QNAP NAS Community Forum

I've just starting playing around with QVR Pro and have a camera set up and working over QVR Pro Client. (Both on my Mac desktop and on my iPhone). It works brilliantly over local network and saves me buying an expensive NVR!

My question is about securely accessing video feeds from outside my network. It appears that logging into QVR from the client is done via the front door of the NAS. i.e. via port 8080 on its primary IP. I don't currently have my NAS exposed to the Internet at all and I don't like the idea that opening up the QVR exposes the same endpoints as the main QTS.

What I'm after perhaps takes the form of a dedicated port I can forward on my router which only accesses QVR and ideally has separate credentials. Is this possible? I'm open to ideas. It needs to be secure, but also not attract attention from brute force password attackers.

I looked briefly at QVR Center which offers separate login credentials from the main NAS (which is good) but these users can't log in from the QVR Pro Client (unless I'm missing something) and I don't see a way to provide remote feeds without accessing QVR directly.

I have a TS-251 running firmware 4.4.3.1354 with all QVR software up to date.

Help/suggestions appreciated. Thanks!

dont forward any ports..use a vpn (server on router or firewall)

Thanks for the suggestion. I've never set up a VPN before. I'll look into it.

Quick update to say that this worked well.

I configured QVPN on the NAS and forwarded an arbitrary port on the router for OpenVPN. Connecting from my iPhone was easy using OpenVPN Connect app.

My NAS's private IP is on 192.168.0.* and the VPN client was assigned 10.8.0.X but to my surprise I was able to connect to NAS services (including QVR) simply by accessing 10.8.0.1.

So I guess this is as secure as OpenVPN and my chosen password. Unless anyone has any comments I think this solves my issue very well.

would have been better on firewall or router (as advised)

qnap always trails behind in security updates...and you shouldn't forward any ports to your nas

but certainly muuuch safer than exposing any other nas services

My router has no such option.

then a new router might be an idea

I need to justify the cost and hassle of a new router. What's the case for it? What's your concern about forwarding a port for VPN and running it on the NAS?

as said ..trying to keep all direct traffic away from the nas (qnap does not update openssl often ..if there is an exploit..you might wait a long time)

also the vpn tunnel(s) will use some cpu cycles ..even with aes acceleration on the cpu, making your nas a bit slower

Wireguard on a Raspberry Pi is a cost effective solution.