I want to bypass mios and log in to my Vera3Lite directly from Homewave.
I’ve NAT’ed port 3480 to my Vera3Lite.
I wonder abit on how to set the Homewave settings.
If I put my official IP in the VeraAddress field and leave the OverrideURL, OverrideType and MiosIgnore off then the app will connect both on localwifi and thru 3G.
After a few tries the IP VeraAddress changes to the local ip adress of my Vera3Lite.
I guess this is because of it connecting thru Mios.
I’ve also tried with MiosIgnore and OverrideType to On, and setting the official IP adress and port in the OverrideURL but this will not let me connect to Vera3 at all.
Wondering if anyone can tell me the optimal settings for connecting directly to my Vera3Lite, without Mios in the picture at all.
To give you a warning, you are opening yourself up to the world. I would highly suggest you do not open up your Vera via your firewall. I would suggest a vpn or ssh route.
[quote=“garrettwp, post:2, topic:174754”]To give you a warning, you are opening yourself up to the world. I would highly suggest you do not open up your Vera via your firewall. I would suggest a vpn or ssh route.
Garrett[/quote]
Thanks for the tip, but can you explain the difference in connecting thru Mios vs. connecting directly to Vera3.
Is the “protocol” used any different ?
@TommyE
Let’s put it this way … you should not argue with your doctor when he says you need to get your appendix out now. You might get a second opinion.
The technical details of why you should not do this are complex and difficult to explain in a forum that has members without significant computer and network background. As Home Automation is on the leading edge … often requiring more advanced computer skills … many of the users on this forum are up to the task … but not all.
But let me give you a second opinion, and if you do not understand it, you should seek out a trusted professional:
Opening Ports except for SSH ports on your router are a BAD idea.
Vera provides an excellent host for hackers to access anything inside your firewall.
The connection through MIOS is safe … as long as the MIOS site is not compromised.
If you want to cut the mios.com servers out of the loop, the best way to do it is to set up a VPN server somewhere on your LAN. You then connect to it from your external device (your phone or laptop or whatever), and now your LAN (Vera included) thinks that you are inside the LAN. Some routers provide VPN server functionality, so you may not even need an extra always-on machine.
mios.com is more than a forwarding service; it also takes care of user authentication and authorization. That’s why bypassing mios.com and giving the world a direct connection to Vera is insecure, unless you provide your own authentication and authorization mechanism (which a VPN is).
I’m in not trying to argue that it can be unsafe to open up my firewall towards my Vera3.
I’m very well into how firewalls and the likes work. I have in my setup a Juniper SSLVPN appliance and I’ve setup my IOS devices to do ondemand vpn with certificate based authentication, so if I use an IP address in my LAN it will automatically open the VPN tunnel and tunnel the traffic thru the VPN.
My ‘issue’ with this is that it takes a few seconds to open the VPN tunnel, and when the better half has to wait that 5-6 seconds when e.g. wanting to open or close the garage door I’m the one who gets it
I want to try the direct connection route to see if this can be a faster way of connecting to the Vera box, as I think the Mios servers slow this down abit.
(Not saying this will be in ‘production’, but I want to test it out, and can’t seem to get the settings just right)
I think I may have misunderstood something in regards to how Homewave ‘logs in to’ Vera when connected locally vs. when connecting from a remote network.
I thought it was the same ‘mecanisms’ in use, but I understand it from previous posts that it is not.
If someone has any thoughts about how to set the settings right, I’d appreciate it.
It should give you an idea about what MCV is doing with its “forwarding” servers, and how different LAN and MiOS access are.
Edit: rereading your post I think I see the misunderstanding. On the LAN there is no “logging into” Vera. Vera doesn’t know about users, nor passwords; that’s all a veneer that mios.com layers on. On the LAN, there is just stateless, unauthenticated, unencrypted HTTP. When you port forward port 3480 to the world you are giving this same access to the world.
When you port forward port 3480 to the world you are giving this same access to the world.
And the API's are so open you can turn the whole Vera unit into a rouge agent to probe and attach any other device on your LAN.
Similarly many Internet cameras are running a Linux based OS. How many of them have intentional and/or unintentional back doors that can be exploited. With the computing power in most devices today … just about any device can be a target … and if you open a port to the WAN for that device, then you just exposed all your LAN devices via that device.
A good quality router is what keeps these attacks moving on to easier targets.
You would be shocked at the number of probes that are made to my pubic IP … checking for vulnerable ports on a regular basis!
