Has remote web access been filtered out since the implementation of paid remote admin?
It had nothing to do with the remote admin service.
But yes several months ago they created restrictions to prevent users that are unaware of the security implications of port forwarding from doing so in a manner that exposed their hubs to anyone on the internet.
4 Likes
You can still use a VPN to get remote access and many routers support VPN capability natively.
6 Likes
Of course I know I can do that, only I would find another way to run it.
I wonder what router are you using at home and if you would rely on it to run a vpn server?
I suppose it depends on your definition of same time, but remote admin was rolled out in March.
And the port forwarding restriction was included in a platform update last month.
Six months apart, in my opinion, isn’t the same time.
They also tried to warn users about the risks of port forwarding for years (in multiple threads) prior to enacting that restriction. Because there were still hubs wide open to the internet (easily findable through sites likes Shodan).
I’m not sure if that’s an accurate term to use. I don’t think anyone’s rights have been violated here. FWIW they added some workarounds based on user feedback; I know that was to allow for some home network setups that were affected by the change and broke as a result. I’m not sure if that also allows more advanced users to enable port forwarding in a responsible way. Search through the forum for some relevant keywords in recent threads and you might be able to find what you’re looking for.
In my old home I used the OpenVPN server built into my ASUS router and it worked just fine. In my current home I have used the L2TP server built into my unifi security gateway, which also worked ok. Currently I run Wireguard on a Raspberry Pi because I like how fast it is.
8 Likes
Can't argue with the release notes, but I know for sure my port forwarding access method stopped working earlier this year (not just a month ago).
And with that being said, I would like to re-route the discussion to our main focus:
Why am I being forced to believe my port forwarding method is not safe enough, when I peronally know I made my rules safe? Unless there may be other application security issues implied..
Why should any user be forced to setup third-party vpn server in their homes for remote access, unless he/she pays for Remote Admin cloud services?
L2TP on OpenWrt Asus router?!?! You may have amased me with this solution back in 2000's, only now people are using more fast and modern solutions, like OpenVPN.
1 Like
Nope. I said I have used an OpenVPN server on my ASUS router in the past. Stock firmware.
Unifi offers an L2TP server, which I have also used. But not currently.
I don’t doubt you, but that doesnt mean Hubitat was blocking your ability to port forward earlier this year.
1 Like
We closed non-private IP range access in response to dozens of hubs being open to the world to access. There still are some, although the number is dropping. This is a security issue that has been reported. Doing nothing would be, at the very least, irresponsible. Anything is hackable given enough time/resources, and the last thing we need is hubs being a part of a botnet along with myriad of other publicly accessed IOT devices.
There are well documented, free, open source ways to access network devices on a private network. All require giving some consideration about security, like SSL and authentication/authorization, which is the whole point.
Bottom line, we're not opening the hubs to world access again.
5 Likes
That's my bad, I started skipping words when you've mentioned 'Asus router', because I know that is not even close to a reliable solution.
You don't doubt it, but you think it's my fault I hadn't setup the rule correctly. Well, the same unchanged rule was there back in the time when it worked.
I’m not saying anything is anyone’s fault.
You’re the only one claiming that someone has wronged you for their own sinister purposes. With nothing to back that up, beyond a hunch, as far as I can tell.
Edit: as for reliability of an ASUS router and it’s vpn server. Depends on your needs I’m sure. For an average home consumer that wants to periodically access devices on the LAN remotely, it worked just fine for me (and others here too).
It’s not what my workplace uses for remote access. But that’s an apples to oranges comparison.
4 Likes
This topic has been previously discussed at length in other threads, more recently here:
https://community.hubitat.com/t/added-security-is-this-a-joke/83781/23?u=bobbyd
6 Likes
