We have moved at community.getvera.com

Author Topic: HOWTO: Disable remote access on UI4  (Read 23541 times)

Offline futzle

  • Beta Testers
  • Master Member
  • *****
  • Posts: 3260
  • Karma: +192/-9
HOWTO: Disable remote access on UI4
« on: November 12, 2010, 10:57:50 pm »
I didn't know how else to do this on UI4/cp.mios.com.  Back on UI2/findvera.com there was an option in the user interface to disable remote access entirely.

1. On your LAN, ssh into your Vera as root.
2. Edit the file /etc/cmh-ra/cmh-ra.conf.
3. Change the 0 in this line to 1:
Code: [Select]
RA_DISABLED=04. Kill the ssh process that looks like this (99999 will be different on your Vera):
Code: [Select]
ssh -p 232 -T -y -i /etc/cmh-ra/keys/cmh-ra-key.priv -R 99999:127.0.0.1:80 cmh-ra@fwd1.mios.comOr else just reboot Vera.
5. Verify that the remote access tunnel is turned off by running ps and noting the absence of ssh processes, or by seeing this message in the output of logread:
Code: [Select]
MiOS Remote Control Service is disabled. We won't start RC tunnels.
I'd recommend doing this only if you suffer from severe paranoia about secure tunnels to remote servers that you didn't create, or if you already have a way to securely access your LAN from the Internet.  I have a proper VPN, so I'm happy to connect to my VPN before connecting to Vera.

Needless to say, put this back the way you found it if you expect to get tech support from MCV.

Offline Automated

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #1 on: November 22, 2010, 10:13:32 pm »
You will need to edit more than that if you also want to stop the username and password sync with mios.com.

Offline hankjones

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #2 on: November 29, 2010, 10:16:25 am »
Did anyone get an answer to this?  I suffer from severe paranoia since everyday companies get hacked and thousands of credit cards get stolen.  Makes me thing a MiCasaVerde server may get hacked also.  I would like to disable remote access since I have a VPN to my home, but also make iVera work without having to connect to a MiCasaVerde server first when using this over VPN.  Has anyone noticed that a Vera2 box connects to the following servers (this is not a complete list), what are all these connections for?


66.36.230.215     80/tcp     micasaverde.com
66.36.231.78     232/tcp     fwd1.mios.com
66.36.231.70     unknown     from hopone.net
66.148.72.49     80/tcp     logs.micasaverde.com
67.195.160.76     ir1.fp.vip.ac4.yahoo.com from telia.net
69.147.125.65     ir1.fp.vip.re1.yahoo.com from yahoo.com
71.252.193.25     stan.greyware.com time service
72.14.204.99     iad04s01-in-f99.1e100.net
72.14.204.104     iad04s01-in-f104.1e100.net
72.30.2.43          ir1.fp.vip.sk1.yahoo.com
72.14.204.104     80/tcp     iad04s01-in-f104.1e100.net
74.125.127.93     80/tcp     pz-in-f93.1e100.net
98.137.149.56     80/tcp     ir1.fp.vip.sp2.yahoo.com
128.2.1.20          AC-NTP0.NET.CMU.EDU
192.53.103.104     ptbtime2.ptb.de
192.53.103.108     ptbtime1.ptb.de
132.236.56.252     cudns.cit.cornell.edu
209.160.40.134     sta2.mios.com
209.160.40.136     unknown
209.160.29.55     unknown
209.160.40.215     232/tcp     fwd2.mios.com

Offline atlantis94fr

  • Sr. Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #3 on: November 29, 2010, 10:22:26 am »
Very affraied by all of that... Once again when will we have a HTTPS portal on VERA in order to have full control of our security !!! Easy to say and easy to do !!! why  is it not obvious for a VERA !!!

Offline mhn

  • Full Member
  • ***
  • Posts: 152
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #4 on: November 29, 2010, 01:18:47 pm »
We made a little "hack" on UI2. It might work on UI4 too.

http://zwaves.dk/forum/viewtopic.php?f=22&t=242 (In Danish. Google translate.)

Regards
Morten
« Last Edit: November 30, 2010, 04:11:06 pm by mhn »

Offline allensawyer23

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #5 on: December 03, 2010, 02:23:59 am »
i wish you could provide a demo for beginners :(
You can buy facebook fans for your business.

Offline BrianAz

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #6 on: January 07, 2011, 05:58:44 pm »
I did this, but then it seemed that my iVera app wasn't able to connect to my Vera 2 after I connected my iPhone to the VPN. I read somewhere about iPhone's not being able to map names to addresses when you're connecting to vpn. Not sure how this'll work yet. Probably need to ask iVera author some questions.

Offline mhn

  • Full Member
  • ***
  • Posts: 152
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #7 on: January 07, 2011, 06:41:03 pm »
I don't know Iphones.

But i might be a certificate thing. The certificate is self-signed, some devices don't like that.

Did your phone accept the certificate?

Offline BrianAz

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #8 on: January 07, 2011, 09:01:31 pm »
I don't know Iphones.

But i might be a certificate thing. The certificate is self-signed, some devices don't like that.

Did your phone accept the certificate?

Sorry - meant that I tried the OP's instructions.

Offline futzle

  • Beta Testers
  • Master Member
  • *****
  • Posts: 3260
  • Karma: +192/-9
Re: HOWTO: Disable remote access on UI4
« Reply #9 on: January 08, 2011, 05:38:01 am »
after I connected my iPhone to the VPN. I read somewhere about iPhone's not being able to map names to addresses when you're connecting to vpn.

It depends on your VPN technology.  If it's an iPhone then you are probably using IPsec/L2TP.  It's common that server implementations of IPsec/L2TP don't route multicast packets from the LAN to the VPN, so your iPhone can't auto-detect the Vera over Zeroconf/Bonjour.  I've got a similar issue with VPNing home and not being able to see my EyeTV instance automatically.

If your Vera is at a fixed IP address on your home network then you might be able to convince iVera to talk straight to the IP address.  (I don't use iVera, but I know SQ Remote has this option.)

I'm guessing that disabling the Vera HTTP tunnel makes findvera or whatever it's called now not able to determine the LAN address of Vera, so iVera can't learn the address that it starts sending UPnP requests to in order to speak to Vera.  Or something like that.

Offline BrianAz

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
Re: HOWTO: Disable remote access on UI4
« Reply #10 on: January 21, 2011, 08:01:39 pm »
I'm using DD-WRT w/ PPTP for VPN. The iVera author said that it goes direct to the Vera's IP if it's known... but it seems that he may also be making a call out to a website which is not resolving and hanging up the connection to the Vera. I owe him some testing when I get the time. He gave me a url to test on my iPhone while my VPN is connected and then while it's not.

Offline Henk

  • Hero Member
  • *****
  • Posts: 820
  • Karma: +3/-0
[How To] Disable remote access on UI4
« Reply #11 on: June 13, 2011, 01:07:59 pm »
I didn't know how else to do this on UI4/cp.mios.com.  Back on UI2/findvera.com there was an option in the user interface to disable remote access entirely.

1. On your LAN, ssh into your Vera as root.
2. Edit the file /etc/cmh-ra/cmh-ra.conf.
3. Change the 0 in this line to 1:
Code: [Select]
RA_DISABLED=04. Kill the ssh process that looks like this (99999 will be different on your Vera):
Code: [Select]
ssh -p 232 -T -y -i /etc/cmh-ra/keys/cmh-ra-key.priv -R 99999:127.0.0.1:80 cmh-ra@fwd1.mios.comOr else just reboot Vera.
5. Verify that the remote access tunnel is turned off by running ps and noting the absence of ssh processes, or by seeing this message in the output of logread:
Code: [Select]
MiOS Remote Control Service is disabled. We won't start RC tunnels.
I'd recommend doing this only if you suffer from severe paranoia about secure tunnels to remote servers that you didn't create, or if you already have a way to securely access your LAN from the Internet.  I have a proper VPN, so I'm happy to connect to my VPN before connecting to Vera.

Needless to say, put this back the way you found it if you expect to get tech support from MCV.


This will go on my to do list for How To's
Maybe i can elaborate on it using the standard cp.mios.com functions a little bit.
| Vera2 @ UI4 1.1.1350 / 3.20 | Vera Lite @ UI5 | Vera 3 @ UI5 | 2x Merten  504519 | 1x Duewi  064374 | 1x Everspring SM103 doorbell mod |1 Y-cam IP cam | various LUUP plugins |

Offline hightop32

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
Re: [How To] Disable remote access on UI4
« Reply #12 on: June 22, 2011, 11:42:26 am »
Maybe i can elaborate on it using the standard cp.mios.com functions a little bit.

maybe we can see this as a feature in the UI.   ::)

Offline Henk

  • Hero Member
  • *****
  • Posts: 820
  • Karma: +3/-0
Re: [How To] Disable remote access on UI4
« Reply #13 on: June 22, 2011, 12:22:36 pm »
Maybe i can elaborate on it using the standard cp.mios.com functions a little bit.

maybe we can see this as a feature in the UI.   ::)

Rumour has it that in the next UI the layout for local and remote (cp.mios.com) will be the same...
| Vera2 @ UI4 1.1.1350 / 3.20 | Vera Lite @ UI5 | Vera 3 @ UI5 | 2x Merten  504519 | 1x Duewi  064374 | 1x Everspring SM103 doorbell mod |1 Y-cam IP cam | various LUUP plugins |

Offline futzle

  • Beta Testers
  • Master Member
  • *****
  • Posts: 3260
  • Karma: +192/-9
Re: HOWTO: Disable remote access on UI4
« Reply #14 on: June 26, 2011, 03:12:22 am »
A warning... my disabled tunnel spontaneously decided to re-enable itself some time in the last few months.  I am going to have to put in a periodic check to prevent remote access re-enabling itself.  Nice.