Best and easiest solution to access OMV away from home

  • Good Morning. On my current system, a NAS, I use No-IP to access services (Emby, Sonarr, the server's own GUI, etc) from outside my network. It works well but since I'm going to migrate to OMV, I'm looking for alternatives. I watched some videos and got more doubts than solutions. I thought about doing something with DDNS too, using DuckDNS, but I had problems that I still couldn't solve. Other places I researched mentioned Cloudfare and NGINX Proxy Manager but I didn't quite understand how they work or how to configure them. What suggestion do you guys give me? My idea is to configure the system, install some services and be able to access both the OMV interface and these services outside my network. What would be the best option?

  • I use a VPN server running on my router and a VPN client on my remote PCs and phones.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    • Official Post

    Purchase a cheap domain (you can get them for as little as $3 for a year)...


    If your public IP is static.. you really don't need cloudflare. If you don't have a static IP, then a free cloudflare account will help with that.


  • The best solution for services is what you already outlined. (a dynamic dns service like duckdns and a reverse proxy like nginx-proxy-manager, NPM for short going forward, with lets encrtypt enabled), however, I would refrain from exposing admin things like the OMV interface. If you need admin access use a vpn.


    It is actually very simple to set up and only required 2 ports open in your router.


    Basically you setup your services in your docker containers, VM's, etc. and have a duckdns domain such as mydomain.duckdns.org. Anything that has a web UI that you want access to gets set up in NPM with a subdomain of your mydomain.duckdns.org pointing to the ip address and port of your service (ie. emby could be emby.mydomain.duckdns.org), and you can get a lets encrypt cert for that service. You also need to forward ports 80 and 443 in your router to the NPM container whch yould be the IP of the OMV system and ports of NPM, which means you either have to move those to different container ports than 80 and 443 to avoid a conflict with the OMV UI or other stuff or move the OMV UI to a different port. (Personally, I like to move the OMV UI port)


    A reverse proxy like NPM, SWAG, Traefik, HAProxy, etc., (I prefer NPM) is essentially just a domain based router software, that directs traffic based on a domain and equates it to an IP address, similar to how a hardware router directs traffic based on an Ip address and equates it to a MAC address.

  • Purchase a cheap domain (you can get them for as little as $3 for a year)...


    If your public IP is not static.. you really don't need cloudflare. If you don't have a static IP, then a free cloudflare account will help with that.


    I didn't get it right. My IP is dynamic. In this case does Cloudflare work for me or not? I wouldn't want to have to buy a domain just for that, even if it's cheap.

    • Official Post

    I didn't get it right. My IP is dynamic. In this case does Cloudflare work for me or not? I wouldn't want to have to buy a domain just for that, even if it's cheap.

    If your IP is dynamic, then cloudflare would be an ideal situation if you PURCHASE a domain, as it will automatically update your public IP address if it changes.

    Since your IP is dynamic, most folks on this sub use duckdns and swag for their domains. There are a couple of ways to keep your IP updated with duckdns. I'm not familiar enough with no-ip to make a suggestion on what to use it with.

  • Either duckdns or no-ip have a script to keep the IP updated.


    Used no-ip before moving to duckdns.

    Its well explained on both webpages.

  • Either duckdns or no-ip have a script to keep the IP updated.


    Used no-ip before moving to duckdns.

    Its well explained on both webpages.

    Duckdns also can be kept updated with the linuxserver/duckdns docker container. It works quite well and is simple to set up. There is also a curl command documented on their website to do this.


    As for no-ip, I used to use it many years ago myself, and if I recall correctly, ddclient or inadyn can be used to keep it updated.

  • Tailscale is another VPN solution very easy to set up no need for port forwarding etc. Free for personal use up to 20 devices.

    Inwin MS04 case with 315 W PSU

    ASUS Prime H310i-Plus R2.0 board

    Two port PCI-E SATA card

    16GB Kingston DDR4

    Intel Pentium Coffee Lake G5400 CPU

    Samsung Evo M.2 256GB OS drive

    4x4TB WD Red NAS drives + 1x4TB + 1x5TB Seagate drives - MergerFS pool

    Seagate 5TB USB drives - SnapRAID parity x 2

  • I already have the DuckDNS domain and already installed the DuckDNS container. By the log he is updating the ip next to DuckDNS. However, I can't get any kind of external access. I think it has something to do with my router, a Redmi AX5. In the router interface I can put a ddns, the No-IP, and that's where I think the problem is. DuckDNS identified my external ip, the No-IP, which I configured to test, is identifying an internal port on the router. So I think it's some problem related to multiple NATs.


    Where I'm going to put the server with OMV, there is another router, an Asus, where I don't have multiple NATs problems and where I know that both DuckDND and No-IP identify the correct external IP. In that environment (I'll test it next week), just install NGinx Proxy Manager with Letsencrypt following the instructions? Will I need to install anything else?

  • Tailscale is another VPN solution very easy to set up no need for port forwarding etc. Free for personal use up to 20 devices.

    Using a VPN can I use the services normally? For example, to use the Emby client, I enter the server's IP address and port. Using VPN would it be possible to use the client or via Kodi normally? I'm not familiar with how VPNs work.

  • I already have the DuckDNS domain and already installed the DuckDNS container. By the log he is updating the ip next to DuckDNS. However, I can't get any kind of external access. I think it has something to do with my router, a Redmi AX5. In the router interface I can put a ddns, the No-IP, and that's where I think the problem is. DuckDNS identified my external ip, the No-IP, which I configured to test, is identifying an internal port on the router. So I think it's some problem related to multiple NATs.


    Where I'm going to put the server with OMV, there is another router, an Asus, where I don't have multiple NATs problems and where I know that both DuckDND and No-IP identify the correct external IP. In that environment (I'll test it next week), just install NGinx Proxy Manager with Letsencrypt following the instructions? Will I need to install anything else?

    You need to do more than just a DNS setup. DNS is just a way for internet access to be directed to the IP that your ISP is giving you.


    You need to port forward from the router to the OMV server and in particular to the ports of the reverse proxy as I mentioned above. Once the ports are forwarded to the server, all incoming traffic on ports 80 an 443 are intercepted by the reverse proxy and directed to the service you want.

  • Using a VPN can I use the services normally? For example, to use the Emby client, I enter the server's IP address and port. Using VPN would it be possible to use the client or via Kodi normally? I'm not familiar with how VPNs work.

    VPN connects your remote device to the VPN server you set up. From there you can access resources on your LAN or service in your server. Your device is not given a normal IP on your LAN so you will not be able to browse your network but can access things by IP address.


    Will Kodi work normally? That's a good question, I have never tried it over a VPN, but why would you want to if you are using Emby? Emby will work perfectly using the reverse proxy method, and so will anything else that has a web UI you want to expose.

  • Tailscale will allow you to access the device by SSH easily without exposing ports. It will probably allow access to web interface but I have not quite mastered that bit. If you want to access other services such as Emby it's probably not the best solution. Lookup tailscale and magicDNS on Google.


    What may suit you better is the Linuxsever SWAG docker - it makes reverse proxying to apps like Jellyfin and Emby quite easy..

    Inwin MS04 case with 315 W PSU

    ASUS Prime H310i-Plus R2.0 board

    Two port PCI-E SATA card

    16GB Kingston DDR4

    Intel Pentium Coffee Lake G5400 CPU

    Samsung Evo M.2 256GB OS drive

    4x4TB WD Red NAS drives + 1x4TB + 1x5TB Seagate drives - MergerFS pool

    Seagate 5TB USB drives - SnapRAID parity x 2

  • You need to do more than just a DNS setup. DNS is just a way for internet access to be directed to the IP that your ISP is giving you.


    You need to port forward from the router to the OMV server and in particular to the ports of the reverse proxy as I mentioned above. Once the ports are forwarded to the server, all incoming traffic on ports 80 an 443 are intercepted by the reverse proxy and directed to the service you want.

    In my tests using DuckDNS I opened the ports of the services I use. 8096 for Emby, 8112 for Deluge and etc. Would I need to open any more?

    VPN connects your remote device to the VPN server you set up. From there you can access resources on your LAN or service in your server. Your device is not given a normal IP on your LAN do you will not be able to browse your network but can access things by IP address.


    Will Kodi work normally? That's a good question, I have never tried it over a VPN, but why would you want to if you are using Emby? Emby will work perfectly using the reverse proxy method, and so will anything else that has a web UI you want to expose.

    I use Kodi as a client on devices where the official client is not available or paid for. On Android TV, for example.


    If anyone has a guide to point me to a simple solution I would appreciate it.

  • If you are not using a reverse proxy, you have to open ports for every service and you are not encrypted. More open ports (holes in your firewall) means more security risk and no encryption means someone could intercept your traffic and “steal” login information to get into your system.


    Do yourself a favour and set up the reverse proxy so you only need to open and forward 2 ports (80 and 443), and enable the encryption. As I said above, it is the best option, it’s easy to set up, it’s more secure, it simplifies having to remember ports, and as I said in a post several months ago, it’s how the big boys running server farms do it, otherwise you would have to remember a port number for every website you visit.


    As for Kodi, when used on your own lan does not need a VPN, and a VPN server running does not change the way your own lan works. When you asked about that I thought you were talking about trying to connect kodi from out on the internet, since secure connection from the internet is what a VPN would be used for.


    You asked for a guide, this whole topic has been discussed many times on the forum. Do some searching and you will find the information.


    If you are going to use NPM as you mentioned, all that is required as I said is port forwarding to the NPM container. Then you set up the services in NPM as subdomains of your duckdns domain with the IP address and port pointing to your server and port of the service. Then enable the ssl cert for the site. It is extremely self explanatory in NPM.


    As an option in NPM (covered in their official documentation), you can also place all your dockers on a custom docker network and then direct to a container name instead of an IP address if you like.

  • I installed Tailscale, created a user, logged in, my OMV appears in the device list and I got a Tailscale domain and IP address. What do I do with it now? Can I, for example, access the OMV interface through Tailscale? Or does it work in another way and for other purposes?


    I installed NPM and DuckDNS, both are working correctly but I can't access. Do I only need to open ports 443 and 80? Can I change these ports if there is a conflict or does NPM have any limitations on changing ports? Edit: The fact that I'm not getting access I think it may be related to some blockage by my ISP. They have a habit of closing my ports at every network maintenance, a rather annoying practice I would say. I'll check and if it doesn't work, I'll come back here for more help.

  • I installed Tailscale, created a user, logged in, my OMV appears in the device list and I got a Tailscale domain and IP address. What do I do with it now? Can I, for example, access the OMV interface through Tailscale? Or does it work in another way and for other purposes?


    I installed NPM and DuckDNS, both are working correctly but I can't access. Do I only need to open ports 443 and 80? Can I change these ports if there is a conflict or does NPM have any limitations on changing ports? Edit: The fact that I'm not getting access I think it may be related to some blockage by my ISP. They have a habit of closing my ports at every network maintenance, a rather annoying practice I would say. I'll check and if it doesn't work, I'll come back here for more help.

    OMV has a wireguard plugin as a VPN if you prefer that, as speeds for wireguard are probably faster than tailscale.


    As I said above, a VPN connects your remote device to your server, but you need to access local things based on their IP address.


    Also as I said above, you need to port forward 80 and 443 to the NPM container and set up your services in NPM. Just having NPM running does nothing if you don't set up the services.


    For example: If your OMV server is IP 192.168.0.200, and the NPM container is on port 80 and 443, you need to set OMV to use a different port, and your router needs to port forward 80 & 443 to 192.168.0.200.


    If you are running Emby for example, it would default to port 8096, so then NPM needs to have an entry for emby.yourdomain.duckdns.org pointing to 192.168.0.200 on port 8096. or you can place all of your docker containers on a custom docker network and use the container name instead of 192.168.0.200 (using container names do not work on the default docker network).


    You should also enable ssl in NPM for the services so your traffic is not visible to someone that may intercept it.


    It is no more complicated than that, just as I said above.

  • Read up on Tailscale MagicDNS.


    You'll create an address such as http://omv.dog-cat.ts.net


    You can create certs - not essential as you're using VPN but it will stop browser warnings.


    # tailscale cert


    is the command.

    Inwin MS04 case with 315 W PSU

    ASUS Prime H310i-Plus R2.0 board

    Two port PCI-E SATA card

    16GB Kingston DDR4

    Intel Pentium Coffee Lake G5400 CPU

    Samsung Evo M.2 256GB OS drive

    4x4TB WD Red NAS drives + 1x4TB + 1x5TB Seagate drives - MergerFS pool

    Seagate 5TB USB drives - SnapRAID parity x 2

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!