News:

Rule #1 - Be Patient - Rule #2 - Don't ask when, if you don't contribute - Rule #3 - You have coding skills - LinuxMCE's small brother is available: http://www.agocontrol.com

Main Menu

Secure outside access to orbiter - HTTPS or VPN?

Started by purps, October 27, 2010, 01:00:04 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

purps

#15
October 29, 2010, 05:06:14 PM
Thank you so much for the help guys, that is all much clearer. I will idiot-proof the wiki page if I am successful.

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: [url="http://wiki.linuxmce.org/index.php/User:Purps"]http://wiki.linuxmce.org/index.php/User:Purps[/url]

pw44

#16
October 29, 2010, 05:32:33 PM Last Edit: October 30, 2010, 08:48:02 PM by pw44
If the intention is outside access, there is no other way. If there's a fixed IP, then use it, but for most, dynamic IP is the rule, so DDNS is almost mandatory.

wierdbeard65

#17
October 29, 2010, 06:15:26 PM
Quote from: merkur2k on October 29, 2010, 04:38:24 PM
note that there is no hard rule that the fqdn in the cert matches the address you type in, you will just get a warning in the browser if it doesnt.
Be careful!

It all depends on the client in use - I have no way of knowing if the Touch Orbiter, for example, can cope with a certificate error. True, most Web Browsers will give you the option to ignore the error, but it's always preferable to avoid the errors coming up if possible - you never know what new features may be around the corner! ;)

For example, at work we teach the setting up of TLS/SRTP for Polycom SIP-based phones. In this case, a certificate subject mis-match simply stops the phone from registering......
Paul
If you have the time to help, please see where I have got to at: [url="http://wiki.linuxmce.org/index.php/User:Wierdbeard65"]http://wiki.linuxmce.org/index.php/User:Wierdbeard65[/url]

purps

#18
October 30, 2010, 07:23:00 PM Last Edit: October 30, 2010, 07:47:57 PM by purps
Right, I've been through the wiki, which went like clockwork as far as I can tell.

However, when I point my phone browser towards "https://purps.dyndns-remote.com/LinuxMCE-admin/weborbiter.php" I'm asked if I want to accept the certificate, to which I say yes, but then I immediately get an error message "Web: Connection timeout" and that's that. Any suggestions?


FYI I added...

Code Select
# NameVirtualHost *
<VirtualHost *:443>
       SSLEngine On


...to "/etc/apache2/sites-available/pluto443", is that correct? Wasn't sure if I should have added it to "/etc/apache2/sites-available/pluto" instead.


Also, does any outside access need to be enabled in LinuxMCE admin for this to work? I assume setting up HTTPS bypasses all of this?

Cheers,
Matt.

EDIT: Got it working, and with all outside access disabled. Not sure what the problem was, but I turned my phone off and on again, did a quick reload, and it worked.

Big thank you to all of you for your help, very pleased to have this sorted.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: [url="http://wiki.linuxmce.org/index.php/User:Purps"]http://wiki.linuxmce.org/index.php/User:Purps[/url]
Print
Go Up Pages 1 2
User actions