This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Openplotter network security on marina wifi
#1
It occurred to me that when I connect openplotter to a typical (non-isolated) marina wifi, its open network sockets are freely available to all other wifi users. It would be great if I would be able to block all traffic except the traffic to and from the gateway. This can be done with iptables, but before I venture into this, I'd like to check if that has already been done?


Thx!

-
Reply
#2
(2021-08-26, 04:14 PM)ironman Wrote: It occurred to me that when I connect openplotter to a typical (non-isolated) marina wifi, its open network sockets are freely available to all other wifi users. It would be great if I would be able to block all traffic except the traffic to and from the gateway. This can be done with iptables, but before I venture into this, I'd like to check if that has already been done?


Thx!

-

Does OpenPlotter listen on all interfaces or just the 'local' ones? (netstat -a will tell you - that will also give you all the info for your iptables or ufw)

But, generally most public WiFi will not allow communication between clients anyway - try an nmap scan and see if anything responds
Reply
#3
Hi Ironman,
I was realizing the same.
I am considering to add an extra router in the network for this purpose.
For example a GL-Inet MT300N

Currently I am using it as a travel router for the laptop.
I have installed openWRT travelmate so is automatically conncets to known hotspots.
For the laptop it's working fine.

I am now struggeling about DHCP.
Both openplotter as the GL-Inet act as DHCP server.
Maybe I should have a static IP for each device anyway.
Reply
#4
(2021-08-26, 05:01 PM)guyh2 Wrote: Does OpenPlotter listen on all interfaces or just the 'local' ones? (netstat -a will tell you - that will also give you all the info for your iptables or ufw)

But, generally most public WiFi will not allow communication between clients anyway - try an nmap scan and see if anything responds

Yep, the service I'm referring to listens out on all interfaces. I've used nmap and mdns-scan and I can discover all devices in my marina. Rather than relying on marina personnel to keep their network connections safe, I'd rather have openplotter do it from the other end ;-)
Reply
#5
A little more information.
I have the default 'openplotter' access point configured on the RPI4 on-board wifi adapter (with a non-default wifi passphrase of course). In addition, I stuck a wifi-dongle in the USB port and furnished wpa_supplicant.conf with the credentials of the marina wifi. This provides internet connectivity not only to the openplotter, but also to the wifi clients that are attached to the openplotter access point. So far, I was quite chaffed with this! However, because my signalk's udp nmea port was accessible from the entire wifi segment, I suddenly found values in my signalk database that must have come from some other boat, and hence I found out that my marina wifi did not isolate clients. I have already logged an issue with signalk to limit the interfaces that the nmea listeners register to. Strictly spoken, this is not an openplotter issue but a raspbian thing. However, openplotter owners might be at risk like I am.

I have looked into wpa_supplement.conf parameters, hoping I could specify client isolation here, but it does not seem to sit here.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)