Secure way to access feeds remotely

QVR Pro, QVR Pro Client, QVR Center and Surveillance Station
Post Reply
timwhitlock
Starting out
Posts: 33
Joined: Thu Nov 05, 2015 5:58 pm

Secure way to access feeds remotely

Post by timwhitlock » Fri Jul 10, 2020 9:24 pm

I've just starting playing around with QVR Pro and have a camera set up and working over QVR Pro Client. (Both on my Mac desktop and on my iPhone). It works brilliantly over local network and saves me buying an expensive NVR!

My question is about securely accessing video feeds from outside my network. It appears that logging into QVR from the client is done via the front door of the NAS. i.e. via port 8080 on its primary IP. I don't currently have my NAS exposed to the Internet at all and I don't like the idea that opening up the QVR exposes the same endpoints as the main QTS.

What I'm after perhaps takes the form of a dedicated port I can forward on my router which only accesses QVR and ideally has separate credentials. Is this possible? I'm open to ideas. It needs to be secure, but also not attract attention from brute force password attackers.

I looked briefly at QVR Center which offers separate login credentials from the main NAS (which is good) but these users can't log in from the QVR Pro Client (unless I'm missing something) and I don't see a way to provide remote feeds without accessing QVR directly.

I have a TS-251 running firmware 4.4.3.1354 with all QVR software up to date.

Help/suggestions appreciated. Thanks!

dolbyman
Guru
Posts: 19691
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Secure way to access feeds remotely

Post by dolbyman » Fri Jul 10, 2020 9:33 pm

dont forward any ports..use a vpn (server on router or firewall)

timwhitlock
Starting out
Posts: 33
Joined: Thu Nov 05, 2015 5:58 pm

Re: Secure way to access feeds remotely

Post by timwhitlock » Fri Jul 10, 2020 10:12 pm

Thanks for the suggestion. I've never set up a VPN before. I'll look into it.
TS-251

timwhitlock
Starting out
Posts: 33
Joined: Thu Nov 05, 2015 5:58 pm

Re: Secure way to access feeds remotely

Post by timwhitlock » Sat Jul 11, 2020 11:51 pm

Quick update to say that this worked well.

I configured QVPN on the NAS and forwarded an arbitrary port on the router for OpenVPN. Connecting from my iPhone was easy using OpenVPN Connect app.

My NAS's private IP is on 192.168.0.* and the VPN client was assigned 10.8.0.X but to my surprise I was able to connect to NAS services (including QVR) simply by accessing 10.8.0.1.

So I guess this is as secure as OpenVPN and my chosen password. Unless anyone has any comments I think this solves my issue very well.
TS-251

dolbyman
Guru
Posts: 19691
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Secure way to access feeds remotely

Post by dolbyman » Sun Jul 12, 2020 12:08 am

would have been better on firewall or router (as advised)

qnap always trails behind in security updates...and you shouldn't forward any ports to your nas

but certainly muuuch safer than exposing any other nas services

timwhitlock
Starting out
Posts: 33
Joined: Thu Nov 05, 2015 5:58 pm

Re: Secure way to access feeds remotely

Post by timwhitlock » Sun Jul 12, 2020 2:23 am

My router has no such option.
TS-251

dolbyman
Guru
Posts: 19691
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Secure way to access feeds remotely

Post by dolbyman » Sun Jul 12, 2020 5:34 am

then a new router might be an idea :)

timwhitlock
Starting out
Posts: 33
Joined: Thu Nov 05, 2015 5:58 pm

Re: Secure way to access feeds remotely

Post by timwhitlock » Sun Jul 12, 2020 4:36 pm

I need to justify the cost and hassle of a new router. What's the case for it? What's your concern about forwarding a port for VPN and running it on the NAS?
TS-251

dolbyman
Guru
Posts: 19691
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Secure way to access feeds remotely

Post by dolbyman » Sun Jul 12, 2020 9:29 pm

as said ..trying to keep all direct traffic away from the nas (qnap does not update openssl often ..if there is an exploit..you might wait a long time)

also the vpn tunnel(s) will use some cpu cycles ..even with aes acceleration on the cpu, making your nas a bit slower

spile
Know my way around
Posts: 143
Joined: Tue May 24, 2016 12:13 am

Re: Secure way to access feeds remotely

Post by spile » Wed Jul 15, 2020 5:06 am

Wireguard on a Raspberry Pi is a cost effective solution.

Post Reply

Return to “Surveillance Solution”