Access my unRaid tower externally?

[superloopy1]

Can some kind person(s) give me some direction in how i go about getting to my server from the outside world? I currently have access to a vpn but dont understand what other 'extras' i need to get this working. In the past i did setup a noip account and have maintained the domain name but am reading somewhere that openvpn is a way forward without understanding why? Amy info appreciated, especially since i'll be away from home for a couple of weeks soon and really need to keep an eye on things! Thanks.

 

Sent from my LG-D855 using Tapatalk

 

 

[JonathanM]

You said you have access to a vpn, but that most likely is a vpn server in another location. What you need is a vpn server inside your network, then you will connect your vpn client to that server. There are several ways to run a vpn server, many medium to high end routers have them built in ready to configure. You can also run a vpn server docker on unraid, but that will require that your unraid server be running and started correctly to access your network. You can also run a vpn server on a raspberry pi if you have one of those.

[superloopy1]

You said you have access to a vpn, but that most likely is a vpn server in another location. What you need is a vpn server inside your network, then you will connect your vpn client to that server. There are several ways to run a vpn server, many medium to high end routers have them built in ready to configure. You can also run a vpn server docker on unraid, but that will require that your unraid server be running and started correctly to access your network. You can also run a vpn server on a raspberry pi if you have one of those.

Thanks, you're right. My vpn is not going to be of any use. I'm busy setting up openvpn docker, managed to get it running nut cant connect. I've got noip docker running alongside. How do i put these two together to allow me to connect externally. Should it be as simple as pointing to my domain via a browser cos it aint working? I've checked that all ip addresses seem valid, noip doing its stuff. Just how to connect??

Sent from my LG-D855 using Tapatalk

[Hoopster]

3 hours ago, superloopy1 said:

Can some kind person(s) give me some direction in how i go about getting to my server from the outside world?

 

Assuming that "access your server from the outside world" means you primarily want access to the unRAID GUI in order to manage the server, a vpn is the best way to go about it.  jonathanm has already explained your options.

 

Personally, I have it set up this way:

 

1 - OpenVPN-AS docker running on unRAID server (server runs 24x7)

2 - No-IP domain name assigned to public IP of my router

3 - Port forwarding rules in the router that forward OpenVPN ports to the LAN IP:ports of my unRAID server

2 - OpenVPN client software installed on my laptops, phones and tablets for remote access via No-IP domain name assigned to unRAID server.

 

Your router may have OpenVPN (or another VPN server) built in which you could configure there.  Personally, I prefer to run it on unRAID.  If your server has IPMI, you could setup a vpn on a Raspberry Pi and start up your server remotely (if it is not running 24x7) from the RPi after you vpn in to it.

 

If you primarily want to access files, documents, etc. perhaps you want to go the Owncloud/Letsencrypt (reverse proxy)/DuckDNS (or No-IP) route which is well documented in these forums.

Edited April 20, 2018 by Hoopster

[JonathanM]

5 minutes ago, Hoopster said:

If you want to access files, documents, etc. perhaps you also want to go the Owncloud/Letsencrypt (reverse proxy)/DuckDNS (or No-IP) route which is well documented in these forums.

A properly set up vpn can allow you access to all those things as well, it is as if you are connected to your home network, all things are accessible through the vpn. If you can do it locally, you can do it remotely, bandwidth allowing.

[Hoopster]

1 minute ago, jonathanm said:

A properly set up vpn can allow you access to all those things as well, it is as if you are connected to your home network, all things are accessible through the vpn. If you can do it locally, you can do it remotely, bandwidth allowing.

Yes, it does.  I just mentioned Owncluod/Letsencrypt as an option since many prefer the "host my own cloud server" approach over the VPN approach.  I did not mean to imply that he needed both and it was not clear from the OP what level of remote access he was really trying to achieve.  I can see how my wording may have been confusing on that point.

 

I connect via VPN and have access to the entire home network.

[Hoopster]

8 minutes ago, superloopy1 said:

Thanks, you're right. My vpn is not going to be of any use. I'm busy setting up openvpn docker, managed to get it running nut cant connect. I've got noip docker running alongside. How do i put these two together to allow me to connect externally. Should it be as simple as pointing to my domain via a browser cos it aint working? I've checked that all ip addresses seem valid, noip doing its stuff. Just how to connect??

Sent from my LG-D855 using Tapatalk
 

The No-IP docker is only for updating the public IP address associated with your No-IP domain name.  You don't need that docker for access to the server and many routers have a built-in way to manage DDNS.  I do not run the No-IP docker.

 

Have you setup any port forwarding rules in your router?  Is the VPN client software installed on your clients and configured for your No-IP domain name?

 

It is not as simple as pointing your client via a browser to your domain name.  You need to first make a vpn connection from a vpn client on your remote devices to the OpenVPN server on unRAID. 

[superloopy1]

The No-IP docker is only for updating the public IP address associated with your No-IP domain name.  You don't need that docker for access to the server and many routers have a built-in way to manage DDNS.  I do not run the No-IP docker.

 

Have you setup any port forwarding rules in your router?  Is the VPN client software installed on your clients and configured for your No-IP domain name?

 

It is not as simple as pointing your client via a browser to your domain name.  You need to first make a vpn connection from a vpn client on your remote devices to the OpenVPN server on unRAID. 

Yes . i have opened up ports on router but wasnt aware of my android end needing a vpn client. Whats involved there? Just had a look at openvpn for android, will that be the right app, and cant see whats needed there?

 

Sent from my LG-D855 using Tapatalk

 

 

 

[Hoopster]

3 minutes ago, superloopy1 said:

Yes . i have opened up ports on router but wasnt aware of my android end needing a vpn client. Whats involved there? Just had a look at openvpn for android and cant see whats needed there?

Sent from my LG-D855 using Tapatalk
 

You need to load a VPN user profile into your VPN client on Android.

 

Login to the VPN server as an admin user.  When the screen below appears, download a user-locked profile.

 

 

If you setup your Open-VPN server with your No-IP server name (which you should have done), this profile will be configured to connect to that server name with your admin user credentials.

 

Import that profile into your Android OpenVPN client.  On my iPhone, I had to email the profile to myself and open it from email.  The Android probably will let you import directly from the client.

[Hoopster]

Here's what it looks like on my Windows 10 laptop with OpenVPN client and two users profiles (for two different unRAID servers) installed:

 

 

Since I have two servers, from the OpenVPN client, I pick the one to which to connect via the downloaded user profile from each server.

[superloopy1]

Here's what it looks like on my Windows 10 laptop with OpenVPN client and two users profiles (for two different unRAID servers) installed:
 

 
Since I have two servers, from the OpenVPN client, I pick the one to which to connect via the downloaded user profile from each server.

Thanks v.much, i'm nearly there! Profile downloaded and imported onto phone. Connect attempt throws back code 111, connection refused. I've checked out the obvious things but it seems theres some 'variable' possibly missing at the docker end??

Sent from my LG-D855 using Tapatalk

[superloopy1]

Thanks v.much, i'm nearly there! Profile downloaded and imported onto phone. Connect attempt throws back code 111, connection refused. I've checked out the obvious things but it seems theres some 'variable' possibly missing at the docker end??

Sent from my LG-D855 using Tapatalk

Progress!!
I'm now connected after a fashion, key icon at top of screen and able to 192.168.1.10 into my unraid server. Does that sound about right. I was thinking that i should be able to access via my domain name or am i way off beam here? Ultimately i need to be able to access my files easily, and not just the server gui itself, how do i go about that? Bear in mind that i'm a linux/android illiterate [emoji2]

Sent from my LG-D855 using Tapatalk

[itimpi]

You access them just as if you were locally connected to your LAN.    With a VPN connection active you are emulating being locally connected.

[Hoopster]

28 minutes ago, superloopy1 said:

Progress!!
I'm now connected after a fashion, key icon at top of screen and able to 192.168.1.10 into my unraid server. Does that sound about right. I was thinking that i should be able to access via my domain name or am i way off beam here? Ultimately i need to be able to access my files easily, and not just the server gui itself, how do i go about that? Bear in mind that i'm a linux/android illiterate

Sent from my LG-D855 using Tapatalk
 

The domain name you established with No-IP is just to simplify access so you don't have to change things on the vpn config every time your ISP decides to change your public IP address. The No-IP docker or your router will maintain the public IP address/domain name link with No-IP.  That domain name is never used internally.  You access your local server via vpn just like you would if in your home network (either via IP address or local server name).

 

I use Windows (but the same concepts hold on a Mac) on my laptop so once in via my VPN, I can browse the network in Windows Explorer.  On my iPhone/tablets I have a file browsing app that lets me see my local network much like Windows Explorer does.

Edited April 20, 2018 by Hoopster

[superloopy1]

You access them just as if you were locally connected to your LAN.    With a VPN connection active you are emulating being locally connected.

Ah ... not quite how i thought it would work then. So, whats the best way to be able to 'see' my windows file structure representing my server shares? I have got a working windows vm on the server but will the same vpn process work from within a vm?

Sent from my LG-D855 using Tapatalk

[itimpi]

How do you see the files from your Android device when it is locally connected?   You should do the same thing with the VPN active.  Presumably you run sort of File Manager app on the Android device.

Edited April 20, 2018 by itimpi

[superloopy1]

How do you see the files from your Android device when it is locally connected?   You should do the same thing with the VPN active.  Presumably you run sort of File Manager app on the Android device.

I haven't used it for the purpose so all of this is breaking new ground for me.

 

Hoopster....thanks also for all the input, i'm not quite there yet and need to suss a file browser for my tablet which will show me the 'shares'. I think i'm doing this the wrong way around and., although i can now see the unraid gui, i need some windowsy way if seeing a file explorer view of whats on there? Any ideas?

 

Sent from my LG-D855 using Tapatalk

 

 

 

[1812]

Tonido docker app and done.

[superloopy1]

Tonido docker app and done.

Thanks. I'll take a look at that as well. I've just added dynamic dns to my router and it seems it can connect to any of my servers even though i've only got openvpnas on one and the portfardobg is only to the one address. Is this right? Or do i no longer need an openvpn docker when the router handles the dymamic address? I'm really confused about all of this ...

 

Sent from my LG-D855 using Tapatalk

 

 

 

[itimpi]

4 minutes ago, superloopy1 said:

Thanks. I'll take a look at that as well. I've just added dynamic dns to my router and it seems it can connect to any of my servers even though i've only got openvpnas on one, is this right? Or do i no longer need an openvpn docker when the router handles the dymamic address? I'm really confused about all of this ...

Sent from my LG-D855 using Tapatalk
 

The dyndns feature is aimed at keeping your networks external IP address synchronised with a domain name (your ISP can arbitrarily change the external address unless you explicitly pay to have a fixed address).  As such it is independent of the incoming VPN other than to allow a constant network name to be used when connecting externally).

 

The VPN feature applies after (using the dyndns address) you have tunnelled into your home network.    At that point you can see anything on your home network that is visible to the VPN server on your home network.    You now use addresses on your local LAN to access such devices.

 

it is important to realise that these are two independent services that are typically used to solve two different problems you encounter when trying to set up external access.

• the dyndns service gives you a consistent network name that can be used externally to refer to your home system
• the VPN service allows you to securely tunnel into your home network so you have the same capabilities as when you are locally attached to your home network.

[superloopy1]

The dyndns feature is aimed at keeping your networks external IP address synchronised with a domain name (your ISP can arbitrarily change the external address unless you explicitly pay to have a fixed address).  As such it is independent of the incoming VPN other than to allow a constant network name to be used when connecting externally).
 
The VPN feature applies after (using the dyndns address) you have tunnelled into your home network.    At that point you can see anything on your home network that is visible to the VPN server on your home network.    You now use addresses on your local LAN to access such devices.
 
it is important to realise that these are two independent services that are typically used to solve two different problems you encounter when trying to set up external access.

• the dyndns service gives you a consistent network name that can be used externally to refer to your home system
• the VPN service allows you to securely tunnel into your home network so you have the same capabilities as when you are locally attached to your home network.

Ok ... so when/why would i need openvpn-as on my server if i can see everything from the router. Or have i just answered my own question there, if i dont/cant configure the router then openvpn is next best option on each specific server (i have 3 microservers)? Is there any risk in setting up dyn dns at the router level?

Sent from my LG-D855 using Tapatalk

[remotevisitor]

Security!

 

if you have opened ports on your router to access applications on your systems then each one is a possible avenue for someone on the internet to exploit if any of those applications is not securely configure or has bugs which can be exploited.   Some of those apps might not have been written by security experts as that is likely to be its secondary purpose.

 

Also all the network traffic between you and your home system can be potentially intercepted and analysed and used to attack your home system.   How secure is the Wi-Fi connection you use at the hotel/bar/etc that you might use?   Do you know who controls all the network devices that handle the network traffic between where you are and your home system and do you trust them?

 

By using OpenVPN you are ensuring the connection between you and your home network is protected by having all the network traffic encrypted and you are using an application specifically designed to be secure and only requires a single port to be opened one your router.    This all significantly reduces the likelihood of a security breach into your home network.

[superloopy1]

Security!

 

if you have opened ports on your router to access applications on your systems then each one is a possible avenue for someone on the internet to exploit if any of those applications is not securely configure or has bugs which can be exploited.   Some of those apps might not have been written by security experts as that is likely to be its secondary purpose.

 

Also all the network traffic between you and your home system can be potentially intercepted and analysed and used to attack your home system.   How secure is the Wi-Fi connection you use at the hotel/bar/etc that you might use?   Do you know who controls all the network devices that handle the network traffic between where you are and your home system and do you trust them?

 

By using OpenVPN you are ensuring the connection between you and your home network is protected by having all the network traffic encrypted and you are using an application specifically designed to be secure and only requires a single port to be opened one your router.    This all significantly reduces the likelihood of a security breach into your home network.

Thanks ... I thought as much. But what if i need to see all of my servers? Do i need to install an openvpn instance on each one and then set up a port forwarding rule in the router to each one? If thats whats needed then why do people recommend running dyndns at router level? How do they secure the network beyond then?

 

Sent from my LG-D855 using Tapatalk

 

 

 

[remotevisitor]

No.

 

You set OpenVPN up on one server.

 

When you connect remotely via OpenVPN, your remote device will appear as if it is directly connected to your home network.

 

So any system you can access when using your device while at home, you will also be able to access via the remote connection.

[superloopy1]

No.
 
You set OpenVPN up on one server.
 
When you connect remotely via OpenVPN, your remote device will appear as if it is directly connected to your home network.
 
So any system you can access when using your device while at home, you will also be able to access via the remote connection.

Still not getting this, sorry. I have 3 unraid servers, openvpn-as is running as a docker on one only. Are you saying that i'll be able to manage all three servers, theyre obviously not connected other than being on the same lan, from just this one instance?

Sent from my LG-D855 using Tapatalk