After playing with the excellent iOS App, I am looking at options for allow access to my server when outside of the local network.
From a security and paranoia standpoint, I'm very reluctant to simply use port forwarding to open port 8866 to the outside world as I do not believe there is any encryption of passwords or data, prevention of brute forcing passwords etc. (as Sub has previously mentioned, the web server is not hardened or designed for access outside of the local LAN).
I'm currently looking at the option of installing an OpenVPN server on my NPVR box and using the iOS client to establish a secure VPN connection before launching the NextPVR App.
Has anyone else tried a similar configuration? If not, I'd be more than happy to put some documentation together.
I use Hotspot Shield on my NPVR box so I'd be willing to test it out if you could guide me on how to find the server once I have engaged the VPN.
Jim
W3bbo Wrote:From a security and paranoia standpoint, I'm very reluctant to simply use port forwarding to open port 8866 to the outside world as I do not believe there is any encryption of passwords or data, prevention of brute forcing passwords etc. (as Sub has previously mentioned, the web server is not hardened or designed for access outside of the local LAN).
It doesn't do anything knowingly unsecure. It doesn't transmit unencrypted passwords across the internet etc, and tries to follow standard security practice...but I haven't spent a lot of time focusing on security aspects of the web server, and I've also not looked at all the lines of code in NEWA, so I can't be 100% sure it's good for exposing publicly on the Internet.
If you were going to expose it anyway, at the very least I'd recommend changing the port number and the default pin.
I did this for awhile, but I never could get any VPN server working correctly on my setup for very long. That said, when it worked, it did work well. In theory once you're done you won't need to do anything special. Your iOS device will be on your local internal network and should discover the NPVR server with no problem.
After enjoying NextPVR at home for years, I'm trying to take the great iOS App on the road. I'm trying to set up secure remote access.
App version is 2.1(build 19); Server is v5.2.6
I'm using the app on an iPhone 13, connecting to my network using Wireguard VPN (1.0.15 client app). The app finds the server (running on Raspberry Pi 4), displays the channels, and starts to play. I see the picture start and I hear some audio. It's choppy/freezes. It plays maybe a second or two, then (I'm assuming) buffers and plays a second or two more.
I've tried direct play both on and off in the app. I have the video bitrate to the lowest setting (360p-500kbps). My measured upload internet speed on the server side is approx 3.5Mbit/s. My network is all wired network connections. All tuners are idle during this. My VPN works fine for other things (e.g. network browsing, file transfers). I'm able to stream 480x208 px mp4 files beautifully.
I'll try to pull out some things noted in lengthy logs. In the client VPN log, I notice "UDP bind has been updated." I see "utun3." On my Wireguard VPN server, I notice "persistent keepalive: every 25 seconds."
I would appreciate any suggestions/help! If nothing else, perhaps a feature request to pipe sound only or lower resolutions to use less bandwidth?
Thanks!
Sorry, just had another thought. I logged in from the web client over the vpn. I tried playing a live channel as well as a recorded video and neither even start to play. It appears that it thinks it's playing (ie. the pause button shows). But neither plays.
(2022-03-27, 04:19 PM)HGset Wrote: [ -> ]I've tried direct play both on and off in the app. I have the video bitrate to the lowest setting (360p-500kbps). My measured upload internet speed on the server side is approx 3.5Mbit/s. My network is all wired network connections. All tuners are idle during this. My VPN works fine for other things (e.g. network browsing, file transfers). I'm able to stream 480x208 px mp4 files beautifully.
I'll try to pull out some things noted in lengthy logs. In the client VPN log, I notice "UDP bind has been updated." I see "utun3." On my Wireguard VPN server, I notice "persistent keepalive: every 25 seconds."
Honestly, it just sounds like it's not managing to keep up.
In the iOS app, you'd need to make sure DirectPlay is disabled, and the resolution is fairly low. You'd also need a server with fast enough CPU to be able to transcode in real time.
Otherwise, we'd probably need to see some logs, so we can hopefully see ffmpeg transcode speed log messages.