MaxRobs 1 Posted March 9, 2022 Posted March 9, 2022 (edited) I was looking to get secure remote connection but dealing with security certificates just seemed a bit too much. So here's my approach to get secure remote connection by setting up a local VPN server on host. (Read downsides and upsides at the end of the post to see if this method will work for you) Step 1: Get a DDNS to automatically update your IP. Go to https://www.noip.com/, sign up and confirm your email. Login and setup a username. https://my.noip.com/account Setup a host name incase you didn’t do it at the signup page. https://my.noip.com/dynamic-dns Download their update client from https://www.noip.com/download, log in and choose the host name for updating Step 2: Setting up Wireguard Server Install WireGuard. https://www.wireguard.com/install/ Go to https://www.wireguardconfig.com/ Make the following edits, Number of clients depending on the number of devices you wish to access the server. (You can choose more than you need) CIDR to 192.168.200.0/24 Client Allowed IPs to 192.168.1.0/24 (This is so that only the local network requests are passed on the server) Endpoint to the name of hostname you made. Eg: myembyserver.ddns.net:51820 Delete Post-up and Post-down rule Generate the config. Copy the server config. (Don’t close the browser, we’ll need the client configs later) Open wireguard, click on the arrow beside add tunnel > Add empty tunnel Choose adapter name as “wg0”. (You can choose something else too) Paste the server config here and activate the VPN. Step 3: Allow port 51820 through windows defender. Create allow rules for both TCP and UDP protocol, and inbound and outbound. https://www.windowscentral.com/how-open-port-windows-firewall Step 4: Enable network sharing Open control panel> Network and sharing center > Change adapter settings Choose your adapter > Properties > Sharing Tab Check mark “Allow other network users to connect ……… connection” and choose “wg0” from dropdown. Step 5: Set your network to Public Click on the Wi-fi button in taskbar Right click on your Wi-fi > Properties Change from private to public Step 6: Enable port forwarding on router for port 51820 https://www.wikihow.com/Set-Up-Port-Forwarding-on-a-Router Go to https://www.canyouseeme.org/ and check if port 51820 is visible. If everything went as intended, it should be visible. Step 7: Configuring Client Download WireGuard on your phone/other clients where you need to access your server remotely. Now we have to import the client config here. You can directly scan the QR code. Or create text files of client configs and transfer them to the device. Activate the VPN. Now switch to a different network and check if you can access Emby remotely. (You won’t be able to access Emby if you both client and host are on the same network) Downsides of this approach: You'll need to turn on VPN before you can access the server. (Alternatively, you can also let it running all the time, it won't slow down your internet since VPN only captures the local network requests and passes them on to the server) You can only access content on devices if you have authenticated beforehand. Adding more clients will require additional setup. Not viable if you want to give access to other people, you'll need to setup VPNs on their devices. Upsides: Easier to setup than dealing with certificates in my opinion Since clients are authenticated beforehand, Greater security. Edited March 10, 2022 by GrimReaper Edit Title 1
pwhodges 2012 Posted March 9, 2022 Posted March 9, 2022 I don't deal with certificates either - I installed Caddy, provided a config file with one line (other than the one specifying the server name) which makes it a reverse proxy for Emby, and that's it. Apart, that is, from setting up the domain name and router forwarding, which are both more complicated jobs than running Caddy. Caddy does all the certificate work itself - it gets them, uses them, renews them. Paul 1
MaxRobs 1 Posted March 9, 2022 Author Posted March 9, 2022 (edited) 1 hour ago, pwhodges said: I don't deal with certificates either - I installed Caddy, provided a config file with one line (other than the one specifying the server name) which makes it a reverse proxy for Emby, and that's it. Apart, that is, from setting up the domain name and router forwarding, which are both more complicated jobs than running Caddy. Caddy does all the certificate work itself - it gets them, uses them, renews them. Paul Can you direct me to a guide. Edit: I found the guide, https://emby.media/community/index.php?/topic/81476-ssl-made-easier-with-a-reverse-proxy/ I had previously looked at it, it required me to buy a domain which is why I didn't follow through with it. Edited March 9, 2022 by MaxRobs
pwhodges 2012 Posted March 9, 2022 Posted March 9, 2022 Certificates are linked to domain names, by design. If you do not want to buy a domain name, then as a consequence you cannot use https. Paul
GrimReaper 4740 Posted March 10, 2022 Posted March 10, 2022 3 hours ago, pwhodges said: Certificates are linked to domain names, by design. If you do not want to buy a domain name, then as a consequence you cannot use https. Paul That ain't exactly true, as you can obtain Certificate for free DDNS as well. 1
pwhodges 2012 Posted March 10, 2022 Posted March 10, 2022 OK, is is possible to get a free name; but in practice you do need a name is what I was saying. Yes, and it is actually possible to get a certificate for an IP address, but you have to prove you own it - DHCP from your ISP wouldn't cut it - and it would be no use if your address changed, for instance. Even the people who can sell them to you discourage even thinking about such a certificate, and the free people don't do them. Paul
MaxRobs 1 Posted March 10, 2022 Author Posted March 10, 2022 (edited) Should have mentioned in the title that this guide was for those who don't wanna buy a domain. No edit option available now. Edited March 10, 2022 by MaxRobs
GrimReaper 4740 Posted March 10, 2022 Posted March 10, 2022 15 minutes ago, MaxRobs said: Should have mentioned in the title that this guide was for those who don't wanna buy a domain. No edit option available now. How do you want Topic title to read?
MaxRobs 1 Posted March 10, 2022 Author Posted March 10, 2022 How To: Secure Remote Connection (Without buying domain) This seems good enough
GrimReaper 4740 Posted March 10, 2022 Posted March 10, 2022 Just now, MaxRobs said: How To: Secure Remote Connection (Without buying domain) This seems good enough Done.
MaxRobs 1 Posted March 10, 2022 Author Posted March 10, 2022 Just now, GrimReaper said: Done. Thanks!
sjkiss 28 Posted October 29, 2022 Posted October 29, 2022 Will this work for a Mac and QNAP NAS setup?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now