Synology DS could be integrated as an optional service, in this way it would be possible to access remote Synology units, for example I have a Synology NAS in the office, there I have a Moode happily connected, but the Moode I have at home does not have that luck.
I do not know the technical scope of this request, maybe it is science fiction.
(09-07-2022, 01:51 PM)Edues Wrote: [ -> ]Synology DS could be integrated as an optional service, in this way it would be possible to access remote Synology units, for example I have a Synology NAS in the office, there I have a Moode happily connected, but the Moode I have at home does not have that luck.
I do not know the technical scope of this request, maybe it is science fiction.
Speaking only for myself and not for Tim or any others of his merry band of helpers of which I count myself one.
There are two concerns I have-
1. In a quick web search, I couldn't find any public description of the "Synology DS" nor of any open-source project implementing it. Only old, opaque descriptions of Android and Apple iPhone/iPad apps. I can't figure out what's being asked for. It seems possible to me that the apps are just a Synology convenience wrapper around the existing SMB and NFS protocols in which case moOde already can access the NAS, just with an FQDN which resolves to a server outside the home LAN.
But then...
2. There are Synology posts about how to access your NAS from the Internet. Unsurprisingly, they would require creating one or more holes in your office firewall using port-forwarding. That would have been a huge no-no at my work, especially for something which is not work related.
Regards,
Kent
Thanks Kent
I think exposing SMB or NFS on the Internet is pretty much suicide, I can open a VPN on Synology, but Moode doesn't have a VPN client
Regards
Edu
Perhaps a more viable alternative would be to install an OpenVPN client on Moode.
It could be a new option within the library, a VPN address pointing to a remote folder.
Regards
Edu
It's an interesting idea and could be implemented but prolly difficult (for moOde project) to support since at least in my case there is a lack of expertise in VPN. Maybe another dev will take the idea and come up with something :-)
There are two different ideas in play in this thread.
1. Enable moOde to be a VPN client. This is not the idea I want to address in this reply.
2. Use the Synology VPN server add-on to create private access to the NAS from the Internet. This is the idea that has prompted my reply. Assuming the NAS is inside the company’s firewall, I can’t imagine this proposal being any more acceptable to an employer’s network administrators. They would still have to forward traffic between the firewall and the NAS host and trust you and Synology to “do the right thing”. When I was still working, we had a “demilitarized zone” set up in our network for public-facing services with its own bastion hosts and you had to negotiate getting a service added and administered.
Sorry if I sound like a stick-in-the-mud but like outer space the Internet is an unforgiving environment.
Regards,
Kent
I would certainly not be very comfortable with having such features available in moOde. The only reason I consider it to be secure is because it is safely on the inside of my network and cannot be seen from out side. There are so many other things I'd need to see hardened if such code was present. SSL on all the interfaces to start with.
BubbleUPnP Server has a feature that can expose a DLNA library over the internet which can run on the NAS itself, I'd recommend using that rather than inviting the internet into the moOde player.
I did a quick read of the security tech used in VPN and it appears to be equivalent to SSL but with an additional layer of encryption at the IP layer which prevents the actual IP addresses of the connection to be sniffed. The Bubble feature is prolly using a VPN to make a DLNA database accessible from the Internet otherwise it would be completely insecure.
The main issue for me and our project though has to do with taking on the responsibility of providing and supporting a feature that would enable moOde systems to be accessible from the Public Internet :-0 Prolly not going to happen but certainly another dev could provide a tutorial so users could experiment :-)