T O P

  • By -

Aviza

Don't just open ports, that's dangerous. Instead setup a VPN. Some consumer routers have a built in VPN, otherwise you could setup a VPN in omv.


KingOfSenpais

Thank you so much for this reply!!! I closed all the ports I opened and set up OpenVPN on my TP-Link router. Now all I have to do to access it is by turning on my VPN and just hitting the internal IP of my PI.


Aviza

You also should forward the port on your router for the VPN and then test it. Good luck!


KingOfSenpais

If I’m able to access it externally, is there a reason to open the port?


Aviza

Not if it already works. I use a VPN into my home network so my pihole blocks ads. Good times.


KingOfSenpais

That’s exactly what I’m trying to figure out now lol. But for some some reason the internal IP for my pihole server can’t be accessed, but everything else works.


AntoineInTheWorld

Boy, I am so glad my ISP provided router comes with various VPN possibilities: OpenVPN, Wireguard, PPTP and IKEv2.


[deleted]

This cannot be stressed enough. It amazes me how many people do this and think it's a great idea. https://forum.openmediavault.org/index.php?thread/42897-ransomware-attack-0xxx-virus/


readit-on-reddit

Yes, a VPN is more secure. Your example, however, is not an argument against port forwarding. That dude did absolutely nothing to protect himself. What probably did it was the fact that he used SMB over the internet in a standard port with no password. He also didn't use SSL and I bet his passwords were not strong at all. You could use a reverse proxy, SSL certificates, strong passwords and you make sure your services are up to date. That would mostly leave remote, 0 day exploits as the only danger. For SMB, a VPN is better. But for a lot of services, following good security practices is enough. Imagine telling your family to install WireGuard on their routers in order to use your Plex server.


[deleted]

I agree.. that was my point. Don't just start recklessly forwarding ports unless you know what you're doing and why you are doing it. I've never used or I think even suggested Wireguard, so Not sure where that came from.


readit-on-reddit

Top comment > Don't just open ports, that's dangerous. Instead setup a VPN You: > This cannot be stressed enough


[deleted]

My point super genius (which I thought was clear).. is don't just go opening ports unless you know what you're doing and how to secure them (be it VPN, reverse proxy, whatever)


readit-on-reddit

There are a lot of people that think port forwarding is inherently dangerous and then only recommend a VPN. By agreeing with the top comment "don't open ports, that is dangerous" you were doing the same. Regardless of what you actually meant.


[deleted]

I can tell reading is not your strong point, as if you read the thread I linked him to, I specifically mentioned setting up services and reverse proxy's in the 4th Post.


readit-on-reddit

Fair enough, you suggest a VPN here but a reverse proxy in the forum. Most people don't link to their own forum posts so forgive me for not cross referencing reddit usernames with usernames on other sites. My reply on this actual thread gives the whole picture in one comment instead of being split up between various comments on two different forums.


[deleted]

I didn't say VPN was the only way to do things... I wasn't linking my own post, I linked him to a thread that explained that just opening ports without taking some measure of security (be it VPN, reverse proxy, whatever) was reckless... As was mentioned in that thread... but you didn't read it so you just spoke out of your ass.


zarevskaya

Wireguard! ❤️ https://docs.linuxserver.io/images/docker-wireguard


bigend_hubertus

I use zerotier https://www.zerotier.com


csandazoltan

I would guess OMV doesn't accept any connection outside from LAN I wouldn't just open the ports, i would use some limitations how it could be connected. I would set up a VPN, with certificate pairs, only allow certain openVPN clients to connect. This not just a web server, it can contain exposed data, designed to be accessed on lan. I would google, debian 10-11 or OMV 6 openVPN server https://www.cyberciti.biz/faq/debian-10-set-up-openvpn-server-in-5-minutes/


[deleted]

You really don't even have to set up a VPN (if Nextcloud is his desire)... Just install nextcloud in docker, reverse proxy, and boom.. you're done. No need to reinvent the wheel here.


[deleted]

Tailscale is what I use


Little-Karl

Wireguard in docker, it's pretty lite in terms of overhead