Get access to HDD connected to RT-AC87U via SFTP (WAN)

harrenkyym

New Around Here
Hi, everyone! I'm new here -and in this little world of tweaking the router-. I've read a lot of posts and I think I am in a very advanced point of what I want to reach.

My goal: to have my own video library at home, using Kodi, for the whole family and even to make it accessible where I'm who knows where.

So it must be very very very secure++++++ because sharing this kind of files is obviously illegal and I don't want to finish in jail. What I've done until now is installing Entware (and a few scripts like Diversion, Skynet, etc) and the SFTP server.

Here's my router's config:

What I have realized is that it goes back to LAN only (I've had to switched to LAN+WAN twice) I don't know why.
I have a very important question at this point: how can I secure, really really secure my net? I've generated an ssh key but I don't really know what to do with it (I have a file called id_rsa and another one id_rsa.pub in a ssh folder) and I also have the randomart image. I'm also interested in not using my router user+pass for logging to the "server" because it's possible that I'll share it with my sister so my nephews can enjoy it too, but just them, as I said I don't want to finish behind bars.

I've done a test (https://www.infobyip.com/sshservertest.php) and it says it's ok:
Connected to xxx.xxx.xxx.xxx:53478
Server fingerprint is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I've also used WinSCP to connect to my public IP and my local IP and it was successful, I can browse through my HDD. With Kodi, after installing the compatibilty with SFTP, I can get to it too.

Where comes the problem? I tried to connect to my own "server" using Solid Explorer in Android and it was OK, but I was using my wifi to do it, so at the end it was kind of local, so I swapped to 4G and I tried to do the same and THERE came the problem. I can't connect and I don't know how to do it.

Can someone help me, please? Thank you very much.

PS: If there is a way to have my own video library with a different protocol much more secure, I'm open to it too. Thank you again!

EDIT: I registered in no-ip.com and it seems it solved the main problem, right now my Galaxy S8 using 4G is playing a movie from my hdd connected to the router. So the thing now is... to have a paying DDNS is worthy? I have to say the streaming (x265 with low bitrate, kind of yify) is absolutely perfect. But I don't know, maybe paying it makes it safer (no clue about that).
I still have the problem of LAN+WAN swapping back to LAN only and my concern about the security of this at this stage. Thank you again.

-----------------
 
Last edited:

bbunge

Very Senior Member
Hi, everyone! I'm new here -and in this little world of tweaking the router-. I've read a lot of posts and I think I am in a very advanced point of what I want to reach.

My goal: to have my own video library at home, using Kodi, for the whole family and even to make it accessible where I'm who knows where.

So it must be very very very secure++++++ because sharing this kind of files is obviously illegal and I don't want to finish in jail. What I've done until now is installing Entware (and a few scripts like Diversion, Skynet, etc) and the SFTP server.

Here's my router's config:

What I have realized is that it goes back to LAN only (I've had to switched to LAN+WAN twice) I don't know why.
I have a very important question at this point: how can I secure, really really secure my net? I've generated an ssh key but I don't really know what to do with it (I have a file called id_rsa and another one id_rsa.pub in a ssh folder) and I also have the randomart image. I'm also interested in not using my router user+pass for logging to the "server" because it's possible that I'll share it with my sister so my nephews can enjoy it too, but just them, as I said I don't want to finish behind bars.

I've done a test (https://www.infobyip.com/sshservertest.php) and it says it's ok:
Connected to xxx.xxx.xxx.xxx:53478
Server fingerprint is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I've also used WinSCP to connect to my public IP and my local IP and it was successful, I can browse through my HDD. With Kodi, after installing the compatibilty with SFTP, I can get to it too.

Where comes the problem? I tried to connect to my own "server" using Solid Explorer in Android and it was OK, but I was using my wifi to do it, so at the end it was kind of local, so I swapped to 4G and I tried to do the same and THERE came the problem. I can't connect and I don't know how to do it.

Can someone help me, please? Thank you very much.

PS: If there is a way to have my own video library with a different protocol much more secure, I'm open to it too. Thank you again!

EDIT: I registered in no-ip.com and it seems it solved the main problem, right now my Galaxy S8 using 4G is playing a movie from my hdd connected to the router. So the thing now is... to have a paying DDNS is worthy? I have to say the streaming (x265 with low bitrate, kind of yify) is absolutely perfect. But I don't know, maybe paying it makes it safer (no clue about that).
I still have the problem of LAN+WAN swapping back to LAN only and my concern about the security of this at this stage. Thank you again.

-----------------
SSH access from WAN is asking for trouble! Use VPN to connect to the LAN from outside then to the drive with SMB. Better yet get a NAS which has much better performance for file storage and just might have secure web access.
 

dosborne

Very Senior Member
just might have secure web access
Some will also have a Plex server (or equivalent), video transcoders, etc although I prefer the simple VPN to internal samba myself.

I don't really like Plex, but it can solve playback issues by transcoding the content for lower bitrate to allow for slower connections, make the files more portable, etc
 
Last edited:

dosborne

Very Senior Member
So the thing now is... to have a paying DDNS is worthy
Personally I wouldn't bother. Some ISPs offer a static IP for next to nothing ($4/MTH) or use one of many free DDNS servers. I have a static IP from one ISP and use the Asus free DDNS for another ISP. Unless you encounter a specific issue, free should be fine.
 
Last edited:

Jack Yaz

Part of the Furniture
Skynet will be responsible for changing SSH back to LAN only.

Use plex and its remote access. Much more secure than exposing a nerve like ssh/sftp over the Internet.
 

harrenkyym

New Around Here
SSH access from WAN is asking for trouble! Use VPN to connect to the LAN from outside then to the drive with SMB. Better yet get a NAS which has much better performance for file storage and just might have secure web access.
What about setting my own VPN? I've been investigating and yet it's not easy, it's something I could do, but I still having doubts about the privacy.

Some will also have a Plex server (or equivalent), video transcoders, etc although I prefer the simple VPN to internal samba myself.

I don't really like Plex, but it can solve playback issues by transcoding the content for lower bitrate to allow for slower connections, make the files more portable, etc
I don't like Plex either + my idea is to use Kodi.

Personally I wouldn't bother. Some ISPs offer a static IP for next to nothing ($4/MTH) or use one of many free DDNS servers. I have a static IP from one ISP and use the Asus free DDNS for another ISP. Unless you encounter a specific issue, free should be fine.
Free then, ok.

Skynet will be responsible for changing SSH back to LAN only.

Use plex and its remote access. Much more secure than exposing a nerve like ssh/sftp over the Internet.
As I said I'm not a Plex fan as I want to use Kodi (there is a scraper which is cornerstone for me), but just using Plex server resolves my "problem" (or Emby, another good option in this case, which one would be better?)?


Thank you all, guys!
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top