Distant access to Rasp Kodi doesn't work if samba activated

hectobar · May 25, 2023 at 12:29 PM

Hello,

I use kodi on Raspberry Pi 4 for my music.

I have it on my LAN with SMB activated and all is OK, I can share the HDD with my PC and control it by the web interface on the LAN (Chorus, Emby).

Recently i attempted to configure my box to set a distant access, by using Emby or Chorus.

I never managed to get distant acces until I disactivate SMB on kodi.

Is anyone has an idea ?

Thanks,

hectobar · May 27, 2023 at 4:47 PM

Hello,

anybody there ?

Can someone tell me at least if he has such a configuration working ? (ie on Rasp kodi : distant access OK while SMB activated on )

so I will know that it could work and I have a configuration problem.

thanks

Mario77 · May 27, 2023 at 8:18 PM

Quote from hectobar

Hello,
anybody there ?
Can someone tell me at least if he has such a configuration working ? (ie on Rasp kodi : distant access OK while SMB activated on )
so I will know that it could work and I have a configuration problem.
thanks

Do you mean outside of your LAN (remotely) by distant?

hectobar · May 27, 2023 at 11:34 PM

yes, outside of my LAN ...

Mario77 · May 28, 2023 at 12:10 AM

Quote from hectobar

yes, outside of my LAN ...

You might need to forward/open the relevant ports fron your router to be able to access remotely..

hectobar · May 28, 2023 at 9:15 AM

Thanks you,

This is all ready done and it is correct since distant access to my Raspberry Kodi is OK when I disactivate SMB.

But if I reactivate SMB, I lose the distant access to the port 8080 for Echo or 8096 for Emby, while LAN access works.

Do you think it could be a security issue since the distant access is only HTTP and not HTTPS ?

vaughng · May 28, 2023 at 1:40 PM

Port forwarding is a bad idea unless you have your instance secured. Please look into the following before forwarding any ports:

1) Adding certificates to Kodi (self-signed or using letsencrypt)

2) Disabling SSH OR adding SSH keys and disabling SSH password (not an issue if you aren't forwarding port 22)

3) Setting a secure password for the web interface (changing the username is also a good idea)

If you don't set up certificates, your password will be sent in plain text (unencrypted).

Alternatively (and probably the safer option) look into setting up a WireGuard (VPN) server on your local network and port forward to that instead, then you have remote access to your entire local network, secured by a keypair. I haven't tried using Kodi over WG so I cannot speak for performance.

hectobar · May 28, 2023 at 3:00 PM

Thank you for your advises.

Sorry but my skills in network system are very limited and I'm not sure to well understand:

My box allready proposes a WireGuard VPN server. And I assume that my LAN is managed by SMB on Kodi.

Do I have simply to install a Wireguard VPN client on Kodi ? What about ports redirections ? Are they no longer usefull ?

Mario77 · May 28, 2023 at 9:07 PM

What do you mean by disactivating and activating smb?what settings are you changing?

Are you using the Emby server addon?

hectobar · May 29, 2023 at 3:31 PM

No, I use Kodi setting parameters

Kodi allows in the service control panel to disactivate or reactivate SMB.

On my Raspberry Kodi:

System->Libreelec->Services->Samba->Activate (yes/no).

Note: I checked and Libreelec does not propose any WireGuard addon. However, when I browse the rasp file system (with my android smartphone "My Files") , I can find a file Configfiles\wireguard\wireguard.config.sample.

Is it usefull or it is simply a file left but dedicated for other OS targets ?

hectobar · May 29, 2023 at 4:52 PM

Thanks for our help !

Finally, I asked Windows to reinit all its network configurations and 'ô miracle' I can see again my SMB shares on my PC.

Without understanding, I summarize:

0/ I have a Kodi configuration OK, SMB shares on my LAN OK. LAN access to Chorus or Emby interfaces OK. Ports 8080 or 8096 not exported to the public.

1/ I configure the redirection of ports to export them and allow a distant access. Distant access doesn't work.

2/ I disactivate SMB on Kodi and distant access start to work (at this step, I no longer see kodi SMB shares on my PC, which is normal).

3/ I reactivate SMB on Kodi and distant access is still OK but I still can't see kodi SMB shares on m PC.

4/ I reiniatilize Network configs on m PC and all is OK.

What I have to do now before going forward, is to secure the exported communication by adding certificates to Kodi (self-signed or using letsencrypt) as vaughng suggested, or by a VPN. My box also proposes a PPTP VPN which could work with tinc but I don't know yet how to configure them.

vaughng · June 4, 2023 at 1:41 PM

Glad you got it working!

About this:

Quote from hectobar

My box allready proposes a WireGuard VPN server. And I assume that my LAN is managed by SMB on Kodi.
Do I have simply to install a Wireguard VPN client on Kodi ? What about ports redirections ? Are they no longer usefull ?

"My box" meaning your router or a server on your LAN has a WireGuard VPN server? If I am correct then no don't install VPN clients on Kodi.

Instead of forwarding ports 8080 or 8096, forward your VPN port (51820 by default for WireGuard). The client in this case would be the device you are connecting from (example: your laptop). Then, when you connect to your WireGuard VPN remotely from your laptop (using your external IP or DDNS) you will have full access to your LAN as if you were at home. To use Kodi you would then use your internal I.P address (example: 192.168.0.20:8080) to reach Kodi. Which is secure because the VPN creates the encrypted tunnel, no need for certificates.

However, if you are confused about this, since you have it working already you may be better off looking into the certificates option.