Automatic Router Config issue

Post your questions about myQNAPcloud service here.
hielschf
New here
Posts: 3
Joined: Thu Aug 28, 2008 6:34 am
Contact:

Automatic Router Config issue

Postby hielschf » Mon Dec 16, 2013 7:10 am

NAS TS-439, FW 4.0.2; Router AVM FritzBox 7390 FW 5.50

Scenario:
I want to make my local LAN available through internet via OpenVPN and myQNAPCloud(only used as DDNS service).
I setup my VPN server and client, I allow UPNP (router setting) in router and NAS.
Everything works fine.
When i open the "automatic router config" panel I see the list of configured port forwardings "QTS, secure QTS, Webserver, secure Webserver, ... VPN".
I don't want to open services to internet outside the VPN so I uncheck all the forwardings except for VPN and then I click 'apply to router". NAS says success and a cross check in the router web interface shows only this one port forwarding is configured.

Observation:
When I open the myQNAPCloud tab again (after popup the Autom. Router Config area shows some "ongoing check" animation" the NAS seems to re-configure the router again and all activated services (webser, secure webserver...) get their own portforwarding again!
It is shown in the list of forwardings in NAS and router!

This is a security problem. I want all these services but only via VPN.

PS: if this issue is already known or there is a topis in this forum already: excuse me!

User avatar
pwilson
Guru
Posts: 22582
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: Automatic Router Config issue

Postby pwilson » Mon Dec 16, 2013 8:20 am

hielschf wrote:NAS TS-439, FW 4.0.2; Router AVM FritzBox 7390 FW 5.50

Scenario:
I want to make my local LAN available through internet via OpenVPN and myQNAPCloud(only used as DDNS service).
I setup my VPN server and client, I allow UPNP (router setting) in router and NAS.
Everything works fine.
When i open the "automatic router config" panel I see the list of configured port forwardings "QTS, secure QTS, Webserver, secure Webserver, ... VPN".
I don't want to open services to internet outside the VPN so I uncheck all the forwardings except for VPN and then I click 'apply to router". NAS says success and a cross check in the router web interface shows only this one port forwarding is configured.

Observation:
When I open the myQNAPCloud tab again (after popup the Autom. Router Config area shows some "ongoing check" animation" the NAS seems to re-configure the router again and all activated services (webser, secure webserver...) get their own portforwarding again!
It is shown in the list of forwardings in NAS and router!

This is a security problem. I want all these services but only via VPN.

PS: if this issue is already known or there is a topis in this forum already: excuse me!


So disable UPnP in your Router, and manually forward your unindentified VPN manually in the Router. Security issue solved - Permanently.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.

hielschf
New here
Posts: 3
Joined: Thu Aug 28, 2008 6:34 am
Contact:

Re: Automatic Router Config issue

Postby hielschf » Mon Dec 16, 2013 8:37 am

hmmm.... I agree. And if I remove the ethernet cable from the router *all* security issues are solved ...

I mention that a offered feature/function is not working correctly maybe. Is QNAP aware of it? And I share my findings with other users...

User avatar
pwilson
Guru
Posts: 22582
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: Automatic Router Config issue

Postby pwilson » Mon Dec 16, 2013 8:57 am

hielschf wrote:hmmm.... I agree. And if I remove the ethernet cable from the router *all* security issues are solved ...

I mention that a offered feature/function is not working correctly maybe. Is QNAP aware of it? And I share my findings with other users...


I have no idea is QNAP is aware of it or not, perhaps you should ask them. (I, like you, view UPnP as a security issue, so I deliberately disable it in my Router, just as I suggested to you in my last message).

UPnP security is non-existent. UPnP requests from inside your network will be honoured at the Router (if UPnP is enabled), whether the request came from you or not. Many malware programs, such as keyloggers and password stealers will attempt to force UPnP connections through your Router to deliver your data to somewhere in the cloud, where the hacker can access it.

Once UPnP is disabled in the Router, this issue is resolved. Continue to leave UPnP enabled on your other devices, so that network discovery etc works as expected. Disabling UPnP at the router will still allow discovery within your network, it simply won't permit UPnP initiated Port-Forwarding at the Router.

There are a large number of Routers that that will even permit UPnP to be initiated from the WAN side of the Router, and this is completely insecure. :shock: Google the subject of "UPnP insecurities", it will complete your education on the subject.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.

User avatar
schumaku
Guru
Posts: 43596
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Automatic Router Config issue

Postby schumaku » Tue Dec 17, 2013 1:51 am

Update to the current Firmware for your NAS model 4.0.5 - if the issue persists, chime back....

Sent from my Nexus 5 using Tapatalk


Return to “myQNAPcloud service”

Who is online

Users browsing this forum: No registered users and 2 guests