Accessing Web Interface from another pc

[Derek Moss]

On 7 December 2013 13:18, Jon Davies <jon at hedgerows.org.uk> wrote:
> On 6 December 2013 18:28, Derek Moss <dmgi at stoptheviolence.co.uk> wrote:
>> I don't know if you could bind GI to the LAN IP instead of 127.0.0.1
>
> you can, that's exactly what the LISTEN=0.0.0.0 thing does (back at
> the beginning of the thread), but as per the notes this opens up
> access to anyone who has access to your LAN, and "access to" doesn't
> necessarily equate to being on the LAN.
>
> There are lots of different VPN-like options, something like an ssh
> tunnel would probably work better for this particular use.  But it's
> not especially easy to setup on windows.
>
> Jon

Well if some unauthorised person has access to the LAN, you've got
problems and having GI running probably won't allow them to do any
more damage than they already can. Using a VPN just allows the
authorised user to get on the LAN securely, using a certificate and
password, without having to insecurely open up ports to the Internet
to access the services directly.

I managed to get a SSH tunnel working OK on my raspberry Pi but
haven't managed to get the OpenVPN server accessible from outside yet,
despite forwarding the port, so yes it can be quite tricky. I'm not
sure of the options for setting up a SSH tunnel server on Windows
(I've used Bitvise in the past but it has a lot of options and can be
a bit tricky to setup) but OpenVPN is available for Windows, so that
might be worth trying and is more secure than SSH anyway. Running on
the RPi just allows me not to have to keep my PC on all the time or
rely on WOL to wake it up (thanks to my BT Home Hub, WOL doesn't work
from outside the LAN anyway).

Derek