Pinch Posted January 25, 2011 Share Posted January 25, 2011 Okay, I'm about to give up. Since wake on lan from the internet won't work through a Netgear router, I've been looking for a way to have unRAID wake my PCs from the LAN, since it's on 24/7, using an http request. After A LOT of searching, I finally managed to do this using user scripts in unMENU, so I thought that was it. Trouble is, allowing access to unMENU from the internet is... dumb, to say the least - there's no security. So two questions: can anyone recommend a different way of achieving the WOL functionality I need? And while we're on the subject of security: is unRAIDs user/pass requirement safe enough to allow external access to the main page? There's a few things I'd like external access to, so this goes both for unRAID, but also in general - what are the security concerns? Is it safe if you're required to login or can anyone who knows what they're doing bypass it without much hassle? Link to comment
Joe L. Posted January 25, 2011 Share Posted January 25, 2011 Okay, I'm about to give up. Since wake on lan from the internet won't work through a Netgear router, I've been looking for a way to have unRAID wake my PCs from the LAN, since it's on 24/7, using an http request. After A LOT of searching, I finally managed to do this using user scripts in unMENU, so I thought that was it. Trouble is, allowing access to unMENU from the internet is... dumb, to say the least - there's no security. Correct. access from the internet is an invite from every script kiddie in the world. It is a really DUMB idea. So two questions: can anyone recommend a different way of achieving the WOL functionality I need?I cannot. No experience to draw upon. VPN is ONLY secure answer. Get a different router that does supply VPN services from the internet. And while we're on the subject of security: is unRAIDs user/pass requirement safe enough to allow external access to the main page? There's a few things I'd like external access to, so this goes both for unRAID, but also in general - what are the security concerns? Is it safe if you're required to login or can anyone who knows what they're doing bypass it without much hassle? As delivered, for almost all unRAID versions, unRAID is wide open. Even if you add a root password. It is not secure for other commonly used IDs. The recent 4.7 release even includes a paragraph in the release notes on how to delete your password files to start with fewer open IDs. (They are open in most prior releases) Quote from 4.7 release notes: Bug fix: disable login on certain non-user accounts. A bug was fixed where certain non-users were able to login via telnet. But to get this fix to apply (if you want), you must follow this procedure: 1. After booting this release, go to your flash share and delete the files 'config/passwd' and 'config/smbpassd' 2. Reboot the server Note: you will need to re-enter any users you had created. You will be hacked if you open your server up to the outside world, and it will not take long either. Don't believe me... look at this thread, and this one, or this one. Joe L. Link to comment
prostuff1 Posted January 25, 2011 Share Posted January 25, 2011 I agree with everything JoeL said above. I access all my unRAID related stuff through a VPN connection to my router. I have a Cisco WRT320N (if I remember correctly) and it is running DDWRT so I can have VPN. It is really your only safe approach for access to your unRAID server. Link to comment
Pinch Posted January 25, 2011 Author Share Posted January 25, 2011 Thanks for the quick replies! Okay, I'll dismiss the thought of allowing external access to the server (main interface). But does this go for all services/packages? Say unRAID-Web - what would be the point of this if external access was a bad idea (most likely a very stupid question!)? WOL can apparently work using PHP, so that may be an option... Deleting the two files in question still wouldn't make it secure, would it? Seeing as VPN is probably the safest approach, which my router doesn't support (and no custom fw is available), I immediately did a search on VPN for unRAID, and apparently some Hamachi "spin-off" exists - would that be secure (forwarding a port to the tower for this service)? Link to comment
Spectrum Posted January 26, 2011 Share Posted January 26, 2011 You can use a DDWRT device behind a router/firewall and get OpenVPN working. I have an old Linksys wireless router that craps out when the wireless functions are enabled, but I flashed it to DDWRT, disabled the wifi stuff, and set up OpenVPN on it. I just forward the OpenVPN ports from my external address to the DDWRT router and I can VPN in fine. I even have it working in bridged mode so I get an internal IP address allowing NetBIOS over TCP/IP to work If you have an old router that is DDWRT capable, that may be an option for you and I could help you get it set up. It is also possible to get OpenVPN set up on unRAID but that is NOT a trivial task. Link to comment
dgaschk Posted January 26, 2011 Share Posted January 26, 2011 You could install Openssh. Link to comment
ReneV Posted January 26, 2011 Share Posted January 26, 2011 DD-WRT has the ability to send magic packets to machines on the local network through its web interface: Administration->WOL. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.