aurevo Posted March 30, 2020 Share Posted March 30, 2020 Hello, due to a Double-NAT situation and the internet connection via LTE, it is currently not possible for me to make the plex externally available via normal port forwarding. Therefore I have installed the Open-VPN Client on the UnRAID to get a fixed external IP address. Unfortunately the web interface of the UnRAID is also made available externally via this connection. Is there a way around this or can the web interface be restricted to local access or specified subnets to prevent bruteforce attacks on login screen? Quote Link to comment
testdasi Posted March 30, 2020 Share Posted March 30, 2020 Wait a sec, how does it work? As in how would Open VPN Client give you an external IP? How did you do it? Quote Link to comment
aurevo Posted March 30, 2020 Author Share Posted March 30, 2020 12 minutes ago, testdasi said: Wait a sec, how does it work? As in how would Open VPN Client give you an external IP? How did you do it? At the moment it is a test access from the following provider (page on german): https://www.internet-xs.de/vpn-internet-zugang/feste-oeffentliche-ipv4-adresse.html So you connect to the provider via Open-VPN and get a fixed external IP address. Quote Link to comment
testdasi Posted March 30, 2020 Share Posted March 30, 2020 Are you actually able to access your Unraid GUI from outside of your own network through the VPN IP? If so, I would recommend you shut that down immediately. No there isn't anyway to restrict access to the Unraid GUI based on what you described. Any configuration needs to be done on the VPN itself (e.g. what port is forwarded, from your description, it looks like it makes your server a DMZ i.e. all ports are forwarded, which is exactly the same as opening your server completely to the Internet). If you install the VPN client on the router then it makes some sense because your router can act as a firewall and restrict access. In which case, you need a very strong router and definitely not use Unraid as a router. Unraid is not hardened for that sort of stuff. Quote Link to comment
aurevo Posted March 30, 2020 Author Share Posted March 30, 2020 1 hour ago, testdasi said: Are you actually able to access your Unraid GUI from outside of your own network through the VPN IP? If so, I would recommend you shut that down immediately. No there isn't anyway to restrict access to the Unraid GUI based on what you described. Any configuration needs to be done on the VPN itself (e.g. what port is forwarded, from your description, it looks like it makes your server a DMZ i.e. all ports are forwarded, which is exactly the same as opening your server completely to the Internet). If you install the VPN client on the router then it makes some sense because your router can act as a firewall and restrict access. In which case, you need a very strong router and definitely not use Unraid as a router. Unraid is not hardened for that sort of stuff. I shut it down, as I recognised that the GUI is accessable from the WWW and someone tried to login via bruteforce attacks. I restricted the access to only the Plex server via the Open-VPN config extended routing, but I thought there is someone with an idea how to disable the GUI for external access. If someone has an idea I would appreciate it, otherwise I have to ask on another place. Thanks! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.