Blue Iris

I am trying to allow access outside of my network. I followed the stunnel video and cant port forward any ports. any links would be great. I have been at this for hours and have been scouring websites and just cant find the right info. Thanks

HI May I ask you where you find the stunnel video?

I don't know anything about stunnel but if you're looking for a quick and easy solution for secure remote access, you might look at ngrok:

https://ngrok.com/

I use it and it works well for me, but my requirements may be different from yours.

oldguy wrote: ↑Sun Jun 07, 2020 4:21 am How does ngrok secure the connection

From the ngrok page:

"You download and run a program on your machine and provide it the port of a network service, usually a web server.

It connects to the ngrok cloud service which accepts traffic on a public address and relays that traffic through to the ngrok process running on your machine and then on to the local address you specified."


This explains a little more: https://ngrok.com/product

Can you get access to work without stunnel?

To debug, we need to figure out exactly which step in the path is failing.

I wrote up a description a while back and will try to find it to repost.

People need to be very clear on what each solution does and doesn't do.

• SSL/HTTPS will encrypt the data so that the contents cannot be intercepted while in transit. It is quickly becoming the standard to enable and some browsers now flag sites that do NOT do this as risky. Some SSL/HTTPS use self-signed certificates that require a one-time acceptance of risk for each browser client or you can use Let'sEncrypt certs with some extra effort.

• Preventing unauthorized access to machines/networks by hackers is a completely separate topic. Those referring to Reverse Proxies & VPNs are protecting against this threat.

oldguy wrote: ↑Sun Jun 07, 2020 2:51 pm That does not make the connection secure.

It provides an encrypted https connection to your BI box or whatever you point it to. If that's not secure enough for your needs, then stunnel or something like it may be the way to go.

I'd say that unless you're launching missiles or reconciling bank accounts, it's probably secure enough for connecting to a BI box.

Just a note- SSL is close to being officially deprecated due to a weakness in the algorithim. SSL is being superseded by TLS which plugs those holes.

Thixotropic wrote: ↑Sun Jun 07, 2020 3:34 pm

oldguy wrote: ↑Sun Jun 07, 2020 2:51 pm That does not make the connection secure.

It provides an encrypted https connection to your BI box or whatever you point it to. If that's not secure enough for your needs, then stunnel or something like it may be the way to go.

I'd say that unless you're launching missiles or reconciling bank accounts, it's probably secure enough for connecting to a BI box.

There is a big difference between usability for home use and use by clients or others who may be connecting to the system. If it is just the owner, then you can skip stunnel or any of the other https tools. You just accepts the browser warnings and add exceptions and more along with your day. I have clients connecting so I need to have legit certificates and no browser warnings.

You should STILL practice safe networking and limit external connections to just the single port required to access the BI web server.

Thixotropic wrote: ↑Sun Jun 07, 2020 3:38 pm Just a note- SSL is close to being officially deprecated due to a weakness in the algorithim. SSL is being superseded by TLS which plugs those holes.

Yep, old habits die hard.