kingy444 117 Posted December 30, 2017 Posted December 30, 2017 i have had a VPN configured between my place and the parents for some time and for some reason never thought much of it. was only setup so i could easily access my files when visiting so never cared it now occurs to me that i can access emby via this VPN rather than via an external wan. (i hate having the server open to the net #paranoid) im curious to a couple of things, mainly what would be visible via an openvpn connection between the two houses if someone did what to pry into what we were watching? as content should be encrypted via the openvpn tunnel i assume it would be extremely difficult to ascertain what is being transmitted between sites? ive tested and can connect their samsung tv up to the server but cautious as the logs in that app show clearly whats being played that it might be easy to decipher that for prying eyes? in addition to the above, and just asking in hopes a dev can answer on possibility without worrying with a feature request - is there anyway to get site2 to auto recognise the emby server at site1 ? different subnets but the openvpn tunnel knows how to route traffic between the two. was thinking even say a ‘man in the middle’ type setup at site2 that simply intercepts the requests for an emby server and redirects them to the correct subnet ip at site2 could be a hacky way to implement? call it a standalone plugin?
Luke 42083 Posted December 30, 2017 Posted December 30, 2017 Hi, what do you mean by auto recognize? Thanks.
kingy444 117 Posted December 30, 2017 Author Posted December 30, 2017 Hi, what do you mean by auto recognize? Thanks. Auto Detect a better term? Since the emby apps can detect a server on the local subnet, be cool if it could do that on the second subnet too. site1 and site2 subnets can talk to each other fine, i just have to manually enter the ip of the emby server. i know sending things like dlna blast messages over the vpn is difficult but not impossible, but i thought you could easily run up an ‘emby mini’ server lets call it at site2. the emby mini server would just need to be configured once to talk to the server at site1 and could then manage all requests for emby connections locally, including dlna. When a file playback is requested then the emby mini server would flick that responsibility off to the main emby server at site2
Luke 42083 Posted December 31, 2017 Posted December 31, 2017 Ok, there are existing requests open for things like load balancing through multiple servers.
kingy444 117 Posted December 31, 2017 Author Posted December 31, 2017 thanks, sorry that put things off track a little. this post was mainly looking for info on whats visible when streaming content via a vpn connection. i havent configured https at all, but just looking at a secure way to stream externally. i assume that within the vpn tunnel an ISP would have difficulty deciphering the content being streamed? vpn would be more secure than configuring https?
Luke 42083 Posted December 31, 2017 Posted December 31, 2017 i assume that within the vpn tunnel an ISP would have difficulty deciphering the content being streamed? If that's all you want to do than SSL alone should be sufficient.
kingy444 117 Posted December 31, 2017 Author Posted December 31, 2017 If that's all you want to do than SSL alone should be sufficient. so while ssl should be sufficient, an OpenVPN connection between the two sites is better than SSL right? more complicated sure, but if the content is traversing the VPN tunnel already then that‘s more secure? i definitely noticed a little more buffering over the tunnel when fast forwarding etc but other than that playback was fine. im just curious how well ssl would be encrypting the content. i know my vpn requires certificates and passwords on both sides to connect but SSL is only on the server side so curious as to what an ISP could decipher
mastrmind11 722 Posted December 31, 2017 Posted December 31, 2017 (edited) OpenVPN and SSL are basically the same thing, minus the VPN redirect. If someone is interested in cracking your 256bit encryption via either method, you're trying to hide more than just web traffic Edited December 31, 2017 by mastrmind11
Tur0k 148 Posted December 31, 2017 Posted December 31, 2017 VPN offers an alternate solution to ssl encrypted web pages. You can technically SSL encrypt your VPN tunnel in which case the encryption is equivalent. The nice part about a VPN is it complicates the front end. The key component is to use adequate settings and best practices. Sent from my iPhone using Tapatalk
revengineer 142 Posted December 31, 2017 Posted December 31, 2017 While the encryption of VPN and SSL may be equivalent, OpenVPN is arguably more secure than SSL. I have always been worried about the hardness of the emby webserver. Not saying that there is a problem, but I trust OpenVPN more. So I have long closed my ports down to only allow VPN traffic in. Now that there are easy to use clients for very OS, it is a very small burden to use VPN and it works great with emby. Because I use VPN, I use simple http connections to emby rather than https. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now