Tip: Accessing Vera directly through HTTP ( In case cp.mios.com is down )

Community Playground General Discussions
#1
  1. You access vera through cp.mios.com remotely
  2. Sometimes it may be just that, cp.mios.com was not accessible so you can’t get to it remotely
  3. You don’t want to Open up Vera completely to outside your firewall

Possible workaround – Comments Anyone?

  1. Assume, You’ve a HTTP server available in your local network.
  2. Open up an arbitrary port XYZ on your router – Nothing is listening on it.
  3. Login in to your HTTP(S) server securely, with strong username/password
  4. SSH port forward “0.0.0.0:XYZ:LocalVeraIP:80”
  5. Now access Vera from outside using yourpublicip:XYZ
  6. Log out of HTTP(s)
  7. Close the SSH tunnel

So you would create the tunnel after logging in and close it after logging out of http(s).

Thoughts??

#2

BTW - this was the solution I thought of so far - strangely while I was out, I tried to connect through Home Buddy, and it seemed to have some problem connecting remotely - But then it started working again after some time.

#3

It’s the network security equivalent of leaving the keys in the car while you rush into the convenience store.

This won’t protect you if someone else happens upon port XYZ while you’ve got the SSH tunnel open. Your server can’t distinguish incoming connections on port XYZ and know which ones are you and which ones are interlopers.

In an absolute emergency I might take the chance, but as a general access mechanism, it’s not secure.

As part of a secure solution, it’s a start. You would need to add a login mechanism to your server. There is probably an off-the-shelf Apache module to do it.

#4

@futzle,
I love that description, but I would add that the convenience store is in the middle of the projects… It’s amazing how often my Router gets port-scanned by people, presumably looking to do bad things to it.

Bottom line, securing the data in-transit, is only part of the problem. You need Authentication and Authorization mechanisms as well…

#5

@futzle - Agree with guessed - Great analogy futzle :slight_smile:

  1. some really good points here that futzle and guessed provided.
  2. Then again, the tunnel is going to be open only for a short period of time (while I left the car running with keys in it :slight_smile: )

Perhaps I’ll come up with another alternative. So this is not what I really want to do - this is “just in case” as an alternate way of getting to vera and still having a HTTPS based authentication trigger my tunnel open/close…

#6

If you have a computer running on the same LAN as Vera, then just log onto that computer remotely using logmein or something similar. The just go directly to your Vera by IP address. This would avoid the insecure SSH tunnel.

#7

Yep, I thought of that logmein/Teamviwer/even RDP - except If I need to do this on a phone , then it gets little inconvenient.

I havent seen the mios interface on my phone yet, but on xoom it behaves well , I’m assuming that would be the case with a Droid X.

Just while typing this, I just pulled the page on Droid X and looks nice and that was one of the things I wanted to be able to do if I’m not able to connect to cp.mios.com

  1. Xoom has 3G, so that would work well remotely
  2. Droid X - ditto.