Noonb question: Securing Pi for remote access Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
TWHH
Posts: 56
Joined: Tue Jun 29, 2021 10:27 pm

Noonb question: Securing Pi for remote access

Post by TWHH »

Hi there,

Am very new to all this. Very new.

Am setting up Pi with DietPi as a media server.

I'd like to open it up so that I can access outside my home network, but want to make sure I'm not inviting nasties in. Is there any way I can add 2FA to my Pi now it is running DietPi?

It looks to be possible on the 'standard' Pi OS, not sure if it can be done in my DietPi set up?

Many thanks
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Noonb question: Securing Pi for remote access

Post by Joulinar »

can you be a little bit more specific what exactly you like to do. What kind of remote access you like to implement or which app you like to access.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
TWHH
Posts: 56
Joined: Tue Jun 29, 2021 10:27 pm

Re: Noonb question: Securing Pi for remote access

Post by TWHH »

I'd like to be able to access my media library when away from home via the Plex Server I have installed on it.

My very very limited knowledge on this, but my understanding is that I would need to give the Pi a static IP address and make it available to anyone on the internet (who knows the address). I'm assuming a bot could find this, brute force the password - which I have already changed to a much more secure one.

Again, an assumption here, but I'm thinking that only being able to access my Pi and therefore my home network would be much harder if a OTP has to be entered before a connection is made.

Am I on the right train of thought, or have I overlooked something dead obvious? :lol: :lol:
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Noonb question: Securing Pi for remote access

Post by Joulinar »

I guess you are heading into wrong direction. Setting up OTP might protect your SSH access but I don't think this is the way how you like to access your Plex server. First you would need to be clear on how to access your system. I guess you like to use the plex app? Easiest way might be setting up VPN. This way you can access your Pi same way as being at home and you would not need to open to much ports towards the internet.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
TWHH
Posts: 56
Joined: Tue Jun 29, 2021 10:27 pm

Re: Noonb question: Securing Pi for remote access

Post by TWHH »

Glad I asked now 😎.

Yes, would be using Plex app to watch content remotely.

I will be installing NordVPN on the Pi tomorrow.

Should I also have VPN on the device I’m watching the content too (appreciate this is a little off the original question)

Thanks again
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Noonb question: Securing Pi for remote access

Post by Joulinar »

again wrong direction. You would need to setup a VPN server like WireGuard on DietPi and the VPN client app on your mobile device. Setting up NordVPN will install a VPN client on DietPi, connecting you to a public VPN provider.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
TWHH
Posts: 56
Joined: Tue Jun 29, 2021 10:27 pm

Re: Noonb question: Securing Pi for remote access

Post by TWHH »

Crikey, thank God there’s helpful people like you on here! Thanks again for your help.

I’ll take a look at Wireguard.

Will I still be able to have this running with a VPN client (Nord) running on the Pi?
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Noonb question: Securing Pi for remote access

Post by Joulinar »

Running NordVPN as client and Wireguard as server could be a little bit challenging. I never did something like this myself

@trendy and thoughts?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
trendy
Posts: 340
Joined: Tue Feb 25, 2020 2:54 pm

Re: Noonb question: Securing Pi for remote access

Post by trendy »

It is possible, however there is something to pay attention to.
Usually the VPN clients enable killswitches, which force all traffic to the VPN and don't allow anything else inbound. It will need to be tweaked or disabled.
Also if the VPN client installs a default gateway via the vpn-provider, then policy routing rules are necessary to selectively forward traffic from the vpn server via the ISP router, not the vpn. Or the default gateway from the VPN will have to be ignored and you'll manually add routes that need to be routed via VPN (that is a bit unrealistic).
TWHH
Posts: 56
Joined: Tue Jun 29, 2021 10:27 pm

Re: Noonb question: Securing Pi for remote access

Post by TWHH »

OK, so I'm going to leave the VPN server things for now - in all honesty I don't have an immediate need to access my media library (via Plex) outside of my home network.

So I've installed the NordVPN client. Hoe do I tell if I'm successfully connected to the outside world via VPN without plugging the Pi into a screen and accessing a web browser to do an IP lookup. I'm running headless and accessing via SSH on a Mac.

Thanks again
Post Reply