Trying to get me head round orenosp

Discussion in 'TiVo Series 1 - UK' started by CarlWalters, Jan 18, 2005.

  1. CarlWalters

    CarlWalters Yo Ho TiVo!

    644
    0
    Oct 17, 2001
    RG4,...

    Advertisements

    as in the subject line - I'm trying to install orenosp using the instructions listed here however the version o0f orenosp that I have downloaded seems to be 0.8.3 and the sproxy.conf file looks a bit different.

    Does anyone have an idiot's guide which covers the changes that need to be made to this newer flavour of sproxy.conf file

    I'm happy enough about the changes that need to be made to

    # listen port
    proxy_listen_name = lis-ssl 0.0.0.0@443 https

    but everything else seems different
     

    Attached Files:

  2. Fatbloke

    Fatbloke New Member

    620
    0
    Feb 26, 2002
    Deepest Barking
    not quite what you asked - but here's the version I used.

    orenosp038_e
     
  3. CarlWalters

    CarlWalters Yo Ho TiVo!

    644
    0
    Oct 17, 2001
    RG4,...
    thanks very much - I'll give it a go tonight! I couldn't find an earlier version. I presume there's no problem using this as opposed to the latest all singing version?
     
  4. Fatbloke

    Fatbloke New Member

    620
    0
    Feb 26, 2002
    Deepest Barking
    Mine happily does the job and has never crashed as far as I'm aware.

    btw - here's the CFG I use:

    192.168.1.200 being my Tivo IP.
    replace LOGON_ID and XXXXXXXX of course.
     
  5. elvistheking

    elvistheking New Member

    29
    0
    Sep 10, 2004
    Sunny...

    Advertisements

    Has anyone had any joy getting the gtOrenoPC (the Orensop powered VNC/RDP proxy) to also do reverse proxying for Tivo?

    Stephen
     
  6. CarlWalters

    CarlWalters Yo Ho TiVo!

    644
    0
    Oct 17, 2001
    RG4,...
    OK - well I think it's working now I can certainly go to
    https://mydomain.dyndns.org:xxxx/ and get to TiVoWeb. But I do then get a message that says something along the lines of

    "The server's certificate chain is incomplete, and the signer(s) are not registered. Accept?"

    and then something about

    "the certificate for "localhost" is signed by the unknown certificate authority "Orenosp Auto-Generated CA xxxxxxxxxxxx". It is not possible to verify that this is a valid ...

    Should I worry about this?
     
  7. Fred Smith

    Fred Smith Still learning

    779
    0
    Oct 5, 2002
    Reading,...
    Well I don't worry, I get the second message and it all still works fine with these browsers: IE 6, Firefox 1 and Pocket IE. The only problem it causes me is that my mobile phone browser (Nokia 5140) keeps re-displaying it throughout a manual record input. So it's just a nuisance on the odd occcasion I use the mobile. I have not seen the first message but maybe thatÂ’s because you are using later version of Orenosp to me.
     
  8. iankb

    iankb New Member

    6,468
    0
    Oct 9, 2000
    Reading, UK
    That's because you haven't bought a site certificate from a trusted authority such as Verisign or Thawte. There's no point in wasting money by doing that, since you know that your site is a trusted one. If you wanted to, you could generate your own certificate using Microsoft tools, but it still wouldn't be trusted by anybody but you.

    What's important is that you are using SSL, which negotiates a strong encryption key for hiding the entry of your username and password from nosy hackers.
     
  9. CarlWalters

    CarlWalters Yo Ho TiVo!

    644
    0
    Oct 17, 2001
    RG4,...
    OK - excellent. I shan't worry about that then :D

    Now my next problem is when trying to access TiVoWeb from work (with Opera) which is the whole point - I navigate to

    https://mydomain.dyndns.org:xxxxx

    I get an error message

    HTTP 502 Proxy Error - The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
    Internet Security and Acceleration Server.


    Is this a problem with my work's setup or can I get around it by using the standard SSL port 443? I used a non standard port xxxxx as suggested in the orenosp set-up description.
     
  10. B33K34

    B33K34 ENABLED!

    439
    0
    Feb 9, 2003
    London
    The easy answer to this one is to try using 443!

    My attempts to forward other ports through my Netgear router were unsuccessful and i figure it's secure enough.

    Currenly i'm using the supplied Certificate. A brief look at the instructions for generating my own with the tools supplied with orenosp established that it would need a bit of time to work out. Is it worth the effort or is the orenosp "test" certificate enough?
     
  11. CarlWalters

    CarlWalters Yo Ho TiVo!

    644
    0
    Oct 17, 2001
    RG4,...
    does anyone have any idea how I could test whether an https://xxxxxx:443 address would work from here at my work PC? Is there a site I could browse to to check?
     
  12. iankb

    iankb New Member

    6,468
    0
    Oct 9, 2000
    Reading, UK
    The only benefit of having a personalised certificate is that anybody connecting to your site with SSL is assured that they haven't been redirected to some other place, where somebody could attempt to grab your login or other details. However, unless you buy a trusted certificate, anybody could create a certificate with your details, and so that doesn't really solve anything. Apart from the cost, a trusted certicate is only issued when they have performed Dun & Bradstreet checks, etc, on your company to prove who you say you are.

    Since there is no commercial reason for somebody to impersonate your site, I wouldn't worry.
     
  13. iankb

    iankb New Member

    6,468
    0
    Oct 9, 2000
    Reading, UK
    You don't need to specify port 443 if you prefix the URL with htpps, since that is the default. Your company firewall will almost certainly allow port 443 out, since you wouldn't be able to use sites that require creditcard entry, etc, without it.

    The problem with using non-standard ports sounds like it might be an issue with a software firewall on your home PC. Are you running Windows XP SP2 firewall, Norton Internet Security, or similar? It would be best if your router allows you to translate a high-numbered port to port 443 when you specify port redirection, since port scanners are less likely to check high-numbered ports.
     
  14. Fatbloke

    Fatbloke New Member

    620
    0
    Feb 26, 2002
    Deepest Barking
    If your work is anything like mine (bank) then you'll only have port access to 80 (http) 443 (https) and 21 (ftp).
    This has forced me to set my router to accept 443 as an incoming port, forwarding it to the PC running orenosp.

    I'd ensure your setup runs correctly on 443 before trying anything else.

    internet https-->port 443 on router --> port x on pc via port forwarding on router --> port xx on Tivo via port forwarding on orenosp.
     
  15. iankb

    iankb New Member

    6,468
    0
    Oct 9, 2000
    Reading, UK
    Actually, it's almost certainly a company firewall problem, since they appear to be using a proxy server to access the internet. Fatbloke is right in that you'll probably have to use port 443.
     
  16. CarlWalters

    CarlWalters Yo Ho TiVo!

    644
    0
    Oct 17, 2001
    RG4,...
    so I'd do something like

    • net stop orenosp
    • edit sproxy.conf to listen on port 443
    • net start orenosp?
    • change netgear router port forwarding to forward port 443 to orenosp
    • orenosp already forwards to TiVoWeb on port 80
     
  17. B33K34

    B33K34 ENABLED!

    439
    0
    Feb 9, 2003
    London
    That sounds right to me.
     
  18. Fatbloke

    Fatbloke New Member

    620
    0
    Feb 26, 2002
    Deepest Barking
    Agreed - the most important bit is that your router is listening to 443 from Internet traffic. This will (hopefully) be allowed by your work's firewall. Once it's in the router, that could then send in to port 666 for example where you could change orenosp to be listening. But tbh, it's more straight forward to keep them on the same ports :D
     
  19. steford

    steford New Member

    179
    0
    Oct 9, 2002
    Anyone got tunnelling set up in orenosp? Tivo, xbox and router all available over my secure connection but I use remote ABC (a non http client for ABC) which I'd like to securely tunnel (and possibly telnet). My IP webcam also loses picture when I use orenosp to access it. Seems there's some way to run a Java applet from my server on my local machine and "VPN" via orenosp that way. Looks rather complicated though.
     
  20. CarlWalters

    CarlWalters Yo Ho TiVo!

    644
    0
    Oct 17, 2001
    RG4,...
    OK :) I have changed everything as suggested so that it all works from port 443. I can access TiVoWeb OK from my PC using https://mydomain.dyndns.org:443/ and
    using my mobile phone (Sony Ericsson K700i) I can also go to https://mydomain.dyndns.org:443/ and I get asked to enter Username and Password (which can then be saved on the phone) and to my amazement I got the top level of TiVoWeb - on my phone!!! How cool is that! :D Dead exciting.

    But - and there's always a but with me isn't there :) - I could navigate the top level of TiVoWeb but when I clicked on any of the main menus ("Search", "User Interface" etc) I just kept getting the top level menu. ie I couldn't navigate down to any of the useful bits.

    I think my phone understands HTML (must do if it can see TiVoWeb menu I suppose). I'm not running TiVoWebWAP at all (and I don't think I need to). Any ideas why I can't go down a menu level?
     

Share This Page

spam firewall

Advertisements