Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Pommes wrote: > So i tried at work, it works, it is SO AWESOME! > The only thing i need to do after complete reboot: > Connect to radio on mysqueezebox.com, after that i can connect to my > home library. > > THANK YOU SO MUCH! > Regards > Pommes Happy you got it working. You're welcome. Ralphy *1*-Touch, *5*-Classics, *3*-Booms, *2*-UE Radio 'Squeezebox client builds' (https://sourceforge.net/projects/lmsclients/files/) 'donations' (https://www.paypal.com/cgi-bin/webscr?cmd=_donations=LL5P6365KQEXN=CA_name=Squeezebox%20client%20builds_code=USD=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted) always appreciated. ralphy's Profile: http://forums.slimdevices.com/member.php?userid=3484 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Pommes wrote: > AMAZING!!!AWESOME!!! > Its working here, i can confirm by connecting touch wireless via iphone > hotspot to my home network. > I confirm to 48khz 24bit flac > The only problem i have: > even with > # Start openvpn > /usr/sbin/openvpn --config /etc/openvpn/touch.ovpn --daemon > in rcS.local > it doesnt connect. > Only after manually repeating this command via ssh, i can get that > connection. > I will try at work tomorrow with better wifi, might be a problem of > iphone hotspot. > But is s there a chance to delay rcS.local or rerun after for example 30 > seconds after boot? > > Thank you SO MUCH! So i tried at work, it works, it is SO AWESOME! The only thing i need to do after complete reboot: Connect to radio on mysqueezebox.com, after that i can connect to my home library. THANK YOU SO MUCH! Regards Pommes The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
ralphy wrote: > Okay. I've add 'fab4-openvpn-2.4.10.zip' > (https://sourceforge.net/projects/lmsclients/files/squeezeos/fab4-openvpn-2.4.10.zip/download) > which only has the openssl version of openvpn and the tun kernel > driver. > > The openvpn client on the touch is not something I'm prepared to support > going forward, so hopefully this is enough to get you going. > > Upload fab4-openvpn-2.4.10.zip and your openvpn config/cert files to the > /dev folder on the touch. > > > Code: > > > # Extract the zip file. > cd /dev > unzip fab4-openvpn-2.4.10.zip > > # Move openvpn to /usr/sbin and make it executable > mv /dev/openvpn /usr/sbin > chmod 755 /usr/sbin/openvpn > > # Move the tunnel kernel module > mv /dev/tun.ko /lib/modules/2.6.26.8-rt16-332-g5849bfa > > # Create /etc/openvpn for your config files. > mkdir -p /etc/openvpn > > # Copy/move your openvpn config files from /dev to /etc/openvpn > > > > > > Then in /etc/init.d/rcS.local add > > > Code: > > > #!/bin/sh > > # Load the tunnel kernel module. > insmod /lib/modules/2.6.26.8-rt16-332-g5849bfa/tun.ko > > # Start openvpn > /usr/sbin/openvpn --config /etc/openvpn/touch.ovpn --daemon > > # Make rcS.local executable > chmod 755 /etc/init.d/rcS.local > > > > > You can add any additional command line options you need as well. > > Be careful as you can end up blocking ssh access when openvpn starts > and the only way to get it back is to factory reset the touch. > > I'd suggest you don't automatically start openvpn in rcS.local until > you're confident that you have a working VPN connection and can still > ssh into the touch. > > Also if you need openvpn to update /etc/resolv.conf then you'll also > need to upload/create a script that parses DHCP options from openvpn > to update resolv.conf > and add something like this to your openvpn config file. > > > Code: > > up /etc/openvpn/update-resolv-conf > down /etc/openvpn/update-resolv-conf > > AMAZING!!!AWESOME!!! Its working here, i can confirm by connecting touch wireless via iphone hotspot to my home network. I confirm to 48khz 24bit flac The only problem i have: even with # Start openvpn /usr/sbin/openvpn --config /etc/openvpn/touch.ovpn --daemon in rcS.local it doesnt connect. Only after manually repeating this command via ssh, i can get that connection. I will try at work tomorrow with better wifi, might be a problem of iphone hotspot. But is s there a chance to delay rcS.local or rerun after for example 30 seconds after boot? Thank you SO MUCH! The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Pommes wrote: > I have the latest custom firmware on touch, i downloaded > fab4-openvpn-2.4.10.tar.gz, i can ssh into touch and modify > /etc/init.d/rcS.local, but in which folder would i put the > fab4-openvpn-2.4.10.tar.gz, do i need to unzip it first? And where would > i put the .openvpn, and do i need to put the ca , key or crt or anything > else in some specific folder? And where do i put the user and password. > I know, a lot of questions but I hope i can get the answers here, i > really would like to try this:-) > some hints, please? and maybe i can find out the rest via google... > > Thanks, regards > Pommes Okay. I've add 'fab4-openvpn-2.4.10.zip' (https://sourceforge.net/projects/lmsclients/files/squeezeos/fab4-openvpn-2.4.10.zip/download) which only has the openssl version of openvpn and the tun kernel driver. The openvpn client on the touch is not something I'm prepared to support going forward, so hopefully this is enough to get you going. Upload fab4-openvpn-2.4.10.zip and your openvpn config/cert files to the /dev folder on the touch. Code: # Extract the zip file. cd /dev unzip fab4-openvpn-2.4.10.zip # Move openvpn to /usr/sbin and make it executable mv /dev/openvpn /usr/sbin chmod 755 /usr/sbin/openvpn # Move the tunnel kernel module mv /dev/tun.ko /lib/modules/2.6.26.8-rt16-332-g5849bfa # Create /etc/openvpn for your config files. mkdir -p /etc/openvpn # Copy/move your openvpn config files from /dev to /etc/openvpn Then in /etc/init.d/rcS.local add Code: #!/bin/sh # Load the tunnel kernel module. insmod /lib/modules/2.6.26.8-rt16-332-g5849bfa/tun.ko # Start openvpn /usr/sbin/openvpn --config /etc/openvpn/touch.ovpn --daemon # Make rcS.local executable chmod 755 /etc/init.d/rcS.local You can add any additional command line options you need as well. Be careful as you can end up blocking ssh access when openvpn starts and the only way to get it back is to factory reset the touch. I'd suggest you don't automatically start openvpn in rcS.local until you're confident that you have a working VPN connection and can still ssh into the touch. Also if you need openvpn to update /etc/resolv.conf then you'll also need to upload/create a script that parses DHCP options from openvpn to update resolv.conf and add something like this to your openvpn config file. Code: up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf Ralphy *1*-Touch, *5*-Classics, *3*-Booms, *2*-UE Radio 'Squeezebox client builds' (https://sourceforge.net/projects/lmsclients/files/) 'donations' (https://www.paypal.com/cgi-bin/webscr?cmd=_donations=LL5P6365KQEXN=CA_name=Squeezebox%20client%20builds_code=USD=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted) always appreciated. ralphy's Profile: http://forums.slimdevices.com/member.php?userid=3484 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
ralphy wrote: > I've been investigating adding SSL support to the community firmware and > have built two versions of openvpn for the touch using mbedtls and > openssl. > > Unfortunately, mbedtls doesn't support many ciphers or digests, nor TLS > 1.3. Which is too bad as it's much lighter than openssl. I had already > built openvpn with it before I realized those limitations. > > The touch can handle moderate traffic with openvpn-openssl without > taxing the CPU. Here's a few top snapshots playing 16bit, 44.1Khz ALAC > files over a remote DSL connection. I choose ALAC instead of FLAC since > jive uses more CPU decoding ALAC. I didn't try any higher resolution > files. > > ALAC Track start. > > Code: > > > PID PPID USER STAT VSZ %MEM %CPU COMMAND > 12253 1 root R 5660 4% 25% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon > 16819 1 root S28968 23% 17% /usr/bin/jive > 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 > 16827 16819 root S 8608 7% 3% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 > > > > > Plackback after 1 minute. > > Code: > > > PID PPID USER STAT VSZ %MEM %CPU COMMAND > 12253 1 root S 5660 4% 6% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon > 16819 1 root R29100 23% 14% /usr/bin/jive > 16828 16819 root S 8528 7% 3% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 > 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 > > > > > Playback after 3 minutes. > > Code: > > > PID PPID USER STAT VSZ %MEM %CPU COMMAND > 12253 1 root R 5660 4% 9% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon > 16819 1 root S29100 23% 20% /usr/bin/jive > 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 > 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 > > > > > 5 seconds before the Next ALAC Track start. > > Code: > > > PID PPID USER STAT VSZ %MEM %CPU COMMAND > 12253 1 root R 5660 4% 30% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon > 16819 1 root S29232 23% 20% /usr/bin/jive > 16828 16819 root S 8528 7% 5% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 > 16827 16819 root S 8608 7% 5% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 > > > > > Both openvpn versions and the kernel tun.ko driver are 'available on > sourceforge' > (https://sourceforge.net/projects/lmsclients/files/squeezeos/fab4-openvpn-2.4.10.tar.gz/download). > This is only for the Touch it won't run on the Radio or Controller. > > You need to load the tun kernel driver using *insmod tun.ko* before > running openssl or the commands can be added to /etc/init.d/rcS.local > if you wanted openvpn to start at boot. I have the latest custom firmware on touch, i downloaded fab4-openvpn-2.4.10.tar.gz, i can ssh into touch and modify /etc/init.d/rcS.local, but in which folder would i put the fab4-openvpn-2.4.10.tar.gz, do i need to unzip it first? And where would i put the .openvpn, and do i need to put the ca , key or crt or anything else in some specific folder? And where do i put the user and password. I know, a lot of questions but I hope i can get the answers here, i really would like to try this:-) some hints, please? and maybe i can find out the rest via google... Thanks, regards Pommes The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
ralphy wrote: > I've been investigating adding SSL support to the community firmware and > have built two versions of openvpn for the touch using mbedtls and > openssl. > > Unfortunately, mbedtls doesn't support many ciphers or digests, nor TLS > 1.3. Which is too bad as it's much lighter than openssl. I had already > built openvpn with it before I realized those limitations. > > The touch can handle moderate traffic with openvpn-openssl without > taxing the CPU. Here's a few top snapshots playing 16bit, 44.1Khz ALAC > files over a remote DSL connection. I choose ALAC instead of FLAC since > jive uses more CPU decoding ALAC. I didn't try any higher resolution > files. > > ALAC Track start. > > Code: > > > PID PPID USER STAT VSZ %MEM %CPU COMMAND > 12253 1 root R 5660 4% 25% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon > 16819 1 root S28968 23% 17% /usr/bin/jive > 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 > 16827 16819 root S 8608 7% 3% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 > > > > > Plackback after 1 minute. > > Code: > > > PID PPID USER STAT VSZ %MEM %CPU COMMAND > 12253 1 root S 5660 4% 6% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon > 16819 1 root R29100 23% 14% /usr/bin/jive > 16828 16819 root S 8528 7% 3% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 > 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 > > > > > Playback after 3 minutes. > > Code: > > > PID PPID USER STAT VSZ %MEM %CPU COMMAND > 12253 1 root R 5660 4% 9% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon > 16819 1 root S29100 23% 20% /usr/bin/jive > 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 > 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 > > > > > 5 seconds before the Next ALAC Track start. > > Code: > > > PID PPID USER STAT VSZ %MEM %CPU COMMAND > 12253 1 root R 5660 4% 30% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon > 16819 1 root S29232 23% 20% /usr/bin/jive > 16828 16819 root S 8528 7% 5% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 > 16827 16819 root S 8608 7% 5% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 > > > > > Both openvpn versions and the kernel tun.ko driver are 'available on > sourceforge' > (https://sourceforge.net/projects/lmsclients/files/squeezeos/fab4-openvpn-2.4.10.tar.gz/download). > This is only for the Touch it won't run on the Radio or Controller. > > You need to load the tun kernel driver using *insmod tun.ko* before > running openssl or the commands can be added to /etc/init.d/rcS.local > if you wanted openvpn to start at boot. Wow, this sounds amazing. Unfortunately I do not understand a lot of what you were saying because I am not a linux pro. If I have an open VPN config file and a key file etc., would this be possible to connect my Touch via open VPN to my home network? What would I need to do to accomplish? Ralphy , I know you are very busy with all kinds of things, I hope somebody else has the time to explain to me. To me this sounds like very good news, so it might be possible to use my touch remotely? Thank you very much, Regards Pommes The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
I've been investigating adding SSL support to the community firmware and have built two versions of openvpn for the touch using mbedtls and openssl. Unfortunately, mbedtls doesn't support many ciphers or digests, nor TLS 1.3. Which is too bad as it's much lighter than openssl. I had already built openvpn with it before I realized those limitations. The touch can handle moderate traffic with openvpn-openssl without taxing the CPU. Here's a few top snapshots playing 16bit, 44.1Khz ALAC files over a remote DSL connection. I choose ALAC instead of FLAC since jive uses more CPU decoding ALAC. I didn't try any higher resolution files. ALAC Track start. Code: PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 25% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S28968 23% 17% /usr/bin/jive 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 3% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 Plackback after 1 minute. Code: PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root S 5660 4% 6% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root R29100 23% 14% /usr/bin/jive 16828 16819 root S 8528 7% 3% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 Playback after 3 minutes. Code: PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 9% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S29100 23% 20% /usr/bin/jive 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 5 seconds before the Next ALAC Track start. Code: PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 30% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S29232 23% 20% /usr/bin/jive 16828 16819 root S 8528 7% 5% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 5% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 Both openvpn versions and the kernel tun.ko driver are 'available on sourceforge' (https://sourceforge.net/projects/lmsclients/files/squeezeos/fab4-openvpn-2.4.10.tar.gz/download). This is only for the Touch it won't run on the Radio or Controller. You need to load the tun kernel driver using *insmod tun.ko* before running openssl or the commands can be added to /etc/init.d/rcS.local if you wanted openvpn to start at boot. Ralphy *1*-Touch, *5*-Classics, *3*-Booms, *2*-UE Radio 'Squeezebox client builds' (https://sourceforge.net/projects/lmsclients/files/) 'donations' (https://www.paypal.com/cgi-bin/webscr?cmd=_donations=LL5P6365KQEXN=CA_name=Squeezebox%20client%20builds_code=USD=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted) always appreciated. ralphy's Profile: http://forums.slimdevices.com/member.php?userid=3484 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
I've been investigating adding SSL support to the community firmware and have built two versions of openvpn for the touch using mbedtls and openssl. Unfortunately, mbedtls doesn't support many ciphers or digests, nor TLS 1.3. Which is too bad as it's much lighter than openssl. I had already built openvpn with it before I realized those limitations. The touch can handle moderate traffic with openvpn-openssl without taxing the CPU. Here's a few top snapshots playing a 16bit, 44.1Khz ALAC files over a remote DSL connection. I choose ALAC instead of FLAC since jive uses more CPU decoding ALAC. I didn't try any higher resolution files. ALAC Track start. Code: PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 25% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S28968 23% 17% /usr/bin/jive 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 3% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 Plackback after 1 minute. Code: PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root S 5660 4% 6% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root R29100 23% 14% /usr/bin/jive 16828 16819 root S 8528 7% 3% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 Playback after 3 minutes. Code: PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 9% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S29100 23% 20% /usr/bin/jive 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 ALAC 8 seconds before Next Track start. Code: PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 30% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S29232 23% 20% /usr/bin/jive 16828 16819 root S 8528 7% 5% jive_alsa -v -d default -c default -b 2 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 5% jive_alsa -v -d plughw:2,0 -b 2 -p 2 -s 16 -f 2 Both openvpn versions and the kernel tun.ko driver are 'available on sourceforge' (https://sourceforge.net/projects/lmsclients/files/squeezeos/). This is only for the Touch it won't run on the Radio. You need to load the tun kernel driver using *insmod tun.ko* before running openssl or add the commands to /etc/init.d/rcS.local if you wanted openvpn to start at boot. I've also been testing a version of squeezelite with SSL on the Touch and Radio to see if it's worth trying to add SSL support to the firmware and both devices have no problems playing direct https streams. Unfortunately, it's not straight forward to run squeezelite with squeezeplay. You need to change enableAudio=1 in Playback.lua and restart squeezeplay before squeezelite with run. Additionally on the Radio you have to modify several lua files to stop the automatic powering off the amp when the idle timer triggers. One neat feature using squeezelite on the touch is you can run separate instances on the RCA and SPDIF jacks for 2 zones and you can use Choose Player to control either one. Ralphy *1*-Touch, *5*-Classics, *3*-Booms, *2*-UE Radio 'Squeezebox client builds' (https://sourceforge.net/projects/lmsclients/files/) 'donations' (https://www.paypal.com/cgi-bin/webscr?cmd=_donations=LL5P6365KQEXN=CA_name=Squeezebox%20client%20builds_code=USD=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted) always appreciated. ralphy's Profile: http://forums.slimdevices.com/member.php?userid=3484 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
d6jg wrote: > It is possible to install and run squeezelite on OpenWRT so (in theory) > you could dispense with the Touch and control an instance of squeezlite > running on this little box with USB Audio out from a mobile also > connected to it via WiFi Nice idea, but I want to use the touch because of the screen, it is convenient to handle. I have a raspberry picore with open VPNclient, so I have a similar kind of what you are describing, no need for the router itself then. But thanks, actually a pretty good idea. Maybe I will just try it for fun. The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Pommes wrote: > I just bought a gl-mt300n-v2. > I have openvpn server running on my synology nas and openvpn client > running on the gl-mt300n-v2. > Superb solution to connect to my music remotely. > And the gl-mt300n-v2 is powered by the usb of my Squeezebox Touch. > Totally recommend if you would like to use your Touch, and not the > raspberry with PicorePlayer, which does work too with openvpn. > Thanks for the hints! > Regards > Pommes It is possible to install and run squeezelite on OpenWRT so (in theory) you could dispense with the Touch and control an instance of squeezlite running on this little box with USB Audio out from a mobile also connected to it via WiFi VB2.4[/B] STORAGE *QNAP TS419P (NFS) [B]Living Room* Joggler & Pi4/Khadas -> Onkyo TXNR686 -> Celestion F20s *Office* Joggler & Pi3 -> Denon RCD N8 -> Celestion F10s *Dining Room* SB Boom *Kitchen* UE Radio (upgraded to SB Radio) *Bedroom (Bedside)* Pi Zero+DAC ->ToppingTP21 ->AKG Headphones *Bedroom (TV) & Bathroom* SB Touch ->Denon AVR ->Mordaunt Short M10s + Kef ceiling speakers *Guest Room* Joggler > Topping Amp -> Wharfedale Modus Cubes Everything controlled by iPeng & Material on iOS d6jg's Profile: http://forums.slimdevices.com/member.php?userid=44051 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
gordonb3 wrote: > Right... > > Well like I said, the kernel in the Squeezeplay devices (Radio, Touch) > do not support VPN and while in theory it is possible to create the > modules to add that functionality that will prove to be extremely > difficult. I'd say your best bet would be to use a travel router like > the GL.iNet GL-MT300N-V2 which appears to be a steal on Amazon at just > over 20 euros. I just bought a gl-mt300n-v2. I have openvpn server running on my synology nas and openvpn client running on the gl-mt300n-v2. Superb solution to connect to my music remotely. And the gl-mt300n-v2 is powered by the usb of my Squeezebox Touch. Totally recommend if you would like to use your Touch, and not the raspberry with PicorePlayer, which does work too with openvpn. Thanks for the hints! Regards Pommes The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
I just bought a gl-mt300n-v2. I have openvpn server running on my synology nas and openvpn client running on the gl-mt300n-v2. Superb solution to connect to my music remotely. And the gl-mt300n-v2 is powered by the usb of my Squeezebox Touch. Totally recommend if you would like to use your Touch, and not the raspberry with PicorePlayer, which does work too with openvpn. Thanks for the hints! Regards Pommes The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
gordonb3 wrote: > Right... > > Well like I said, the kernel in the Squeezeplay devices (Radio, Touch) > do not support VPN and while in theory it is possible to create the > modules to add that functionality that will prove to be extremely > difficult. I'd say your best bet would be to use a travel router like > the GL.iNet GL-MT300N-V2 which appears to be a steal on Amazon at just > over 20 euros. Wow, awesome, I will buy it. Seems to be exactly the solution I was looking for. Thank you so much!:-) The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Right... Well like I said, the kernel in the Squeezeplay devices (Radio, Touch) do not support VPN and while in theory it is possible to create the modules to add that functionality that will prove to be extremely difficult. I'd say your best bet would be to use a travel router like the GL.iNet GL-MT300N-V2 which appears to be a steal on Amazon at just over 20 euros. gordonb3's Profile: http://forums.slimdevices.com/member.php?userid=71050 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
I thought that one of the reasons that Touch does not do https is that it is not powerful enough to do the extra work required to keep such a connection running at speed. If that is the case then I can imagine that it would also struggle if all of the audio data came through a VPN connection that it had to manage itself. Paul Webster http://dabdig.blogspot.com author of \"now playing\" plugins covering radio france (fip etc), kcrw, supla finland, abc australia, cbc/radio-canada and rte ireland Paul Webster's Profile: http://forums.slimdevices.com/member.php?userid=105 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Paul Webster wrote: > Using RPi on the network as a VPN gateway for other devices on the local > network should work fine ... it is just a Linux box after all. > > For example > https://www.tomshardware.com/uk/reviews/raspberry-pi-vpn-gateway,6103.html > > Note - where this refers to a commercial VPN provider simply change that > to be your own remote (at home) OpenVPN. Thanks, that might be a considerable solution for places where i could access the router. Still a lot of fiddling involved. Even Picoreplayer without physical access to the ethernetports of the router is kind of hassle to connect to the wifi of that router. The touch is so convinient to use, lets you scan the wifis via touchscreen and Openvpn on a touch itself would be so much easier. But thank you, at least an option to think about:-) The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Using RPi on the network as a VPN gateway for other devices on the local network should work fine ... it is just a Linux box after all. For example https://www.tomshardware.com/uk/reviews/raspberry-pi-vpn-gateway,6103.html Note - where this refers to a commercial VPN provider simply change that to be your own remote (at home) OpenVPN. Paul Webster http://dabdig.blogspot.com author of \"now playing\" plugins covering radio france (fip etc), kcrw, supla finland, abc australia, cbc/radio-canada and rte ireland Paul Webster's Profile: http://forums.slimdevices.com/member.php?userid=105 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Pommes wrote: > Dear forum members. > I have been asking similar kinds of questions before: > I have been able to use picoreplayer with open VPN to connect to my LMS > at home, it is working very well. > But I also have squeezebox touches and a Radio, on which open VPN is not > possible. > My LMS is running on a dedicated picore raspberry 4, the music is on a > Nas, accessed via NFS mount. > So I have a few questions: > Is it in theory possible, that somebody could create some kind of open > VPN client app, which one could install on the squeezebox touch and > radio itself? > If I open the LMS ports, so the touches can access LMS, what would I > risk? Would it be possible that somebody could delete all the music on > the NFS share? > If only the LMS itself would be at risk, I do not worry too much, > because I have a few back ups of the whole LMS system. > Would it be possible , that there would be some kind of Mac filter in > LMS, so only whitelisted devices could access the LMS in my home > network? > Please let me know if you have any other tips or insight regarding my > situation. > Thank you very much, > Regards Pommes I havent really thought hard about this but I think it is possible to use a Pi as a VPN router to allow you to connect to your home VPN. I spent some time in the US and connected the local network via openVPN to my home in the UK for this reason Jeff *Want a webapp ?* Get SqueezeLite-X ! https://forums.slimdevices.com/showthread.php?108550-Announce-Squeezelite-X=903953=1#post903953 Jeff07971's Profile: http://forums.slimdevices.com/member.php?userid=49290 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
gordonb3 wrote: > The use case is unclear to me. Would you be taking those devices along > on travels and attempt connect through hotel or other public access > points? If that is the case I would let the idea go. > > > In theory yes, but the first challenge would be to get the kernel > modules > > > That will depend on whether the LMS user has write privileges to the > share, which it will likely have to be able to store playlists. > > > Not that I'm aware of, but this might be set up using iptables rules. > The main problem here however is that as you will be traveling multiple > routers the LMS machine will never actually see the originating MAC > address. > > > It is quite possible that your ISP provided internet router has some > type of VPN capability, or you could replace it with one that has, or > cascade one behind it. Provided you control the network on both ends of > the connection you could then set up site-to-site VPN and not need to > worry about individual devices. Right now I am taking my picore player with open VPN installed to my workplace, to my friends place or to my fathers place. I just connected to the Wi-Fi of that place, and it works perfectly, it connects to my LMS at home, I do not have to configure anything on my friends/works router. at home I am running an asus router with open VPN server installed. I didnt try in a hotel or public place, but I think this might work as well, and using open VPN should be safe to do? I only have one picoreplayer with a touchscreen, but I have several squeezebox touch which I do not use at this moment. And if somehow I could install open VPN on those, I could just leave them at my friends place or at work. The LMS user has read and write privileges to the music share, but I could change that to read only, and create an additional share for the playlists. But I think I will just take my Picoreplayer with open VPN, because I dont want to risk getting hacked, and maybe have some guy deleting all my files on my nas. Thank you. I still have hopes, that somebody who has the skills will create an open vpn client app for the squeezebox touch someday :-) The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Pommes wrote: > Dear forum members. > I have been able to use picoreplayer with open VPN to connect to my LMS > at home, it is working very well. > But I also have squeezebox touches and a Radio, on which open VPN is not > possible. > The use case is unclear to me. Would you be taking those devices along on travels and attempt connect through hotel or other public access points? If that is the case I would let the idea go. > > My LMS is running on a dedicated picore raspberry 4, the music is on a > Nas, accessed via NFS mount. > So I have a few questions: > Is it in theory possible, that somebody could create some kind of open > VPN client app, which one could install on the squeezebox touch and > radio itself? > In theory yes, but the first challenge would be to get the kernel modules > > If I open the LMS ports, so the touches can access LMS, what would I > risk? Would it be possible that somebody could delete all the music on > the NFS share? > If only the LMS itself would be at risk, I do not worry too much, > because I have a few back ups of the whole LMS system. > That will depend on whether the LMS user has write privileges to the share, which it will likely have to be able to store playlists. > > Would it be possible , that there would be some kind of Mac filter in > LMS, so only whitelisted devices could access the LMS in my home > network? > Not that I'm aware of, but this might be set up using iptables rules. The main problem here however is that as you will be traveling multiple routers the LMS machine will never actually see the originating MAC address. > > Please let me know if you have any other tips or insight regarding my > situation. > It is quite possible that your ISP provided internet router has some type of VPN capability, or you could replace it with one that has, or cascade one behind it. Provided you control the network on both ends of the connection you could then set up site-to-site VPN and not need to worry about individual devices. gordonb3's Profile: http://forums.slimdevices.com/member.php?userid=71050 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
It sounds you need a site-to-site VPN which can only really be achieved with a VPN capable device at both ends. You can't put any kind of VPN client onto a Touch etc. so it has to be achieved by networking methods. Some hi-end routers will do this e.g. Draytek Vigor where you can put together an IPsec VPN between the 2 networks. Alternatively some modern NAS's include openVPN but you need at both ends and some networking skills. If you go the NAS route then you do need to forward a single port from your router to the NAS it is secure but DO NOT port forward directly to your LMS - you will be hacked. I have a full LMS at a remote site connected by site-to-site VPN - a client here can connect to the remote LMS server simply by pointing it at the appropriate IP address - it won't do auto-discovery though. VB2.4[/B] STORAGE *QNAP TS419P (NFS) [B]Living Room* Joggler & Pi4/Khadas -> Onkyo TXNR686 -> Celestion F20s *Office* Joggler & Pi3 -> Denon RCD N8 -> Celestion F10s *Dining Room* SB Boom *Kitchen* UE Radio (upgraded to SB Radio) *Bedroom (Bedside)* Pi Zero+DAC ->ToppingTP21 ->AKG Headphones *Bedroom (TV) & Bathroom* SB Touch ->Denon AVR ->Mordaunt Short M10s + Kef ceiling speakers *Guest Room* Joggler > Topping Amp -> Wharfedale Modus Cubes Everything controlled by iPeng & Material on iOS d6jg's Profile: http://forums.slimdevices.com/member.php?userid=44051 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Is it in theory possible, that somebody could create some kind of open VPN client app, which one could install on the squeezebox touch and radio itself? I don't think it's reasonably possible. In particular the Radio doesn't have much slack when it comes to resources. You'd better set up a Pi0 or something to do the VPN gateway for you. If I open the LMS ports, so the touches can access LMS, what would I risk? https://forums.slimdevices.com/showthread.php?107165-IMPORTANT-Stop-forwarding-your-LMS-ports-to-the-internet! With earlier versions of LMS (well... up to 7.9!) attackers would often install my Image Viewer plugin to explore the system on which LMS was running. They could have written their own plugin (maybe somebody did) to not only show images of your family and what not, but browse all kinds of files your LMS has potentially access to. Or install a plugin which runs some malware. Really, don't do it. Would it be possible that somebody could delete all the music on the NFS share? If permissions of the LMS user allow to do so, of course. ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
I used to access my LMS remotely. But since I switched to running LMS on a Raspberry Pi, I just have a portable server that I take with me. Actually I have two: 1. A Pi3B running pCP/LMS connected to a 2Tb SSD drive and mounted in a case with a power on/off switch that uses a Pimoroni OnOff SHIM. 2 A Pi3B running pCP/LMS connected to a 2Tb spinning hard drive, also uses a Pimoroni OnOff SHIM. I have a power brick that works with this - gives me 10h mains-free server. This allows me to take a copy of my library with me when I travel and avoids the risks inherent in opening up my home network. They are also useful to have as a backup if something untoward happens to my main server (a Pi4 with files on a QNAP NAS). Robert *Home: *Raspberry Pi 4/pCP7.0/LMS8.0.1/Material with files on QNAP TS-251A Touch > DacMagic 100 > Naim Audio Nait 3 > Mission 752 (plus Rega Planar 3 > Rega Fono Mini; Naim CD3) 2 x Squeezebox Radios, 1 X Squeezebox 3 (retired), spare Pi2/piCorePlayer *Office:* LMS8.0.0 running on Raspberry Pi3; Raspberry Pi 3 player with touchscreen/piCorePlayer/IQaudIO DAC and Amp *Portable:* Raspberry Pi 3B/pCP6.1.0/LMS8.0.0/Material, files on Seagate portable drive, powered via power brick Grumpy Bob's Profile: http://forums.slimdevices.com/member.php?userid=41857 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
I used to access my LMS remotely. But since I switched to running LMS on a Raspberry Pi, I just have a portable server that I take with me. Actually I have two: 1. A Pi3B running pCP/LMS connected to a 2Tb SSD drive and mounted in a case with a power on/off switch that uses a Pimoroni OnOff SHIM. 2 A Pi3B running pCP/LMS connected to a 2Tb spinning hard drive, also uses a Pimoroni OnOff SHIM. I have a power brick that works with this - gives me 10h mains-free server. This allows me to take a copy of my library with me when I travel and avoids the risks inherent in opening up my home network. They are also useful to have as a backup if something untoward happens to my main server (a Pi4 with files on a QNAP NAS). Robert *Home: *Raspberry Pi 4/pCP7.0/LMS8.0.1/Material with files on QNAP TS-251A Touch > DacMagic 100 > Naim Audio Nait 3 > Mission 752 (plus Rega Planar 3 > Rega Fono Mini; Naim CD3) 2 x Squeezebox Radios, 1 X Squeezebox 3 (retired), spare Pi2/piCorePlayer *Office:* LMS8.0.0 running on Raspberry Pi3; Raspberry Pi 3 player with touchscreen/piCorePlayer/IQaudIO DAC and Amp *Portable:* Raspberry Pi 3B/pCP6.1.0/LMS8.0.0/Material, files on Seagate portable drive, powered via power brick Grumpy Bob's Profile: http://forums.slimdevices.com/member.php?userid=41857 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
[SlimDevices: SqueezeCenter] Remote access to LMS: VPN, Port Forwarding, any tips?
Dear forum members. I have been asking similar kinds of questions before: I have been able to use picoreplayer with open VPN to connect to my LMS at home, it is working very well. But I also have squeezebox touches and a Radio, on which open VPN is not possible. My LMS is running on a dedicated raspberry 4, the music is on a Nas, accessed via NFS mount. So I have a few questions: Is it in theory possible, that somebody could create some kind of open VPN client app, which one could install on the squeezebox touch and radio itself? If I open the LMS ports, so the touches can access LMS, what would I risk? Would it be possible that somebody could delete all the music on the NFS share? If only the LMS itself would be at risk, I do not worry too much, because I have a few back ups of the whole LMS system. Would it be possible , that there would be some kind of Mac filter in LMS, so only whitelisted devices could access the LMS in my home network? Please let me know if you have any other tips or insight regarding my situation. Thank you very much, Regards Pommes The Earth Has Music For Those Who Listen Pommes's Profile: http://forums.slimdevices.com/member.php?userid=67682 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
