Is there any way of opening a port up more securely as I opened port 8090 and got quite a few attempts flag up on my router firewall. I don’t know if there is a way of doing it more securely than just telling your router to open one up?
The port is either open or closed. There's nothing else you can do really.
One alternative to opening port 8089 is to use a VPN. But then you open a different port for the VPN itself so the end result as far as open ports and incoming scans is the same.
1 Like
Using a non-standard VPN high port has a lot less scanning activity than the common ones. You're also not reliant on the security risk being in channels itself, versus the VPN - designed to be secure from the ground up.
1 Like
Ok thanks problem is the VPN I use doesn’t allow port forwarding so will be left to opening the default port up through my router/firewall settings. When the port gets scanned by someone/something does that then bring up a login page for the channels DVR server. What is ‘seen’ at the other end if a port gets scanned?
If you connect to your home network with a VPN, you don't need remote access in Channels. When connected through a VPN, your client device is seen as being on the local network, and Channels treats this as "Home" streaming, not "Remote".
2 Likes
That’s interesting so if I run a VPN away from my LAN and try and access my server it will connect and run without opening a port?
Would I then need to select ‘home’ on the app as opposed to ‘away from home when opening it up’? Sorry if it sounds stupid but is ‘accessing my network’ away from home done by opening the app?
Thanks
Well, the VPN still needs a port for it to listen on, but no additional port for Channels is necessary.
Correct. Just tell the Channels app that you are at home. Authentication is not used if the device is accessing Channels from a private network address.
1 Like
There is a difference between inbound VPN and outbound VPN. You're using some type of commercial VPN which makes your outbound internet access go through another IP. That's different than an inbound VPN, which something you would install and run in your home and then be able to connect back to your home via.
Most port scanning just checks to see if the port is opened. If someone tried to actually connect, then yes they would see a Channels DVR login page.
1 Like
Perfect thanks that mostly clears it up. I will probably just stick to the standard port forwarding but will at some point look into a VPN setup with my router.
Just to bring this up again is there any way of allowing the specific IP address of the channels DVR server in my exceptions list when opening a port. I.e. can I limit traffic from that particular IP of the channels DVR server or is the IP always changing ?
I think you need to be more explicit, because I'm not understanding exactly which side you need the IP of, and which one is changing.
Excuse my limited (very!) knowledge, but when you connect to your DVR externally does it not go via a channels IP somewhere first to locate my DVR server?
When you enable remote access, the system creates a random subdomain for your DVR. When you connect to my.channelsdvr.net and authenticate, you are then redirected to abcdefg01234567.u.channelsdvr.net, which points to your DVR's external/public IP address.
You don't need to worry about filtering on IP addresses, just ensure that your public/external port 8089 gets forwarded to the internal/LAN IP of your DVR server.
1 Like
Right that clears it all up how it works so thanks for explaining. Will open up the required port when it is required.