I’m about ready to jump in and play in the lua pond and really set things up the way we want. But I can’t catch a break.
Short version is I need to figure out how to access my vera from a moto Droid remotely.
Because of some issue with MCV’s site certificates along with a bug in Android I can’t use findvera.com.
There’s no official android app in site.
And although the user created homebuddy android app rocks its missing support for some things that I need to make the wife acceptance factor high enough to procede.
So is there ANY way I can get secure access to vera directly from my WAN by fiddling with the firewall or something? Sooner rather than later i’m going to get a schlage lock too- so I’d like some security more than obscurity.
hmmm- honestly i dont know much about vpn’s. I think android allows that. I guess I need to google. Does the router in the vera have all the right stuff installed to do that- or do I need to figure that out too?
to tunnel connections between two linux boxes (Vera and Android) the easiest (and most secure!) is to use [tt]ssh[/tt]. Set your router to forward incoming port 22 to Vera, and from your android do something like:
ssh root@yourhomeipnumber -L8080:localhost:80
that would do two different things: open a command line to Vera, and tunnel any local TCP connection on port 8080 on your android to Vera’s port 80.
with the [tt]ssh[/tt] connection still open, go to your browser and open [url=http://localhost:8080/]http://localhost:8080/[/url]. Don’t worry that it’s [tt]http[/tt] and not [tt]https[/tt], the connection is very tightly encrypted under the ssh protocol.
thanks for the help- sorry this is about to get way more complex- if you have the stomach I can use some help- but if you dont have enough time to get into it all I understand.
I use the Vera1 as my router. Right now I set the firewall to ignores all ports except i forward a few that a windows home server uses. The WHS has ports 80, 443, 4125, and 3389 forwarded to it. The WHS takes care of DDNS so that mycomputername.homeserver.com aims at my dynamic IP address.
I will open port 22 on the vera firewall.
So on my droid i can install ‘connectbot’ which is a “powerfull opensource Secure Shell (SSH) client” So that would get me SSH on the Droid. I installed it and basically it gets me to window that says “use the box below to connect to a host” and it’s looking for ‘username@hostname’
then viola i leave the ssh program on in the background and open a browser on my droid and hit http://localhost:8080/ as you described?
that seems almost too easy.
(actually when i get home to fiddle with the vera firewall I plan to just try it)
but what’s to keep someone else from opening an SSH connection to my vera to do the same? I guess on the vera I enable the username and password on local connections and that would take care of it?
[quote=“michaelk, post:6, topic:165675”]So on my droid i can install ‘connectbot’ which is a “powerfull opensource Secure Shell (SSH) client” So that would get me SSH on the Droid. I installed it and basically it gets me to window that says “use the box below to connect to a host” and it’s looking for ‘username@hostname’
i’ve checked the google group about connectbot, and couldn’t find where to add the [tt]-L8080:localhost:80[/tt] argument. this is where you set the tunnel, so it’s important to get it.
I don’t know how complete is the default Android system, but if you can get to a command line on your phone, it might be easier to type the ssh command there.
[quote=“michaelk, post:6, topic:165675”]then viola i leave the ssh program on in the background and open a browser on my droid and hit http://localhost:8080/ as you described?
that seems almost too easy. :-)[/quote]
it is! ;D
[quote=“michaelk, post:6, topic:165675”](actually when i get home to fiddle with the vera firewall I plan to just try it)
but what’s to keep someone else from opening an SSH connection to my vera to do the same? I guess on the vera I enable the username and password on local connections and that would take care of it?[/quote]
right, by default you use username/password to authenticate; but if you want extra security, you can set a public/private keypair and disallow username/passwords, so any amount of brute-force pasword guessing won’t get anything.
