Secure way to access feeds remotely

QVR Pro, QVR Pro Client, QVR Center and Surveillance Station
Post Reply
timwhitlock
Starting out
Posts: 35
Joined: Thu Nov 05, 2015 5:58 pm

Secure way to access feeds remotely

Post by timwhitlock »

I've just starting playing around with QVR Pro and have a camera set up and working over QVR Pro Client. (Both on my Mac desktop and on my iPhone). It works brilliantly over local network and saves me buying an expensive NVR!

My question is about securely accessing video feeds from outside my network. It appears that logging into QVR from the client is done via the front door of the NAS. i.e. via port 8080 on its primary IP. I don't currently have my NAS exposed to the Internet at all and I don't like the idea that opening up the QVR exposes the same endpoints as the main QTS.

What I'm after perhaps takes the form of a dedicated port I can forward on my router which only accesses QVR and ideally has separate credentials. Is this possible? I'm open to ideas. It needs to be secure, but also not attract attention from brute force password attackers.

I looked briefly at QVR Center which offers separate login credentials from the main NAS (which is good) but these users can't log in from the QVR Pro Client (unless I'm missing something) and I don't see a way to provide remote feeds without accessing QVR directly.

I have a TS-251 running firmware 4.4.3.1354 with all QVR software up to date.

Help/suggestions appreciated. Thanks!
User avatar
dolbyman
Guru
Posts: 35021
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Secure way to access feeds remotely

Post by dolbyman »

dont forward any ports..use a vpn (server on router or firewall)
timwhitlock
Starting out
Posts: 35
Joined: Thu Nov 05, 2015 5:58 pm

Re: Secure way to access feeds remotely

Post by timwhitlock »

Thanks for the suggestion. I've never set up a VPN before. I'll look into it.
TS-251
timwhitlock
Starting out
Posts: 35
Joined: Thu Nov 05, 2015 5:58 pm

Re: Secure way to access feeds remotely

Post by timwhitlock »

Quick update to say that this worked well.

I configured QVPN on the NAS and forwarded an arbitrary port on the router for OpenVPN. Connecting from my iPhone was easy using OpenVPN Connect app.

My NAS's private IP is on 192.168.0.* and the VPN client was assigned 10.8.0.X but to my surprise I was able to connect to NAS services (including QVR) simply by accessing 10.8.0.1.

So I guess this is as secure as OpenVPN and my chosen password. Unless anyone has any comments I think this solves my issue very well.
TS-251
User avatar
dolbyman
Guru
Posts: 35021
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Secure way to access feeds remotely

Post by dolbyman »

would have been better on firewall or router (as advised)

qnap always trails behind in security updates...and you shouldn't forward any ports to your nas

but certainly muuuch safer than exposing any other nas services
timwhitlock
Starting out
Posts: 35
Joined: Thu Nov 05, 2015 5:58 pm

Re: Secure way to access feeds remotely

Post by timwhitlock »

My router has no such option.
TS-251
User avatar
dolbyman
Guru
Posts: 35021
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Secure way to access feeds remotely

Post by dolbyman »

then a new router might be an idea :)
timwhitlock
Starting out
Posts: 35
Joined: Thu Nov 05, 2015 5:58 pm

Re: Secure way to access feeds remotely

Post by timwhitlock »

I need to justify the cost and hassle of a new router. What's the case for it? What's your concern about forwarding a port for VPN and running it on the NAS?
TS-251
User avatar
dolbyman
Guru
Posts: 35021
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Secure way to access feeds remotely

Post by dolbyman »

as said ..trying to keep all direct traffic away from the nas (qnap does not update openssl often ..if there is an exploit..you might wait a long time)

also the vpn tunnel(s) will use some cpu cycles ..even with aes acceleration on the cpu, making your nas a bit slower
User avatar
spile
Been there, done that
Posts: 637
Joined: Tue May 24, 2016 12:13 am

Re: Secure way to access feeds remotely

Post by spile »

Wireguard on a Raspberry Pi is a cost effective solution.
Post Reply

Return to “Surveillance Solution”