NEW: DVR Server + Tailscale integration, for easier Away from Home access (Experimental)

Thanks for your quick response. So you need to prep your Apple TV at home and then take it remote? Many thanks

1 Like

Does this work for a FireTV Stick as the client or would I need to have another system acting as a Tailscale exit node at the remote site? I enabled the server on my Synology and used the IP address in the Connect At Home section, but at the remote site it gives the error message that "A Channels DVR server was not found" at the IP address.

I also have standalone Tailscale running on my Synology and tried that IP address with the same error.

1 Like

You need to install Tailscale on the FireTV

Is there a guide online that you trust that shows the best way to install Tailscale on the Firestick?

2 Likes

I use apps2fire to Install from my Android phone/tablet to fireTV.

But currently Tailscale android version does not work on firetv. You would have to google tailscale and use the DROID version and sideload it using ADB.

Request - FireTV client - Tailscale

2 Likes

I think you can use the AFTV downloader app and enter the apk url from f-droid

https://f-droid.org/repo/com.tailscale.ipn_125.apk

2 Likes

I installed it started it up gave me a QRcode scanned with my phone and connected.... looking good. Was able to connect using Hotspot with tailscale no problem at all. All connections and settings done through the Remote.

ADB Installl


D:\platform-tools>CD /d "D:\platform-tools\"

D:\platform-tools>adb kill-server

D:\platform-tools>adb connect 10.0.0.209
* daemon not running; starting now at tcp:5037
* daemon started successfully
connected to 10.0.0.209:5555

D:\platform-tools>rem adb connect 10.0.0.218

D:\platform-tools>rem adb connect 10.0.0.229

D:\platform-tools>adb install "D:\platform-tools\com.tailscale.ipn_125.apk"
Performing Streamed Install
Success

D:\platform-tools>adb disconnect
disconnected everything

D:\platform-tools>pause
Press any key to continue . . .
2 Likes

Thanks to both of you for the help. I got it working now.

  1. Installed Downloader app on FireTVstick 4KMax
  2. Enabled Unknown sources for Downloader in Developer options
  3. Downloaded Tailscale from above f-droid link
  4. Installed from downloaded file via Downloader
  5. Launched Tailscale and, as noted by Edwin_Perez, I selected sign in and got a QR Code screen that allowed me to authenticate on my phone.

Now on to sort out some buffering/bandwidth issues with my connections.

1 Like

Buffering is because it uses the home streaming which is original ... you can change that in settings.

2 Likes

Ah, thanks. Looks like I will have to change the settings for home streaming quality when I go back and forth from home and remote until they separate out Tailscale connections in the interface.

Thanks devs for turning me on to Tailscale. Never used it before but I signed up, loaded Tailscale on my MacOS, iOS and Synology NAS (running Channels DVR) devices in a very short period of time. Works great and now I can administer my Channels server remotely.

This is an awesome feature, I wasn't sure how Channels could get any better but you keep surprising us.

One question - should SSH connections be possible over the Tailscale tunnel (on RPi image)? I get a connection reset when trying to SSH to the Tailscale IP on port 22222. I am connected to Tailscale and can connect to port 8089 successfully.

This is a great feature enhancement. I've been using Tailscale on Unraid for a while to remote connect to my Channels server. I prefer using Tailscale over exposing port 8089 over the Internet as I used to find my IP listed on shodan.io which makes you a target for more port scanners.

One useful feature within Tailscale is to determine if you're directly connected to the server or going over a DERP relay. There's a command you can run from your Tailscale server to enable a simple web page that shows the connectivity status for all your peers. It would be nice to expose this on the Channels server web UI.

On my Unraid server I enable this feature by running the following from the docker console for the instance:

/app # ./tailscale status --web --listen 0.0.0.0:8384
Serving Tailscale status at http://192.168.1.106:8384/

You then open a web page to the IP with port 8384 and should see something like the following:

Mind the paranoia with the blacked out info. You'll see that clients that are connected will show the direct IP address or a relay in the connection column (e.g. relay via ORD - Chicago).

2 Likes

Sorry slightly off topic, if your IP is listed here, does it imply that it has been found by bots to have a vulnerability, a bit like stolen credentials ?

2 Likes

It likely means you’ve put a proxy server in front of your DVR without any sort of authentication.

1 Like

I didn't have a proxy server in front of the DVR, just a port forward from my firewall to the Channels DVR server, since they can't get in without authenticating. That doesn't protect you from them capturing the initial HTTPS connection request and SSL certificate. This signals the Shodan port scanner that a service is running on that port and they catalog your IP address on their website.

You can find examples right here of servers running Channels DVR: https://www.shodan.io/search?query=channels+dvr

I'm a little surprised no one else is familiar with this service and the need to protect to your external facing servers: What Is Shodan? How to Use It & How to Stay Protected [2022]

Oof




Can you tell us what firewall you’re using? It appears that it isn’t passing along the source IP of the requests.

We do not return the X-Channels-Dvr-Identifier: header for requests coming from routable IPs. Nothing is exposed unless it’s behind a proxy or other such thing.

2 Likes

Linux iptables on Ubiquiti gear. Not an uncommon setup.

1 Like

Did you execute custom iptables rules or use the unifi port forwarding?

2 Likes