|
Post by davahad on Feb 23, 2013 3:08:28 GMT -5
Hi,
New here and was wondering if anyone has setup remote access to the RA2 via the Homeworks + App using Port Forwarding?
Lutron talks about VPN and Port Forwarding in the FAQ with the new Remote Access but when I asked them about docs on how to setup port forwarding they said it was not a secure way to access the RA2 and therefore they don't have any docs on this.
I'm thinking it would be much easier to remote access via Port Forwarding just like all my home Surveillance Cameras vs. VPN or paying for their remote service.
Thanks for the help.
|
|
|
Post by rdgerken on Feb 23, 2013 13:02:58 GMT -5
Forwarding port TCP 23 to the IP of your RA2 main repeater seems to work, although I don't use this myself. The app might also need port 80 for downloading the XML from the repeater, but I'm not sure about that. If you really want to do it this way, I'd recommend running the app from your LAN first to let everything sync, and then do the port forward to 23 mentioned above. But heck, play around with it. What's the worst that can happen?
|
|
|
Post by davahad on Feb 23, 2013 16:44:54 GMT -5
Appreciate the response. Was hoping that someone that is using this method would reply and give their feedback on how to do it this way and also the pro's and con's.
|
|
|
Post by rdgerken on Feb 24, 2013 9:22:07 GMT -5
My feedback is that I personally don't use this method, because I prefer secure connections going back to my home - so I only use VPN for all connectivity. If you forward that port in your router, you are creating a hole in your firewall for that traffic, and at that point, you want to make sure that you use usernames/passwords on your main repeater that are not easy to guess and not defaults (assume that anybody on the internet can connect to your main repeater, because they will be able to). Aside from someone hacking into your main repeater, there shouldn't be much else to worry about. I do not know what the likelihood of someone doing that is, and what kind of damage they could inflict if they were so bored - but I digress... It is a potential security issue.
Is this any less secure than if you were using remote access via Lutron's servers? My guess on this is probably. I believe the remote access offering from Lutron uses an encrypted connection between the client, their servers, and your repeater (via UDP 1130 / TCP 1131) - whereas the simple port forward TCP 23 method outlined above is not encrypted, and would also show up if someone did a port scan on you. It would appear that the Lutron remote access works by having your main repeater make a outbound connection(s) to Lutron's servers, and the client traffic is proxied through them (or handshaked off), again, all encrypted. This makes it pretty secure. The security concern in this method would be in that if someone hacked Lutron's servers - and then you could be at potential risk.
So, in summary, in my opinion, the most secure method is via VPN, followed by Lutron's remote access, and then lastly by doing port forwards.
I'm not a network security expert, and this information provided is not based on any specific facts. I'm just some guy that enjoys doing this stuff, and these are my opinions based on my experience and a little bit of research. If you really want to get technical, especially with regards to the Lutron remote access, and it's security, then you should speak with Lutron directly. I made some assumptions based off of what I've read.
|
|
|
Post by annihilator on Feb 24, 2013 22:37:34 GMT -5
Although it's slightly more involved, another secure option is using an SSH tunnel, which is what I personally do. I happen to have a dedicated Linux server running within my home network that's accessible to the outside world (it exposes one port, over which I only connect via the SSH protocol). There is a nifty iPhone application called iSSH which enables you to create tunnels while needed. So when I want to access my RR2 system remotely (very seldom), I simply start up iSSH (to open the tunnels) and then I open the Lutron application, which connects to localhost:2023 which tunnels (via SSH) to my Linux server, then inside my network to the main repeater at the 192.168.x.x address. So essentially the data flow is as follows:Lutron app connects to tunnel localhost:2023|2080 (on iPhone) --> Home Linux Server @ <WAN-IP>:22 (ssh protocol) --> RR2 Main Repeater @ 192.168.x.x:23|80 You're essentially "tricking" the Lutron app into connecting to a main repeater at localhost:2023, which under the covers is tunneled securely via SSH back to your home network's Linux server, and then to your main repeater via the telnet protocol. You can read more about tunnels with some good graphics at chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/. All of this ensures secure communication between my mobile device and my home network; it's only between my Linux server and the Main Repeater that any traffic goes unencrypted (which is fine because it's within your LAN, unless you don't trust the wife and kids <snicker>). I realize this may be more involved for some, but for those semi-technical and with an extra computer on the network, this presents an industry standard secure connection mechanism for no annual cost. This isn't actually anything novel, we use SSH tunnels all the time in the real world for securing communications which don't support native secure protocols (e.g., think remote desktop or VNC). My RR2 system is just another use case. :-) Regards, Joe
|
|
|
Post by rdgerken on Feb 25, 2013 11:33:32 GMT -5
Great tip! I use SSH also for some other applications, and it works great. Didn't think to suggest that. In most cases, I think doing the VPN would be less complex, but yes, this is certainly an option worth noting and exploring.
|
|
|
Post by davahad on Feb 28, 2013 22:41:33 GMT -5
Thanks for the replies. I have been testing the new Lutron Remote Access which has been working good for the last 2 days. Prior to that I had trouble connecting so hopefully this will become reliable and I will just go this route.
|
|
|
Post by schalliol on Mar 8, 2013 12:11:30 GMT -5
I haven't been able to get port forwarding to work. The Lutron iOS app seems to automatically say it can't find any connection if it isn't connected via either wifi or VPN. It's like it doesn't even try. I have a VPN set up that does work, but despite being very familiar with port forwarding (and trying both the direct 23 and 80 ports and remapped ports) have been unable to make it work. Has anyone else found that to be the case? Possibly using a jailbreak program like 3G unrestrictor would fool the app.
|
|
|
Post by chitownee on Mar 13, 2013 21:41:53 GMT -5
To get the new remote access to work I forwarded TCP port 1131 and UDP port 1130 to my main repeater and that seemed to work. It's being flaky now but that seemed to do the trick. I'm not sure if it will help if you are doing port forwarding.
|
|
|
Post by chitownee on Mar 13, 2013 21:42:59 GMT -5
To get the new remote access to work I forwarded TCP port 1131 and UDP port 1130 to my main repeater and that seemed to work. It's being flaky now but that seemed to do the trick. I'm not sure if it will help if you are doing port forwarding.
|
|
|
Post by schalliol on Mar 14, 2013 18:28:39 GMT -5
Did that work for you when you were over 3G/4G/LTE? It seemed on iOS they assumed you couldn't connect off wifi
|
|
|
Post by chitownee on May 6, 2013 22:59:09 GMT -5
Has anyone played with this lately. Mine hasn't been working for awhile but I figured I'd give it another try with the software update and app update. Nothing seems to work. Can anyone tell me what I should set the Subnet, Gateway and DNS settings to? I tried the settings on my router but that didn't work. The documentation says there is no port forwarding but I have played with that anyways and couldn't get it to work. I have an Apple Airport Extreme and am trying to connect on LTE and remote WiFi from an iPhone.
|
|
|
Post by schalliol on May 9, 2013 20:50:42 GMT -5
I tried recently again and couldn't get it to work.
|
|
|
Post by chitownee on May 23, 2013 10:56:42 GMT -5
Anybody have any updates on this? The board seems dead. No posts in the past 3 weeks. Hello?
|
|
Bailey
Full Member
San Diego Lutron Representative
Posts: 172
|
Post by Bailey on May 24, 2013 23:50:28 GMT -5
The board goes through phases. Depends on the traffic out there. Don't worry, they'll come back. As for your question, I don't do anything with port forwarding.
|
|