NAS TS-439, FW 4.0.2; Router AVM FritzBox 7390 FW 5.50
Scenario:
I want to make my local LAN available through internet via OpenVPN and myQNAPCloud(only used as DDNS service).
I setup my VPN server and client, I allow UPNP (router setting) in router and NAS.
Everything works fine.
When i open the "automatic router config" panel I see the list of configured port forwardings "QTS, secure QTS, Webserver, secure Webserver, ... VPN".
I don't want to open services to internet outside the VPN so I uncheck all the forwardings except for VPN and then I click 'apply to router". NAS says success and a cross check in the router web interface shows only this one port forwarding is configured.
Observation:
When I open the myQNAPCloud tab again (after popup the Autom. Router Config area shows some "ongoing check" animation" the NAS seems to re-configure the router again and all activated services (webser, secure webserver...) get their own portforwarding again!
It is shown in the list of forwardings in NAS and router!
This is a security problem. I want all these services but only via VPN.
PS: if this issue is already known or there is a topis in this forum already: excuse me!
Automatic Router Config issue
-
- New here
- Posts: 3
- Joined: Thu Aug 28, 2008 6:34 am
- Contact:
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: Automatic Router Config issue
So disable UPnP in your Router, and manually forward your unindentified VPN manually in the Router. Security issue solved - Permanently.hielschf wrote:NAS TS-439, FW 4.0.2; Router AVM FritzBox 7390 FW 5.50
Scenario:
I want to make my local LAN available through internet via OpenVPN and myQNAPCloud(only used as DDNS service).
I setup my VPN server and client, I allow UPNP (router setting) in router and NAS.
Everything works fine.
When i open the "automatic router config" panel I see the list of configured port forwardings "QTS, secure QTS, Webserver, secure Webserver, ... VPN".
I don't want to open services to internet outside the VPN so I uncheck all the forwardings except for VPN and then I click 'apply to router". NAS says success and a cross check in the router web interface shows only this one port forwarding is configured.
Observation:
When I open the myQNAPCloud tab again (after popup the Autom. Router Config area shows some "ongoing check" animation" the NAS seems to re-configure the router again and all activated services (webser, secure webserver...) get their own portforwarding again!
It is shown in the list of forwardings in NAS and router!
This is a security problem. I want all these services but only via VPN.
PS: if this issue is already known or there is a topis in this forum already: excuse me!
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
-
- New here
- Posts: 3
- Joined: Thu Aug 28, 2008 6:34 am
- Contact:
Re: Automatic Router Config issue
hmmm.... I agree. And if I remove the ethernet cable from the router *all* security issues are solved ...
I mention that a offered feature/function is not working correctly maybe. Is QNAP aware of it? And I share my findings with other users...
I mention that a offered feature/function is not working correctly maybe. Is QNAP aware of it? And I share my findings with other users...
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: Automatic Router Config issue
I have no idea is QNAP is aware of it or not, perhaps you should ask them. (I, like you, view UPnP as a security issue, so I deliberately disable it in my Router, just as I suggested to you in my last message).hielschf wrote:hmmm.... I agree. And if I remove the ethernet cable from the router *all* security issues are solved ...
I mention that a offered feature/function is not working correctly maybe. Is QNAP aware of it? And I share my findings with other users...
UPnP security is non-existent. UPnP requests from inside your network will be honoured at the Router (if UPnP is enabled), whether the request came from you or not. Many malware programs, such as keyloggers and password stealers will attempt to force UPnP connections through your Router to deliver your data to somewhere in the cloud, where the hacker can access it.
Once UPnP is disabled in the Router, this issue is resolved. Continue to leave UPnP enabled on your other devices, so that network discovery etc works as expected. Disabling UPnP at the router will still allow discovery within your network, it simply won't permit UPnP initiated Port-Forwarding at the Router.
There are a large number of Routers that that will even permit UPnP to be initiated from the WAN side of the Router, and this is completely insecure. Google the subject of "UPnP insecurities", it will complete your education on the subject.
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Automatic Router Config issue
Update to the current Firmware for your NAS model 4.0.5 - if the issue persists, chime back....
Sent from my Nexus 5 using Tapatalk
Sent from my Nexus 5 using Tapatalk