Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
I'm just using a AVM Fritz box and built in vpn of apple and Android. Then Squeeze Cntrl for controlling and the SB player (android) as player. Easy setup via fritz box wizard. *SqueezeBoxes:* 2x SB2 (Living room and study), 1x Radio (Kitchen), 1x Boom (Dining room), 1x piCorePlayer (jacuzzi), 1x piCorePlayer (Garden) 1x OSMC + Squeezelite (Movie room), 1x Touch (Bedroom) *Server:* LMS on Pi3 7.9.1. on PcP 3.21 *Network:* AVM Fritzbox, D-Link Smart Switch 24p, 3x Ubiquity edwin2006's Profile: http://forums.slimdevices.com/member.php?userid=66926 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
Jeff07971 wrote: > I don't get this, how do you get your router to forward the VPN > connection from clients on the internet to the Pi without configuring > the router to do so ?Yes, UDP1194 will need to be forwarded to the RPi VPN. > But other ports can be closed. My reference to configuring the router was really referring to setting up the VPN server on the router - which I have spent many fruitless hours on and I wouldn't recommend. The Rpi/Dietpi/PiVPN method was a 'walk in the park' in comparison. Sent from my SM-N9005 using Tapatalk kingswindsor's Profile: http://forums.slimdevices.com/member.php?userid=61926 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
Jeff07971 wrote: > I don't get this, how do you get your router to forward the VPN > connection from clients on the internet to the Pi without configuring > the router to do so ? kingswindsor wrote: > > /snip > and close down the* insecure open ports* on your router and > \snap > You'l need to open/forward UDP 1194 Since all your traffic stop on the forwarded device - its not that unsecure (you need to update the OS VPN permanently) like a poor port forwarding.. DJanGo's Profile: http://forums.slimdevices.com/member.php?userid=1516 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
> No need to configure a router or subscribe to a VPN service I don't get this, how do you get your router to forward the VPN connection from clients on the internet to the Pi without configuring the router to do so ? *Players:* SliMP3,Squeezebox3 x3,Receiver,SqueezePlayer,PiCorePlayer x3,Wandboard *Server:* LMS Version: 7.9.1 - 1503129892 on Centos 7 VM on ESXi 6.5.0U1 on Dell T320 *Plugins:* AutoRescan/BBCiPlayer/PowerSave/PowerSwitchIII/Squeezecloud *Remotes:* iPeng8/Orangesqueeze/PC/Jivelite *Music:* 383GB,1269 albums 17756 songs 4381 artists mostly FLACs *Want a webapp ?* See http://forums.slimdevices.com/showthread.php?104305-Webapp-for-LMS Jeff07971's Profile: http://forums.slimdevices.com/member.php?userid=49290 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
For those, like me, that have been troubled by this, I have found an easy and cheap way to set up a VPN. No need to configure a router or subscribe to a VPN service - just use a spare Raspberry Pi and use DietPi to install PiVPN. PiVPN leads you through a list of simple questions to complete the VPN configuration and create certificates. Then all that is left is to install OpenVPN on the clients, and close down the insecure open ports on your router and set up a dynamic DNS. The most difficult part is getting the certificates onto the iPhones and iPads via iTunes because of Apple's peculiarities. Now I have it set up, I can stream from LMS, Plex, BBC iPlayer and use wifi hotspots safely. It's been on 24/7 and it just works, no problem at all. If anyone would like some more detailed advice please let me know and I can write something up. But I just wanted to spread the word about how easy it was because of the combination of RPi, DietPi and PiVPN (even if it is strictly off topic!) Sent from my SM-N9005 using Tapatalk kingswindsor's Profile: http://forums.slimdevices.com/member.php?userid=61926 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
Thanks stereoptic's Profile: http://forums.slimdevices.com/member.php?userid=53162 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
stereoptic wrote: > I've removed my forwarding quite some time ago and just use VPN if I > need to access LMS. > > Although I don't intend to do so, how safe is it to limit the port > forwarding and use the option "Block Incoming Connections" and set a > specific IP Address in the "Allowed IP Addresses" field? > Can someone spoof the IP address and then gain access? Not very safe and yes they can. You would also have to be connecting from a fixed IP for it to be of any benefit. If you must do it this way then you are better off setting your port forwarding to be limited to a single connecting IP - if your router allows this. Leaving the IP based security to LMS is not a good idea. The router port forwarding by IP is better. A VPN is better still. This is where having a high spec router scores massively over the crap that ISPs give away and it is cheap and nasty crap. *Pi3 with piCoreplayer music on QNAP TS419p via NFS* iThingys/iPeng/Tablets/Jogglers *Living Room* - Joggler & SB3 -> Onkyo TS606 - > Celestion Ditton F20s *Office* - Pi -> Sony TA FE320 -> Celestion F10s / Pi & SB3 -> Onkyo CRN 755 -> Wharfedale Modus Cubes *Dining Room* -> SB Boom *Kitchen* -> UE Radio (upgraded to SB Radio) *Bedroom (Bedside)* - SB Touch -> Topping TP21 -> AKG Headphones d6jg's Profile: http://forums.slimdevices.com/member.php?userid=44051 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
I've removed my forwarding quite some time ago and just use VPN if I need to access LMS. Although I don't intend to do so, how safe is it to limit the port forwarding and use the option "Block Incoming Connections" and set a specific IP Address in the "Allowed IP Addresses" field? Can someone spoof the IP address and then gain access? stereoptic's Profile: http://forums.slimdevices.com/member.php?userid=53162 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
mherger wrote: > > OK, well I know I haven't done anything with the router to do that, > so > > hopefully it's not there automatically for some stupid reason. But I > > The IP address from which you're posting seems to be good. > > -- > > Michael Ok cool. Always a relief to know your butt isn't exposed by default! rayman1701's Profile: http://forums.slimdevices.com/member.php?userid=41326 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
OK, well I know I haven't done anything with the router to do that, so hopefully it's not there automatically for some stupid reason. But I The IP address from which you're posting seems to be good. -- Michael ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
This should be sticky. I talked to some people at a concert last week who have some kind of home streaming to their phones ( Not LMS ). I asked them about VPN, nope just made a hole. Like they saw a youtube video on how to do it. SMH. 2 Duets controllers, 1 X Boom, 1 X Radio 1 X Receiver + Audioengine A5 1 X Receiver + Yamaha RX-A2000, Polk M70 1 X Receiver + Boston MicroSystem CD Raspberry Pi 2 B, HiFiBerry Dac+ & Max2play Nexus 7 w/ Squeeze Ctrl ReadyNAS 516 LMS 7.9 mark wollschlager's Profile: http://forums.slimdevices.com/member.php?userid=22302 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
Having looked for myself, I was incredibly shocked as to how widespread the problem is. I couldn't really believe people would do that. Blame iPeng's popularity... many use iPeng to stream from their home while on the road, at the office etc. And from the feedback I've had so far many still thought opening ports was _required_. Often one would have said "you need to open port 9000 on your server's firewall to make it accessible for the players" and users went and opened port 9000 on their routers. -- Michael ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
mherger wrote: > > See my related posting: > Michael Yep - that post was top of mind for me when I posted this. Having looked for myself, I was incredibly shocked as to how widespread the problem is. I couldn't really believe people would do that. I naively thought the level of knowledge required to open relevant router ports would consequently limit it to people who know not to do it in the first place! s2kiwi's Profile: http://forums.slimdevices.com/member.php?userid=63950 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
Re: [SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
I was doing some basic checking on the security of my own system and I was completely shocked to see how many people have opened their squeezebox web front end to the internet. Oh... I see where your map is coming from :-). See my related posting: http://forums.slimdevices.com/showthread.php?107165-IMPORTANT-Stop-forwarding-your-LMS-ports-to-the-internet! - a lot of those are controllable by anyone on the web!)- And they are being exploited. We've had numerous reports about the kind of abuse described in my posting. -- Michael ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter
[SlimDevices: SqueezeCenter] Security reminder! Don't open your Squeezebox up to the internet.
Hi all, I was doing some basic checking on the security of my own system and I was completely shocked to see how many people have opened their squeezebox web front end to the internet. If this is you, please turn this off ASAP. This is a major security hole (at a minimum I'm sure you wouldn't appreciate someone turning your system on full volume at 3am). -(and it you think people aren't really doing this, then 'here's the scale of it' (http://forums.slimdevices.com/showthread.php?107861-interesting-map-of-squeezebox-users) - a lot of those are controllable by anyone on the web!)- s2kiwi's Profile: http://forums.slimdevices.com/member.php?userid=63950 View this thread: http://forums.slimdevices.com/showthread.php?t=107862 ___ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter