you to control authentication of all services via a single exposed port without needing to secure every port individually. If the server needs to have something generally accessible to the public (web service or something) then you expose it and secure it. If it's something you never want the public accessing, VPN is far safer than trying to corral multiple potential security holes. Quote Link to comment
De1taE1even Posted January 6, 2017 Author Share Posted January 6, 2017 VPN is the way to do this. The reasoning being that in theory you could expose single services and add authentication to them, but this requires that each exposed service be properly secured (and many do not support strong security. There's no safe way to expose many services that we take for granted as being "safe" inside our internal networks). VPN does the same thing but allows you to control authentication of all services via a single exposed port without needing to secure every port individually. If the server needs to have something generally accessible to the public (web service or something) then you expose it and secure it. If it's something you never want the public accessing, VPN is far safer than trying to corral multiple potential security holes. Fair enough, thanks. If VPN is the obvious, easiest, borderline only right choice, then I'm all for it. I'm not opposed to VPN, it's just that there's an appeal to being able to use any internet-connected device, and route to https://www.mydomain.com/myProperlyRoutedService without having to deal with a VPN client first. Just wishful thinking. I also ran across this reddit thread that has a lot of useful information intertwined with the bickering between a couple posters: https://www.reddit.com/r/usenet/comments/2fevzc/nzb_360_users_how_have_you_configured_your_setup/#bottom-comments I guess it's just my pathetically simple-minded attitude that keeps getting in my way. At a high level, it just seems like you could have something between your router and the outside world (or be built into the router), that would provide robust authentication before allowing access to anything within your internal network, without having to rely on client software. Internet-connected device -> hit external ip or ddns url -> authenticate with home network firewall/authentication service with user and/or certificate authentication -> access to the goodies. I wouldn't think the goodies would need to be individually secured, because we've already determined authentication. Again, this thought process MUST be naive because if it were that easy, everyone would be doing it! Quote Link to comment
De1taE1even Posted January 6, 2017 Author Share Posted January 6, 2017 Also within the reddit post I linked to, there was mention of using the Microsoft RDP protocol. I have a W10 Pro VM running 24/7 at home, so if there's a way to use RDP for remote access, that is secure, that could be an option as well. Of course, that would also require client software as well, so I don't know what I'm really buying myself at that point. Just another thing to research I guess. Quote Link to comment
ashman70 Posted January 6, 2017 Share Posted January 6, 2017 What is your goal when it comes to remote access? Do you just want to access your Windows 10 VM or are you after network access. VPN stands for Virtual Private Network, see the Network part? So a VPN and accessing a computer remotely, are not the same thing, one gives you a whole lot more than the other. If your goal is to simply access your Windows 10 VM, then look into something like team viewer, or Go to my PC, there are plenty of variants, some free, some not. If your goal however is to access your network or your unRAID server remotely, then VPN is what you want. Quote Link to comment
De1taE1even Posted January 6, 2017 Author Share Posted January 6, 2017 What is your goal when it comes to remote access? Do you just want to access your Windows 10 VM or are you after network access. VPN stands for Virtual Private Network, see the Network part? So a VPN and accessing a computer remotely, are not the same thing, one gives you a whole lot more than the other. If your goal is to simply access your Windows 10 VM, then look into something like team viewer, or Go to my PC, there are plenty of variants, some free, some not. If your goal however is to access your network or your unRAID server remotely, then VPN is what you want. Great point, I probably should have been more clear. I want access to all the web ui content, from the unRAID webfront, to sickbeard, sab, deluge, etc. I don't necessarily need "direct", or "command line" access to unRAID, but correct me if I'm wrong, if I have access to my Windows VM, what would keep me from opening up a putty session from there and logging into my unRAID machine? Seems like giving myself access to my Windows VM would be giving me access (in one form or another) to EVERYTHING. Quote Link to comment
ashman70 Posted January 6, 2017 Share Posted January 6, 2017 Precisely, with access to your Windows 10 VM you would have access to everything you need from the sounds of it. Quote Link to comment
De1taE1even Posted January 6, 2017 Author Share Posted January 6, 2017 Precisely, with access to your Windows 10 VM you would have access to everything you need from the sounds of it. This is where I just want to bang my head against a wall. I never even thought to use a service like Go To PC, Citrix, etc to connect to my Win10 VM, vs direct access to the network. The most pathetic thing is we use services like these at work every friggin day, so yeah, I feel a bit dumb right now. Seems like these services might not be quite as secure, but maybe that isn't a deal-breaker as long as I have a reasonable amount of confidence that my home network won't get compromised. Quote Link to comment
ashman70 Posted January 6, 2017 Share Posted January 6, 2017 Let me point out a distinction between something like Go to My PC, Teamviewer and RDP or citrix access. Go to my PC or Teamviewer, are commercially available secure services, you don't have to open ports on your firewall and they are secured by password. RDP or Citrix, usually require you to poke a hole in your firewall and are then secured by password. Now you can choose whatever port you want, you don't have to use the default port, but these methods and services are inherently less secure (my opinion) then something like Go to my PC or Teamviewer. Quote Link to comment
De1taE1even Posted January 6, 2017 Author Share Posted January 6, 2017 Let me point out a distinction between something like Go to My PC, Teamviewer and RDP or citrix access. Go to my PC or Teamviewer, are commercially available secure services, you don't have to open ports on your firewall and they are secured by password. RDP or Citrix, usually require you to poke a hole in your firewall and are then secured by password. Now you can choose whatever port you want, you don't have to use the default port, but these methods and services are inherently less secure (my opinion) then something like Go to my PC or Teamviewer. Yeah I was realizing that as I was googling just now, but thanks for the clarification. I think I'm going to play around with both OpenVPN, and with a free PC remote access program (even if it's a Go To PC free trial), and decide between the 2. The one thing I don't want to do, for all the reasons I already knew, along with the ones provided by you guys, is having to expose ports at the router level, and trust my applications to handle security. Quote Link to comment
SnickySnacks Posted January 6, 2017 Share Posted January 6, 2017 It really comes down to what you're trying to do. One of my friends has unraid set up with a subsonic docker that's exposed to the public (password protected) so he can stream his music to his phone/car/whatever. Having a VPN set up is good for accessing your network, accessing files as if they were on the local net, etc but of course requires you to have the VPN set up on every device that needs access. A split tunnel VPN should let you access your shares more or less exactly as if you were at home. I use TeamViewer personal for assisting friends/family with computer issues and I've found it to be a nice, secure way of accessing PCs but you wouldn't want to, for example, watch video over it. But for doing general maintenance, transferring small files around, etc, it's easy enough. Quote Link to comment
De1taE1even Posted January 6, 2017 Author Share Posted January 6, 2017 It really comes down to what you're trying to do. One of my friends has unraid set up with a subsonic docker that's exposed to the public (password protected) so he can stream his music to his phone/car/whatever. Having a VPN set up is good for accessing your network, accessing files as if they were on the local net, etc but of course requires you to have the VPN set up on every device that needs access. A split tunnel VPN should let you access your shares more or less exactly as if you were at home. I use TeamViewer personal for assisting friends/family with computer issues and I've found it to be a nice, secure way of accessing PCs but you wouldn't want to, for example, watch video over it. But for doing general maintenance, transferring small files around, etc, it's easy enough. That's a good way to describe the two scenarios/methods. Right now I have no desire to do things like watch video, stream audio, transfer large files, etc, so the TeamViewer option is appealing, and I'll play with that a bit. I'm still going to get the VPN set up and play with it as well, just because, well, I can. I'll be using pfSense as soon as the NIC I bought comes in, and it'll be fun to play with and learn about. Again thanks to everyone for all the info. My picture is much clearer now. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.