Thanks to both of you for the help. I got it working now.
Now on to sort out some buffering/bandwidth issues with my connections.
Buffering is because it uses the home streaming which is original ... you can change that in settings.
Ah, thanks. Looks like I will have to change the settings for home streaming quality when I go back and forth from home and remote until they separate out Tailscale connections in the interface.
Thanks devs for turning me on to Tailscale. Never used it before but I signed up, loaded Tailscale on my MacOS, iOS and Synology NAS (running Channels DVR) devices in a very short period of time. Works great and now I can administer my Channels server remotely.
This is an awesome feature, I wasn't sure how Channels could get any better but you keep surprising us.
One question - should SSH connections be possible over the Tailscale tunnel (on RPi image)? I get a connection reset when trying to SSH to the Tailscale IP on port 22222. I am connected to Tailscale and can connect to port 8089 successfully.
This is a great feature enhancement. I've been using Tailscale on Unraid for a while to remote connect to my Channels server. I prefer using Tailscale over exposing port 8089 over the Internet as I used to find my IP listed on shodan.io which makes you a target for more port scanners.
One useful feature within Tailscale is to determine if you're directly connected to the server or going over a DERP relay. There's a command you can run from your Tailscale server to enable a simple web page that shows the connectivity status for all your peers. It would be nice to expose this on the Channels server web UI.
On my Unraid server I enable this feature by running the following from the docker console for the instance:
/app # ./tailscale status --web --listen 0.0.0.0:8384
Serving Tailscale status at http://192.168.1.106:8384/
You then open a web page to the IP with port 8384 and should see something like the following:
Mind the paranoia with the blacked out info. You'll see that clients that are connected will show the direct IP address or a relay in the connection column (e.g. relay via ORD - Chicago).
Sorry slightly off topic, if your IP is listed here, does it imply that it has been found by bots to have a vulnerability, a bit like stolen credentials ?
It likely means you’ve put a proxy server in front of your DVR without any sort of authentication.
I didn't have a proxy server in front of the DVR, just a port forward from my firewall to the Channels DVR server, since they can't get in without authenticating. That doesn't protect you from them capturing the initial HTTPS connection request and SSL certificate. This signals the Shodan port scanner that a service is running on that port and they catalog your IP address on their website.
You can find examples right here of servers running Channels DVR: https://www.shodan.io/search?query=channels+dvr
I'm a little surprised no one else is familiar with this service and the need to protect to your external facing servers: What Is Shodan? How to Use It & How to Stay Protected [2022]
Can you tell us what firewall you’re using? It appears that it isn’t passing along the source IP of the requests.
We do not return the X-Channels-Dvr-Identifier: header for requests coming from routable IPs. Nothing is exposed unless it’s behind a proxy or other such thing.
Linux iptables on Ubiquiti gear. Not an uncommon setup.
Did you execute custom iptables rules or use the unifi port forwarding?
Just Unifi port forwarding. Port 8089-> internal server running Channels DVR.
…and just so we’re on the same page: you’re able to go to an incognito browser window and go to your DVR hostname from a device outside your network and connect without authenticating?
I never said I could get to my Channels DVR server page without authenticating. I do get the page to authenticate.
What I'm saying is that it exposes the let's encrypt public key which allows Shodan to record the IP address as running a service on that port and gets added to their catalog. Am I making any sense?
The whole point of this topic was my support for Tailscale. No ports are exposed to the outside world which is GOOD.
Got it. Yes, it will expose the CN, but not the X-Channels-DVR-Identifier: header.
Haven't been able to get it to work on my Apple TV yet. I've installed version 5.5.5 on my Apple TV. Where do I access the QR code? There is no debug menu under settings? Many thanks.
Only available in beta
Thanks so much. When do you expect it to come out of beta (no precise date needed, but more like "before year end" or "Q1 of 2023", something like that). Fully understand if you can't give a timeframe. How do you become part of the beta program? Love this feature.
