Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: UPnP Server not connecting through https (Read 4441 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

UPnP Server not connecting through https

I don't know if this is discussed anywhere else before so allow me to start a new post.

I've been using UPnP server for years and it works great, both locally and remotely from PC and phone. But one thing I never get is that it only works with http connection.
I set up the port forwarding myself, I don't use BubbleUPnP Server. But even when I use it only http works, even though it states in the manual to use https whenever possible.

I would like to connect through https since it is supposedly to be safer. Does anyone have an answer to this problem?

Re: UPnP Server not connecting through https

Reply #1
Which component are you using - foo_upnp?

Quote from: predator on
...even though it states in the manual to use https whenever possible.
Which manual?

This post:
Quote from: YuriG on
There is an issue with foobar2000 extension. It streams media files via http rather than HTTPS even when it is configured to use secure connection. Is that a known issue? Is there a workaround?
...never received an answer.

To implement an HTTPS-capable server is not trivial.  The protocols used to initiate an encrypted link involve obtaining an SSL certificate from a relevant authority, and renewing the certificate periodically.  Unless you maintained that on your server, you would find the link suddenly not working until you got the certificate renewed... and as you are using this for remote access, presumably you wouldn't be in the right place to do that!

Quote from: predator on
I would like to connect through https since it is supposedly to be safer.
HTTPS provides end-to-end encryption.  That means nobody should be able to eaves-drop on the communications, or inject false information.  Obviously important for (say) financial transactions, but is it important for streaming some audio?  Is the inconvenience of running an HTTPS server worth it for the limited benefit?

I would be more concerned about having opened a port through my router at all.
It's your privilege to disagree, but that doesn't make you right and me wrong.

Re: UPnP Server not connecting through https

Reply #2
Thank you for replying.

Quote from: fooball on
Which component are you using - foo_upnp?
Yes.

Quote from: fooball on
Which manual?
The instruction of BubbleUPnP Server on how to connect with foobar2000. http://www.bubblesoftapps.com/bubbleupnpserver2/docs/connect_with_foobar2000.html

Quote from: fooball on
To implement an HTTPS-capable server is not trivial.  The protocols used to initiate an encrypted link involve obtaining an SSL certificate from a relevant authority, and renewing the certificate periodically.  Unless you maintained that on your server, you would find the link suddenly not working until you got the certificate renewed... and as you are using this for remote access, presumably you wouldn't be in the right place to do that!
Okay. Looks like it's another completely different subject that's beyond my knowledge. It looks like some routers can get a SSL certificate for their own DDNS but mine does not support that function. Don't know if there is a way to get one without using the router...

Quote from: fooball on
HTTPS provides end-to-end encryption.  That means nobody should be able to eaves-drop on the communications, or inject false information.  Obviously important for (say) financial transactions, but is it important for streaming some audio?  Is the inconvenience of running an HTTPS server worth it for the limited benefit?
I am fine with http since I've used it for years but just become curious about why https never worked when BubbleUPnP instruction mentioned it like it should work. I am just trying to learn new things and, if possible, make it better.

Quote from: fooball on
I would be more concerned about having opened a port through my router at all.
I thought to stream remotely you must open a port anyway. BubbleUPnP Server does the same thing. It just opens a port for you instead of you go into the router and open one yourself. And since https does not work with BubbleUPnP (in my case), I don't see using BubbleUPnP Server any safer than opening a port for my own.
Is there supposed to be a proper way to stream remotely?

Re: UPnP Server not connecting through https

Reply #3
Quote from: predator on
Okay. Looks like it's another completely different subject that's beyond my knowledge. It looks like some routers can get a SSL certificate for their own DDNS but mine does not support that function. Don't know if there is a way to get one without using the router...
I think you misunderstand.  If Bubble can provide a HTTPS connection, then it has the ability to do everything I was saying.  The router is just a conduit, it's not involved (except that you have to tell the firewall to let these transactions through).  If foo_upnp doesn't have that facility, then you can't use it to serve an HTTPS connection.

Quote from: predator on
I thought to stream remotely you must open a port anyway.
Yes, if you want to serve to outside your home network then you do have to enable a port through your router.  What I am saying is that by doing so you are exposing your home network to another risk of exploitation.  The firewall in the router normally blocks all access attempts initiated from outside.  Bots are constantly testing for open ports to try to exploit.

Nothing will happen so long as the "listener" for that port has no exploitable bugs, but the bots are probing for ports associated with software listeners with known exploits.  These will be more common for something like Internet Explorer than they will be for Bubble or FB2K, but you can't rule it out although Internet Explorer will be under much more scrutiny by the hackers.

Quote from: predator on
BubbleUPnP Server does the same thing. It just opens a port for you instead of you go into the router and open one yourself.
I'm not aware of how it can do that.  It would need the router admin password and then the ability to negotiate with whatever variety of router the user has.  There must be something else going on.  A quick skim of the Bubble configuration instructions indicates the user is instructed to open the port themselves, presuming the connection tests fail.  If the user hasn't had to open the port, then the router is not blocking external accesses in the first place (AFAIK all modern routers have a built-in firewall).

Quote from: predator on
And since https does not work with BubbleUPnP (in my case), I don't see using BubbleUPnP Server any safer than opening a port for my own.
HTTPS does not secure your system from external hack attempts, it only secures your transactions from eavesdroppers.  Nonetheless, I think if you were to go through the FAQs carefully, you should be able to get HTTPS working on Bubble.  That said, Bubble appears to be overkill if all you want to do is access FB2K.
It's your privilege to disagree, but that doesn't make you right and me wrong.

Re: UPnP Server not connecting through https

Reply #4
foo_upnp hasn't been updated since 2015, so I would definitely be using BubbleUPnP server for internet access (it's built for it). You could always ask the question on the BubbleUPnP forum and I'm sure he'll tell you just how bad an idea using foo_upnp for internet access is.

I would suggest using WireGuard/Tailscale but if you're accessing it from another computer I doubt you want all the traffic going through your home lan, and I don't believe it can tunnel just an app/port.

Re: UPnP Server not connecting through https

Reply #5
Indeed, so I gather BubbleUPnP would provide the external portal through to DLNA servers on the home network, including foo_upnp?
It's your privilege to disagree, but that doesn't make you right and me wrong.

Re: UPnP Server not connecting through https

Reply #6
Quote from: fooball on
Indeed, so I gather BubbleUPnP would provide the external portal through to DLNA servers on the home network, including foo_upnp?
I use BubbleUPnP server for proxying my renderers to add OpenHome functionality rather than internet access, but looking at the configuration page it states "Make this Media Server available in BubbleUPnP for Android and foobar2000 for Internet access", so there are limitations, but foo_upnp states "accessible from the Internet (only from foobar2000 or an iPhone/iTouch with PlugPlayer)", so as long as you're using BubbleUPnP or foobar2000 you should be good, but like I said, I'd still feel a little uncomfortable going down this route, especially if my server was running on Windows (I use MinimServer on Ubuntu).

Re: UPnP Server not connecting through https

Reply #7
Quote from: fooball on
I'm not aware of how it can do that.  It would need the router admin password and then the ability to negotiate with whatever variety of router the user has.  There must be something else going on.  A quick skim of the Bubble configuration instructions indicates the user is instructed to open the port themselves, presuming the connection tests fail.  If the user hasn't had to open the port, then the router is not blocking external accesses in the first place (AFAIK all modern routers have a built-in firewall).
When I installed and run BubbleUPnP server I could see it automatically added port 58050 and 58051 without me doing anything. I think a 2020 router is modern enough and I can see the firewall is enabled in the configuration.

Quote from: fooball on
If Bubble can provide a HTTPS connection, then it has the ability to do everything I was saying.  The router is just a conduit, it's not involved (except that you have to tell the firewall to let these transactions through).  If foo_upnp doesn't have that facility, then you can't use it to serve an HTTPS connection.
The internet connectivity test on my BubbleUPnP server passed for both http and https, so https should be working. But every time I tried to connect from foobar mobile it failed, saying network authentication error. (http worked perfectly, of course.)

Quote from: fooball on
If foo_upnp doesn't have that facility, then you can't use it to serve an HTTPS connection.
I checked back the menu of foo_upnp and it actually never mentioned about https, so the reason is it does not support https at all? I guess I was misled by BubbleUPnP when it says to use https and assumed they can both use https.

Quote from: SimBun on
I would suggest using WireGuard/Tailscale but if you're accessing it from another computer I doubt you want all the traffic going through your home lan, and I don't believe it can tunnel just an app/port.
I am already using OpenVPN from my router, but I cannot connect to my foobar media server locally. It's not like my VPN network is not connected to my local network. I can use my cellular data to locally connect to my samba share from my phone, or from my computer to foobar mobile using ftp, but I cannot connect to my foobar media server. And in the log there is a message: foo_upnp: Denied WAN request (ip: 10.8.0.6, User Agent: foobar2000-mobile/1.x).
Does anyone have an explanation to this?

Re: UPnP Server not connecting through https

Reply #8
Quote from: predator on
When I installed and run BubbleUPnP server I could see it automatically added port 58050 and 58051 without me doing anything.
That is something I need to find out about.
It's your privilege to disagree, but that doesn't make you right and me wrong.

Re: UPnP Server not connecting through https

Reply #9
Quote from: fooball on
Quote from: predator on
When I installed and run BubbleUPnP server I could see it automatically added port 58050 and 58051 without me doing anything.
That is something I need to find out about.
It looks like BubbleUPnPServer uses UPnP Port Forwarding if it's enabled on the router (which it shouldn't really be).

It implies it here:
Quote
On startup, BubbleUPnP Server attempts to make itself accessible through the Internet, but this can fail in the sense that the ‘Internet connectivity test’ will show a failure.

But it's confirmed in the advanced configuration settings:
Quote
-disableUPnPPortForwarding
    disale automatic opening of http and https port on the router using UPnP if available

Re: UPnP Server not connecting through https

Reply #10
Quote from: predator on
I am already using OpenVPN from my router, but I cannot connect to my foobar media server locally. It's not like my VPN network is not connected to my local network. I can use my cellular data to locally connect to my samba share from my phone, or from my computer to foobar mobile using ftp, but I cannot connect to my foobar media server. And in the log there is a message: foo_upnp: Denied WAN request (ip: 10.8.0.6, User Agent: foobar2000-mobile/1.x).
Does anyone have an explanation to this?
Just figured out the answer myself. When I tried to connect to the media server locally with VPN, I just added the address from the local network list that showed up when connecting to home WiFi, which did not contain username and password. And when I am using VPN to connect to media server locally, it still treats my VPN IP as WAN. And since it treats it as WAN, that means I still have to turn on the internet access from foo_upnp and enter my username and password, even though I am using local IP.

That was a stupid miss but I learned something. Now I can turn off all the port forwarding and enjoy my music safely. I appreciate everyone who tried to help me.