I've just starting playing around with QVR Pro and have a camera set up and working over QVR Pro Client. (Both on my Mac desktop and on my iPhone). It works brilliantly over local network and saves me buying an expensive NVR!
My question is about securely accessing video feeds from outside my network. It appears that logging into QVR from the client is done via the front door of the NAS. i.e. via port 8080 on its primary IP. I don't currently have my NAS exposed to the Internet at all and I don't like the idea that opening up the QVR exposes the same endpoints as the main QTS.
What I'm after perhaps takes the form of a dedicated port I can forward on my router which only accesses QVR and ideally has separate credentials. Is this possible? I'm open to ideas. It needs to be secure, but also not attract attention from brute force password attackers.
I looked briefly at QVR Center which offers separate login credentials from the main NAS (which is good) but these users can't log in from the QVR Pro Client (unless I'm missing something) and I don't see a way to provide remote feeds without accessing QVR directly.
I have a TS-251 running firmware 4.4.3.1354 with all QVR software up to date.
Help/suggestions appreciated. Thanks!
Secure way to access feeds remotely
-
- Starting out
- Posts: 35
- Joined: Thu Nov 05, 2015 5:58 pm
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Secure way to access feeds remotely
dont forward any ports..use a vpn (server on router or firewall)
-
- Starting out
- Posts: 35
- Joined: Thu Nov 05, 2015 5:58 pm
Re: Secure way to access feeds remotely
Thanks for the suggestion. I've never set up a VPN before. I'll look into it.
TS-251
-
- Starting out
- Posts: 35
- Joined: Thu Nov 05, 2015 5:58 pm
Re: Secure way to access feeds remotely
Quick update to say that this worked well.
I configured QVPN on the NAS and forwarded an arbitrary port on the router for OpenVPN. Connecting from my iPhone was easy using OpenVPN Connect app.
My NAS's private IP is on 192.168.0.* and the VPN client was assigned 10.8.0.X but to my surprise I was able to connect to NAS services (including QVR) simply by accessing 10.8.0.1.
So I guess this is as secure as OpenVPN and my chosen password. Unless anyone has any comments I think this solves my issue very well.
I configured QVPN on the NAS and forwarded an arbitrary port on the router for OpenVPN. Connecting from my iPhone was easy using OpenVPN Connect app.
My NAS's private IP is on 192.168.0.* and the VPN client was assigned 10.8.0.X but to my surprise I was able to connect to NAS services (including QVR) simply by accessing 10.8.0.1.
So I guess this is as secure as OpenVPN and my chosen password. Unless anyone has any comments I think this solves my issue very well.
TS-251
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Secure way to access feeds remotely
would have been better on firewall or router (as advised)
qnap always trails behind in security updates...and you shouldn't forward any ports to your nas
but certainly muuuch safer than exposing any other nas services
qnap always trails behind in security updates...and you shouldn't forward any ports to your nas
but certainly muuuch safer than exposing any other nas services
-
- Starting out
- Posts: 35
- Joined: Thu Nov 05, 2015 5:58 pm
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Secure way to access feeds remotely
then a new router might be an idea
-
- Starting out
- Posts: 35
- Joined: Thu Nov 05, 2015 5:58 pm
Re: Secure way to access feeds remotely
I need to justify the cost and hassle of a new router. What's the case for it? What's your concern about forwarding a port for VPN and running it on the NAS?
TS-251
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Secure way to access feeds remotely
as said ..trying to keep all direct traffic away from the nas (qnap does not update openssl often ..if there is an exploit..you might wait a long time)
also the vpn tunnel(s) will use some cpu cycles ..even with aes acceleration on the cpu, making your nas a bit slower
also the vpn tunnel(s) will use some cpu cycles ..even with aes acceleration on the cpu, making your nas a bit slower
- spile
- Been there, done that
- Posts: 641
- Joined: Tue May 24, 2016 12:13 am
Re: Secure way to access feeds remotely
Wireguard on a Raspberry Pi is a cost effective solution.