Hello need some direction to find a solution

General discussion about Blue Iris
mr2u53
Posts: 18
Joined: Fri Jan 17, 2020 2:17 am

Hello need some direction to find a solution

Post by mr2u53 »

I am trying to allow access outside of my network. I followed the stunnel video and cant port forward any ports. any links would be great. I have been at this for hours and have been scouring websites and just cant find the right info. Thanks
emerson1vier
Posts: 4
Joined: Sun Feb 23, 2020 6:40 pm

Re: Hello need some direction to find a solution

Post by emerson1vier »

HI May I ask you where you find the stunnel video?
User avatar
Thixotropic
Posts: 743
Joined: Wed Sep 04, 2019 7:20 pm
Location: Low-Earth Orbit

Re: Hello need some direction to find a solution

Post by Thixotropic »

I don't know anything about stunnel but if you're looking for a quick and easy solution for secure remote access, you might look at ngrok:

https://ngrok.com/

I use it and it works well for me, but my requirements may be different from yours.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | 9 Cameras | Almost Dual NIC | 2KVA UPS
User avatar
Thixotropic
Posts: 743
Joined: Wed Sep 04, 2019 7:20 pm
Location: Low-Earth Orbit

Re: Hello need some direction to find a solution

Post by Thixotropic »

oldguy wrote: Sun Jun 07, 2020 4:21 am How does ngrok secure the connection
From the ngrok page:

"You download and run a program on your machine and provide it the port of a network service, usually a web server.

It connects to the ngrok cloud service which accepts traffic on a public address and relays that traffic through to the ngrok process running on your machine and then on to the local address you specified."


This explains a little more: https://ngrok.com/product
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | 9 Cameras | Almost Dual NIC | 2KVA UPS
HeneryH
Posts: 678
Joined: Thu Jul 18, 2019 2:50 pm

Re: Hello need some direction to find a solution

Post by HeneryH »

Can you get access to work without stunnel?

To debug, we need to figure out exactly which step in the path is failing.

I wrote up a description a while back and will try to find it to repost.
HeneryH
Posts: 678
Joined: Thu Jul 18, 2019 2:50 pm

Re: Hello need some direction to find a solution

Post by HeneryH »

People need to be very clear on what each solution does and doesn't do.
  • SSL/HTTPS will encrypt the data so that the contents cannot be intercepted while in transit. It is quickly becoming the standard to enable and some browsers now flag sites that do NOT do this as risky. Some SSL/HTTPS use self-signed certificates that require a one-time acceptance of risk for each browser client or you can use Let'sEncrypt certs with some extra effort.
  • Preventing unauthorized access to machines/networks by hackers is a completely separate topic. Those referring to Reverse Proxies & VPNs are protecting against this threat.
User avatar
Thixotropic
Posts: 743
Joined: Wed Sep 04, 2019 7:20 pm
Location: Low-Earth Orbit

Re: Hello need some direction to find a solution

Post by Thixotropic »

oldguy wrote: Sun Jun 07, 2020 2:51 pm That does not make the connection secure.
It provides an encrypted https connection to your BI box or whatever you point it to. If that's not secure enough for your needs, then stunnel or something like it may be the way to go.

I'd say that unless you're launching missiles or reconciling bank accounts, it's probably secure enough for connecting to a BI box.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | 9 Cameras | Almost Dual NIC | 2KVA UPS
User avatar
Thixotropic
Posts: 743
Joined: Wed Sep 04, 2019 7:20 pm
Location: Low-Earth Orbit

Re: Hello need some direction to find a solution

Post by Thixotropic »

Just a note- SSL is close to being officially deprecated due to a weakness in the algorithim. SSL is being superseded by TLS which plugs those holes.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | 9 Cameras | Almost Dual NIC | 2KVA UPS
HeneryH
Posts: 678
Joined: Thu Jul 18, 2019 2:50 pm

Re: Hello need some direction to find a solution

Post by HeneryH »

Thixotropic wrote: Sun Jun 07, 2020 3:34 pm
oldguy wrote: Sun Jun 07, 2020 2:51 pm That does not make the connection secure.
It provides an encrypted https connection to your BI box or whatever you point it to. If that's not secure enough for your needs, then stunnel or something like it may be the way to go.

I'd say that unless you're launching missiles or reconciling bank accounts, it's probably secure enough for connecting to a BI box.
There is a big difference between usability for home use and use by clients or others who may be connecting to the system. If it is just the owner, then you can skip stunnel or any of the other https tools. You just accepts the browser warnings and add exceptions and more along with your day. I have clients connecting so I need to have legit certificates and no browser warnings.

You should STILL practice safe networking and limit external connections to just the single port required to access the BI web server.
HeneryH
Posts: 678
Joined: Thu Jul 18, 2019 2:50 pm

Re: Hello need some direction to find a solution

Post by HeneryH »

Thixotropic wrote: Sun Jun 07, 2020 3:38 pm Just a note- SSL is close to being officially deprecated due to a weakness in the algorithim. SSL is being superseded by TLS which plugs those holes.
Yep, old habits die hard.
Post Reply