1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TiVo Stream via VPN?

Discussion in 'TiVo Stream' started by davezatz, Sep 7, 2012.

  1. Sep 26, 2012 #41 of 135
    cipherwar

    cipherwar New Member

    6
    0
    Jan 11, 2012
    You really shouldn't be using PPTP as a VPN protocol. It is horribly insecure. You should use either a SSL or IPsec vpn.

    http://www.cso.com.au/article/43203..._crack_widely_used_pptp_encryption_under_day/

    There is even a web service to auto crack PPTP so the attacker doesn't even need to be technically literate:
    CloudCracker.com

    Using PPTP is only marginally better than connecting your private network directly to the Internet.
     
  2. Sep 27, 2012 #42 of 135
    windracer

    windracer joined the 10k club

    11,580
    3
    Jan 3, 2003
    St. Pete, FL
    I wrote this up tonight in a lot (maybe too much, I tend to ramble) more detail here, but in a nutshell I was able to get the TiVo iOS app to work over an OpenVPN connection on my iPhone over 3G.

    What I used:
    • Buffalo WZR-HP-G300N wireless router running DD-WRT v24-sp2
    • the TiVo app for iOS (tested v2.0.1 and v2.0.2)
    • iPhone 4S running iOS 5.1.1 (jailbroken)
    • GuizmOVPN v1.1.8-pre1 (trial)
    • My3G v5.3.2 (trial)
    • xCon v37~beta8

    I configured OpenVPN on my router (I had been using PTPP until now for basic remote access) and configured the GuizmOVPN client on my iPhone likewise. I had to use My3G because the TiVo app checks if it's not on Wi-Fi and My3G works around that. As of v2.0.2 of the TiVo app xCon isn't necessary to just run the app, but I'm guessing you'd still need it if you own a Stream.

    The end result?

    [​IMG] [​IMG]
    [​IMG] [​IMG]

    Here's the kicker, though. I only got it work over WiFi once. I was testing at Starbucks last night and got it working over WiFi on my iPhone. Then I tried my iPad and it wouldn't detect any DVRs. Went back to my iPhone and it wouldn't detect any DVRs either. Tried over and over and could not replicate my initial result. 3G always seems to work though. :confused: I tried a few other WiFi hotspots and could not get the app to detect any DVRs so I can only assume it's something with their config messing with the multicast DNS relay through the tunnel.

    I don't own a Stream so I couldn't test that, but hopefully this gives people some ideas and a place to start! :up:
     
  3. Sep 28, 2012 #43 of 135
    drewfidelic

    drewfidelic New Member

    11
    0
    Feb 10, 2010
    I have the Stream sort of working over a VPN wi-fi connection! But only sort of -- possibly because the connection at the remote end is slower (getting about 14 Mb/s down on speedtest on iPhone, vs. a 35 Mb upstream Fios connection at the home end, where the Tivo and Stream are.)

    This is only part of the way there. I don't have it yet set up to work without a computer alongside the iOS device on the remote side, nor is it working well. I haven't yet managed to successfully download anything to my iPhone and streaming is stuttery.

    I can write up some actual details tomorrow, but I'm thrilled to have gotten this working to the point that I have.

    If the standard Apple VPN tools passed Bonjour packets across the VPN, this would be a snap, but of course, that doesn't quite work. The problem with connecting to Tivo over a VPN has to do with how the VPN routes the Bonjour announcements.

    Here's what I did:
    1. I have a Mac at home running Mountain Lion (10.8) Server (on the same wired network as the Tivo and stream), where I set up a L2TP VPN and connected to that VPN on the iPhone.

    2. Run Network Beacon on the remote end on a Mac laptop. This is repeating all of the Bonjour information that I found on the Tivo in Bonjour Browser. This computer is not connected to the VPN, but is on the same WiFi network with the iPhone.

    3. Launch the Tivo app. The Tivo shows up and is ready to stream. With more bandwidth on this end, it might have even worked.

    The next step that I need to figure out is using the DNS on Mountain Lion Server to send the Tivo Bonjour broadcasts to the VPN connected clients, which would obviate the need for a remote computer to be part of the mix.
     
  4. Sep 28, 2012 #44 of 135
    Dan203

    Dan203 Super Moderator Staff Member TCF Club

    37,454
    168
    Apr 17, 2000
    Nevada
    Is OpenVPN only possible on a jailbroken iOS device?

    Dan
     
  5. Sep 28, 2012 #45 of 135
    Fofer

    Fofer XenForo Rocks! TCF Club

    82,109
    293
    Oct 29, 2000
    I believe so.

    I now have QuizmoVPN installed. And how do I import a configuration file for it? Is this generated on the VPN server itself, like perhaps a Buffalo WZR-HP-G300N wireless router running DD-WRT?
     
  6. Sep 28, 2012 #46 of 135
    windracer

    windracer joined the 10k club

    11,580
    3
    Jan 3, 2003
    St. Pete, FL
    The configuration file for GuizmOVPN is just a plain text file with a .ovpn extension that contains the various OpenVPN directives. But if you're using certificates for OpenVPN, you can put the three certificates (your CA certificate and your client's certificate and key) plus the config into a ZIP file and then import it into GuizmOVPN. You don't have to use certificates for OpenVPN, but that was the way I did it.

    For DD-WRT, you configure the OpenVPN settings under Services > VPN (this creates the server config file) and then paste in the contents of the certificates it needs into the proper fields.
     
  7. Sep 28, 2012 #47 of 135
    Fofer

    Fofer XenForo Rocks! TCF Club

    82,109
    293
    Oct 29, 2000
    Me too! :up:

    I'd previously had this same setup in order to trick the TWCable (live TV) app to think I was at home, and it works great.

    [​IMG]


    I use the iPad's built-in VPN dialer to connect to EasyVPN on an iMac, and now that app works for me over external WiFi or 3G (with 3G Unrestrictor installed.) I also needed some other tweak called "FakeTimeWarner" allow TWCableTV to run on a jailbroken device, with VPN enabled.


    So I tried this, in order to get TiVo working when I am away from home, as this is far more interesting to me than live TV. My router is a Time Capsule, and on this unit DMZ is called "Default Host."

    [​IMG]

    I set it to point to the IP address of the iMac running Easy VPN. And yet, when I am on a remote network, and I connect to home via VPN, and then launch the TiVo app, it scans for and does NOT find my TiVo. It only lets me operate in "Away" (or "Guest") mode. I'm never able to connect to my Premiere in order to stream anything.

    I don't want to have to change my router... I'm just wondering if there's anything I might be missing here, or anything else I should try?
     
  8. Sep 28, 2012 #48 of 135
    Fofer

    Fofer XenForo Rocks! TCF Club

    82,109
    293
    Oct 29, 2000
    Thanks so much for this. If I can't get EasyVPN working with the built-in iOS dialer to get TiVo to work as I've wished for years (as I have for TWCable's app) then I will dive in deeper with GuizmoVPN and some other kind of VPN server.
     
  9. Sep 28, 2012 #49 of 135
    windracer

    windracer joined the 10k club

    11,580
    3
    Jan 3, 2003
    St. Pete, FL
    I'm not clear on how wombat94's setup is working over PTPP. From what I've read (and in my experience), multicast DNS (Bonjour) traffic will just not go over a PTPP connection. Also, he mentions he launched the TiVo app via a VPN connection over 4G. The TiVo app will not work over a 3G connection, it's WiFi only. So I'm guessing he's jailbroken and was using something like 3G Unrestrictor or My3G like I did in my test.
     
  10. Sep 28, 2012 #50 of 135
    Fofer

    Fofer XenForo Rocks! TCF Club

    82,109
    293
    Oct 29, 2000
    Yes, I hear ya. I am jailbroken and I have 3G Unrestrictor installed. I also tried via external WiFi though. I guess I'll keep tinkering and monitoring this thread for more breakthroughs and tips.

    I'd love to learn of the most consistent way to get this working, if possible. And if I can use the existing equipment and software I already have, that'd be great.
     
  11. Oct 2, 2012 #51 of 135
    notyou

    notyou New Member

    63
    0
    Oct 9, 2001
    Ahhhh, I had it working too a few nights ago (details below) -- tested over my super-slow 3G tethering. But then I stupidly upgraded the TiVo app last night and trying it from work today it fails. I wonder if they are now forcing a Bonjour scan when you switch networks.

    Anyways, here's how it was working with the TiVo version *PRIOR* to 2.0.2 (09/26/2012):

    • Set up VPN on an old G3 Tower running 10.5.
    • Followed these instructions: http://stormrook.com/2010/05/31/setting-up-a-vpn-server-on-osx/
    • Configured my Belkin firewall to forward UDP ports 500, 1701 and 4500 to the tower.
    • Connected iPad to TiVo over my local area network.
    • Switched to a different app.
    • Connected iPad to my 3G tethering Android.
    • Switch back to TiVo app.
    • Watch the Jeopardy stutter and buffer and play in 10 seconds bursts. Yeah, it's not really optimized for slow cell networks.

    Ok, now I'm going to try to set up Network Beacon. Fun fun fun.
     
  12. Oct 2, 2012 #52 of 135
    notyou

    notyou New Member

    63
    0
    Oct 9, 2001
    Heya Cipher and others -- does anybody happen to know the Ports I should map these services to? Thanks!
     
  13. Oct 2, 2012 #53 of 135
    notyou

    notyou New Member

    63
    0
    Oct 9, 2001
    Hey Drew -- this sounds very promising. Could you please post your Network Beacon settings? I got the Services from Cipherwar's post, but I don't have the ports.

    Thanks!
     
  14. Oct 2, 2012 #54 of 135
    drewfidelic

    drewfidelic New Member

    11
    0
    Feb 10, 2010
    Download Bonjour Browser from http://www.tildesoft.com/ to get the specific IP addresses, Tivo software and serial number info.

    _tivo-device._tcp. uses port 80
    _tivo-remote._tcp. uses port 31339
    _tivo-videos._tcp. uses port 443
    _tivo-videostream._tcp. uses port 443
    _http._tcp. uses port 80
    _tivo-xcode._tcp. uses port 49152

    The service name is the Premiere name (and proxied in Network Beacon using the Premiere's IP address) except for tivo-xcode which uses the Stream's name. There are two instances of the _http._tcp., one for the Premiere, the other for the Stream.

    I've successfully streamed remotely over VPN, but the video wasn't entirely smooth. Going back to try a second streaming session or download later, I couldn't reconnect to the Stream. I think there may be other discussion between the Stream and the iOS app when they pair that I'm not getting routed across the VPN.
     
  15. Oct 19, 2012 #55 of 135
    GTXgp

    GTXgp New Member

    12
    0
    Oct 19, 2012
    Dallas, TX
    I have had my TiVos now for a few months and I am quite happy with them. In fact, I am flying to my mom's next week to convert all of her STBs to TiVo's because she is frustrated with Cox's STBs. One feature I have been looking forward to is the Stream because I was under the impression that it would stream when not at home (like Sling). Obviously I was disappointed that is not the case.

    My first reaction was to VPN into my home network, which after some frustration with iOS's VPN, did get connected to a Windows 7 VPN. I have DD-WRT on my router but was unable to get iOS to connect to it. I am having the same TiVo Stream connection issues as the rest of you. I will be taking several multi-week trips over the next year and having this work remotely would be a real benefit.

    I did manage to get this to work once, but have been unable to repeat since.

    What did you do to get it working? What about forwarding 80, 31339, 443, 49152 from the router to the VPN server?
     
  16. Oct 20, 2012 #56 of 135
    mitchk03

    mitchk03 New Member

    1
    0
    Jan 21, 2008
    I too have been playing around with this. I'm using a Sonicwall TZ100 and the VPN client on the iPad.

    I connected via a neighbor's WiFi, fired up VPN and have the same experiance as others. If I had the TiVo app open and running on my network before I flipped over to my neighbor w/ VPN, The TiVo app works. But, if you close the app and reopen, no joy.

    I think this may have less to do with ports than it does with the iPad's VPN. While still on VPN, I went to Safari and entered TiVo IP addresses in my Home. I get to them. I think entered the IP address of my neighbors router. I can get to it. This I think is the problem.

    I know that my VPN server assigned me an IP on my home network. If I can still Browse to my Neighbors IP's (his router) then all IP traffic is not being properly forwarded to MY network.

    This causes the TiVo app to know something's fishy. It's looking on the local network addresses, not being properly sent through the VPN Tunnel.

    That's my theory.

    Thoughts?

    -mk
     
  17. Oct 21, 2012 #57 of 135
    GTXgp

    GTXgp New Member

    12
    0
    Oct 19, 2012
    Dallas, TX
    I agree. If it was a simple Bonjour or Multicast issue then we shouldn't be able to fool the app by not completely closing it before logging in to VPN.
     
  18. Oct 21, 2012 #58 of 135
    SandDune

    SandDune New Member

    21
    0
    Apr 7, 2007
    Kenmore, WA
    Check and make sure "Send All Traffic" in the VPN Configuration is set to On. If its On, and you're still seeing stuff inside you're friends network, something is fishy in the VPN client (assuming your friends network isn't routable from the outside world).
     
  19. Oct 24, 2012 #59 of 135
    GTXgp

    GTXgp New Member

    12
    0
    Oct 19, 2012
    Dallas, TX
    Unfortunately, the iOS VPN client is not very robust and does not allow for much troubleshooting. However, there is a "send all traffic" tab that is set on by default.
     
  20. Oct 25, 2012 #60 of 135
    wkearney99

    wkearney99 Bill Kearney

    1,919
    3
    Dec 5, 2003
    Bethesda,...
    Also be sure your network devices properly handle multicast traffic. Many interfaces based on Realtek chips do a terrible job of handling multicast packets. The only ones I've found that do it reliably are Intel-based network chipsets.

    I wouldn't hold out a lot of hope for getting it to work over a VPN. Too many variables and too much dependency on the software not screwing it up. Multicast is very poorly understood and often very badly implemented in software.
     

Share This Page