Is there a secure way to access the receiver remotely over the Internet?

[point17]

I've seen messages on another PVR forum saying that it is unsafe to expose your receiver to the internet but I want to find out if this applies to OpenVix too.

What I'd like to do is access the receiver over the internet when I'm away from home. For example, to stream recordings or to set timers. I can do these operations using OpenWebIF from a laptop on my home network but I'd like to do it from the laptop when I'm away from home. Is there a safe way of doing this?

I think OpenWebIF uses Basic authorisation which I'm guessing is insufficiently secure for that purpose. But would using it over a VPN be secure?

Any thoughts much appreciated.

Thanks,
Dan

[Morini]

I've seen messages on another PVR forum saying that it is unsafe to expose your receiver to the internet but I want to find out if this applies to OpenVix too.

What I'd like to do is access the receiver over the internet when I'm away from home. For example, to stream recordings or to set timers. I can do these operations using OpenWebIF from a laptop on my home network but I'd like to do it from the laptop when I'm away from home. Is there a safe way of doing this?

I think OpenWebIF uses Basic authorisation which I'm guessing is insufficiently secure for that purpose. But would using it over a VPN be secure?

Dan

Personally, my thinking is exposing your receiver to the internet is no more insecure than exposing any other web server / service on your network (and I expose quite a few services for home automation purposes). In my case I keep everything behind a reverse proxy and only expose services over TLS. I do not expose anything clear text and my haproxy terminates the TLS along with managing automatic certificate renewal. Additionally any servers which expose anything to the outside world are kept on a separate VLAN and firewalled off from my main network. This includes my E2 boxes.

Provided you use some common sense and take the obvious precautions then I'd say don't stress about it. A good router / firewall helps, I am a long time OPNsense user and wouldn't hesitate in recommending it as it is very flexible and user friendly.

[Trial]

Hi,
most router have VPN abilities and a lot already WireGuard. So create a VPN tunnel and it is quite secure.

Ralf

[point17]

Thanks. Sounds like I can do it but there's a fair bit I would have to do to tighten things up before proceeding. Do you install OPNsense on the E2 boxes, or on your servers, or on the router, or on some combination of these?

Dan

Personally, my thinking is exposing your receiver to the internet is no more insecure than exposing any other web server / service on your network (and I expose quite a few services for home automation purposes). In my case I keep everything behind a reverse proxy and only expose services over TLS. I do not expose anything clear text and my haproxy terminates the TLS along with managing automatic certificate renewal. Additionally any servers which expose anything to the outside world are kept on a separate VLAN and firewalled off from my main network. This includes my E2 boxes.

Provided you use some common sense and take the obvious precautions then I'd say don't stress about it. A good router / firewall helps, I am a long time OPNsense user and wouldn't hesitate in recommending it as it is very flexible and user friendly.

[Morini]

Do you install OPNsense on the E2 boxes, or on your servers, or on the router, or on some combination of these?

Dan

OPNsense takes on the role of (replaces) your router, but it can be a lot more besides. It will run on just about any old pc for the purposes of trying it out (providing it has more than one network interface). You can even run it a vm, I did that myself for a while and whilst it worked perfectly fine there are too many disadvantages running routers virtualised. Dedicated hardware is better in the long run.

If you have any old PC hardware lying around then that is the quickest and easiest way forward. There are small multi NIC mini PC's available very cheaply on aliexpress or ebay and these make great opnsense boxes. I won't post links because I don't think it is allowed.

As pointed out you could also consider accessing your E2 boxes via a VPN. Opnsense supports both openVPN and wireguard, so setting that up is quite easy should you decide to take that path.