We have moved at community.getvera.com

Author Topic: Static IP..and remote access  (Read 10441 times)

Offline alecfinet

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
Static IP..and remote access
« on: August 25, 2012, 02:34:40 pm »
hello
I just got my Vera lite today (latest version 1.5.408 ) and I have been able to set it up quite easily with just one on/off device (once I have been able to understand the adding/pairing process  :-[). More devices to come…

It works fine on my local network behind a Dlink300 router but my only interest in this controller is to remote control my devices.

So I have first tried to understand how to configure a static IP but besides the nicely written section on the 2 pages document that comes with the Vera (… connect your computer using 191.16668.1.2 to Vera using 92.168.81.1) and  this page on the wiki http://wiki.mios.com/index.php/Networking_Setup:Advanced_Network_Setup in the  “Vera behind another router”  section, I have not been able to find comprehensive information  :-X.
Go to SETUP->ADVANCED->Net&Wi-Fi
= IP Address =
How can I connect to the Internet? = STATIC
Set an IP from your class ie: 192.168.81.2
Subnet Mask 255.255.255.


 
My questions:
1)   what does mean “Set an IP from your class” ?  how do I find it?
2)   Gateway: 192.168.81.1 (your router IP) : is that the LAN address of my router ( in my case 192.168.0.1) or my fix IP address 213.111.x.y?
3)   DNS: 192.168.81.1 (and your provider's DNS server)? Is it the DNS I have set in my router (8.8.8.8 the google public DNS) or something else?
4)   Should I do other settings in my router?
5)   Once I have able to configure all of the above, what IP should I use to access Vera from remote? 213.111.x.y only?


By accident I found on a blog http://www.dreamgreenhouse.com/reviews/2012/vera3lite (thank you!) that Vera was also accessible remotely using findvera.com. If fact you need to go http://miacaverde.com/setup that cannot find locally any Vera but allow you to go to https://cp.mios.com/login.php where you can login and access your Vera as if you where connected on the same local network.

this is a great feature but I am dependent on the MCV Servers. When they are down I am stuck and I have not seen anywhere any commitment from MCV to keep them up and running.
What is the official status of this feature?

Thanks in advance for your valuable inputs/answers
 

Offline garrettwp

  • Master Member
  • *******
  • Posts: 6371
  • Karma: +227/-128
  • Vera 3, Lite, ISY994
Re: Static IP..and remote access
« Reply #1 on: August 25, 2012, 02:49:12 pm »
Going to cp.mios.com will allow you to access your Vera remotely. If you open up the port for vera via your firewall to have direct access, that is a bad bad idea. You are opening yourself to a huge security risk. cp.mios.com is your best option. You can also setup a vpn or ssh server to access your vera remotely (complicated and not for the average user). Using 3rd party apps for your phone and tablet are another good option. But cp.mios.com is the best option.

- Garrett

Offline kgrr

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
  • My obsession: Totally automating my townhouse
Re: Static IP..and remote access
« Reply #2 on: August 25, 2012, 04:10:10 pm »
I've not have had any problems with the mios "Cloud"   But your dlink 300 router can be configured to report its IP address to a dynamic DNS service e.g. dydns.org  Then you can use their URL to get at your router and other devices behind it.  You can even use dyndns to hook into a custom domain name of your own.
---------------------
Vera2 (1.5.255, UI5); ACT ZRW113W; Aeon HEM, SmartSwitch, GE/Jasco 45600, 45601, 45602, 45603, 45604, 45605, 45606, 45609, 45614; Hawking HRDS1; Intermatic CA9000; Schlage BE369GR, WCE100; SQ Blaster Plus; Squeezebox; Trane TZEMT400AB32MAA

Offline radarengineer

  • Sr. Member
  • ****
  • Posts: 402
  • Karma: +4/-0
Re: Static IP..and remote access
« Reply #3 on: August 26, 2012, 11:28:09 am »
@alecfinet, first, @garrettwp is absolutely right. Just opening up a port and allowing external access to your Vera is a horrible idea.

I don't think the cp.mios.com servers (the replacement for findvera.com) are going anywhere. But if you really want to provide access without using their servers an ssh tunnel is the way to go. If you don't know what you are doing that can be very difficult. I would recommend just using cp.mios.com for now and only worrying about ssh tunnels if and when you ever have to.

However, for future reference (here I assume by Dlink 300 you mean a Dlink DIR-300 router). I'm not going to go through everything just enough so that you will know what to research to complete the setup:

Get a static LAN ip for Vera

The easiest way to assign Vera a static IP is to use the DHCP server settings on the dlink router. I think on your router this is accomplished by:

1. Slick "Setup" on the top menu
2. Click "Lan Setup" on the left hand menu.
3. Under "DHCP Reservation" fill out the name, ip, and mac for Vera. You should be able to find the mac for Vera under "DHCP client list" which is right above "DHCP Reservation"

Get a dynamic DNS for your home network

Now as @kgrr mentioned you can get a dynamic dns service. You first have to sign of for a free DDNS service on line. I use http://www.no-ip.com but I have no idea how that compares to any of the others. I just use it due to inertia (I have been using it for ten years or so). After you sign up for a service, to set this up on the router:

1. Click "Maintenance" on the top menu.
2. Click "DDNS Settings" on the left menu.
3. Enter your DDNS settings.

Set up a Linux machine

You will need some computer running an ssh daemon that is on all the time. One possibility is a small embedded arm computer (Rasberry Pi or Pogoplug). A pogoplus is the cheapest, $20 shipped and you will also need a USB thumb drive ($6-10). You will need to get linux running (for instance, see http://www.archlinuxarm.com). Then you need to lock down your ssh server. Do this before you set up port forwarding. The last time I had an non-locked down ssh accessible from the internet the machine was rooted in an hour.

Port forward ssh on your router to your linux server

First, give the Linux box a DHCP reservation like you did for Vera. Then:

1. Top menu "Advanced"
2. Left menu "Port Forwarding"
3. Set up port 22 to forward to the linux box.

On the remote machine set up an ssh tunnel to Vera through your dynamic dns name

http://www.engadget.com/2006/03/21/how-to-ssh-tunnels-for-secure-network-access/

Offline garrettwp

  • Master Member
  • *******
  • Posts: 6371
  • Karma: +227/-128
  • Vera 3, Lite, ISY994
Re: Static IP..and remote access
« Reply #4 on: August 26, 2012, 11:58:16 am »
You can use Vera as the ssh box. Just need to secure it a little more before opening the ssh port on the outside. Create a new user, setup a public / private ssh key to secure it even more. You than can ssh into Vera and port forward the http port or use the dynamic port forwarding.

- Garrett

Offline radarengineer

  • Sr. Member
  • ****
  • Posts: 402
  • Karma: +4/-0
Re: Static IP..and remote access
« Reply #5 on: August 26, 2012, 03:47:29 pm »
You can use Vera as the ssh box.

That is good to know. I'm used to dropbear being locked down (tunneling disabled) on OpenWRT routers. I just tried my Vera 3 and it looks like I was able to tunnel fine.

Offline alecfinet

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
Re: Static IP..and remote access
« Reply #6 on: August 28, 2012, 07:37:15 pm »
thank you much all for your valuable inputs...and sorry for the late return...

I understand that
- "cp.mios.com" is stable enough (but adarengineer says that "they are not going anywhere" meaning what?) to go with it but if I want to be fully autonomous I can be

- going ssh but it requires some expertise ( and I must admit that I am not an expert anymore)
- going DHCP reservation + dynamic DNS.

but based on a static IP granted by my ISP, is there a simplier way to go? in addition to the DHCP reservation what should I do?
how do I access remotely the vera then,  my fix IP address being 213.111.x.y and my Lan address being 192.168.0.1.240( outside of the DHCP default range(100 to 200).

Offline kgrr

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
  • My obsession: Totally automating my townhouse
Re: Static IP..and remote access
« Reply #7 on: October 06, 2012, 03:46:51 am »
There are several options on the table.
1) using cp.mios.com ... my strongest recommendation.  It's reliable, safe and flexible.

I have had my Vera 2 for over a year and a half now.  cp.mios.com has been rock stable for me.  I have not ever experienced problems remotely accessing my Vera from my cellphone carrier with my Android phone, or over the Internet with my laptop.

In that configuration I can *also* configure Vera locally from my LAN.  I can use cp.mios.com and it figures out that I am local, or I can use Vera's LAN address directly.

Keep in mind that Vera appears to build the tunnel *out* from your LAN to cp.mios.com.  So there is no hole in your firewall.

2) using your static IP with a hole in your firewall for port 80.  - NOT SAFE
3) using your static IP with a hole in your firewall for SSH.  Your router has to port forward port 22 (or some open port) to Vera. -- Safer, but you still only get a command line interface.
4) If you need emergency access to Vera and you need secondary access via command line, then go with option 1, but also configure a separate SSH on a non-standard port to be port forwarded to Vera as Garretwp points out below.

I have been very happy with option 1.

---------------------
Vera2 (1.5.255, UI5); ACT ZRW113W; Aeon HEM, SmartSwitch, GE/Jasco 45600, 45601, 45602, 45603, 45604, 45605, 45606, 45609, 45614; Hawking HRDS1; Intermatic CA9000; Schlage BE369GR, WCE100; SQ Blaster Plus; Squeezebox; Trane TZEMT400AB32MAA