Jump to content
Sign in to follow this  
TexasBill

Using Control 4 on your phone remotely

Recommended Posts

Did you know that you can use your Control 4 app remotely (even when you are outside your wifi zone at your house?

Here is what you would do:

In your Router's configuration:

1. Forward/Expose port 5020 (this is for communication with Director)

2. Forward/Expose port 80 (this is for art work (albums, movies, etc.), which is delivered via http)

3. Direct traffic from those ports to your Director's LAN IP address (the controller running Director should have a static IP address on your LAN)

4. Note the WAN IP address of your router (If you can get a static IP address from your ISP, it would be more reliable. Otherwise, check it before each demo to make sure it hasn't changed.)

In the Contro4 My House app on the iPhone/Touch,

1. go to Info -> Director

2. Click on "Add..."

3. Enter your router's WAN IP address and name it (e.g. Remote Access)

4. Click "Connect"

5. Update the project

Use at your own risk - I am not assuming any responsibility here - but this is so cool and my dealer made it available to me and said that I could tell others - so have fun!

Bill

Share this post


Link to post
Share on other sites

This method of port forwarding has been publicly present on here for some time.

The more secure way to do it is via VPN...a much safer/better way to get on your home network at utilize it that way.

Port forwarding is not a good idea, in my opinion.

I do agree that it is cool to control remotely, I'd just suggest the VPN route.

Share this post


Link to post
Share on other sites

What are some peoples VPN setups that they are using? I've tried ddwrt with PPTP VPN and can connect to NAS drives on the network, but not to the master controller.

Share this post


Link to post
Share on other sites

No doubt the VPN is the better approach, but I've had some troubles w/ the VPN connection on the iPhone. What are you using to create the VPN? And, will a (Verizon) iPhone connect to it via 3G? I have a Cisco RVS 4000 at home. At work, we're running into some problems w/ our Cisco ASAs now requiring different user licenses to allow iPhone / iPad remote connections, costing about $100 per concurrent license. Any add'l tips on setting up the VPN would be helpful. The app without remote access is practically useless IMHO.

Thanks.

Share this post


Link to post
Share on other sites
No doubt the VPN is the better approach, but I've had some troubles w/ the VPN connection on the iPhone. What are you using to create the VPN? And, will a (Verizon) iPhone connect to it via 3G? I have a Cisco RVS 4000 at home. At work, we're running into some problems w/ our Cisco ASAs now requiring different user licenses to allow iPhone / iPad remote connections, costing about $100 per concurrent license. Any add'l tips on setting up the VPN would be helpful. The app without remote access is practically useless IMHO.

I'm using a Cisco ASA 5505 with IPSec to connect to home. Native iPhone / iPad / iPod Touch support. Works over 3g and WiFi. I've never had a problem connecting.

My Cisco settings are very simple:

ip local pool VPNPool-1 192.168.1.50-192.168.1.55 mask 255.255.255.0

group-policy TunnelGroup internal

group-policy TunnelGroup attributes

vpn-tunnel-protocol ikev1 ssl-clientless

default-domain value default.domain.invalid

group-policy remotevpn internal

group-policy remotevpn attributes

ipsec-udp enable

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splitvpn

username derick password <redacted> encrypted privilege 15

tunnel-group TunnelGroup type remote-access

tunnel-group TunnelGroup general-attributes

address-pool VPNPool-1

default-group-policy TunnelGroup

tunnel-group TunnelGroup ipsec-attributes

ikev1 pre-shared-key <redacted>

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map dynmap 20 set pfs group1

crypto dynamic-map dynmap 20 set ikev1 transform-set ESP-3DES-SHA

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 64553 ipsec-isakmp dynamic dynmap

crypto map outside_map interface outside

crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map inside_map interface inside

crypto isakmp identity hostname

crypto ikev1 enable inside

crypto ikev1 enable outside

crypto ikev1 policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

This allows a group password to be used, so only people that I give out the group name/password can even get to the VPN, and then I can use username/password, or certificates for authentication (u/p shown above)

With this configuration, I simply add the VPN to my iOS device, click connect, enter my password, and then run MyHome from anywhere.

Thanks

D.

Share this post


Link to post
Share on other sites
What are some peoples VPN setups that they are using? I've tried ddwrt with PPTP VPN and can connect to NAS drives on the network, but not to the master controller.

DD-WRT works fine for me, and I've connected remotely with both iOS and Android. Don't remember off the top of my head where I found the configuration, but I'm sure I just used Google.

Not all DD-WRT routers are the same though...

Share this post


Link to post
Share on other sites

I'm using iVPN on a Mac Mini. My iPhone is 3G through AT&T. Works great. (also use no-ip.com for static IP fyi) Hope that helps someone... it now works like it is suppose to - remotely. ;0

Share this post


Link to post
Share on other sites
No doubt the VPN is the better approach, but I've had some troubles w/ the VPN connection on the iPhone. What are you using to create the VPN? And, will a (Verizon) iPhone connect to it via 3G? I have a Cisco RVS 4000 at home. At work, we're running into some problems w/ our Cisco ASAs now requiring different user licenses to allow iPhone / iPad remote connections, costing about $100 per concurrent license. Any add'l tips on setting up the VPN would be helpful. The app without remote access is practically useless IMHO.

Thanks.

Earo, someone is feeding you incorrect information. If you want to use AnyConnect VPN, there is a mobile license that you need to purchase but is not a per-user license. It is a single license per ASA. Or you could also just use IPSec the native iPhone VPN client as neter is doing.

Share this post


Link to post
Share on other sites

Note that for dynamic IP addresses, you can use a service such as DynDns.org and enter the DNS name in C4 MyHome. It doesn't have to be an IP address.

I have been meaning to switch over to VPN. Do you have to connect to the VPN each time prior to initializing C4? I wonder if there is a way to specify it to be turned on specifically for C4 (and/or other apps)?

Share this post


Link to post
Share on other sites

Do NOT follow this process.

I repeat

Do NOT follow this process.

Allowing external access to these ports will allow ANYONE with Composer to connect your system and change / delete / screw up your system.

Control4 has NO authentication, opening these ports is a SIGNIFICANT security risk.

DO NOT DO IT.

VPN is the only secured method to remotely access your system.

Share this post


Link to post
Share on other sites
Do NOT follow this process.

I repeat

Do NOT follow this process.

Allowing external access to these ports will allow ANYONE with Composer to connect your system and change / delete / screw up your system.

Control4 has NO authentication, opening these ports is a SIGNIFICANT security risk.

DO NOT DO IT.

VPN is the only secured method to remotely access your system.

Your message of alarm is well taken - My post was meant to make sure that people knew that they COULD use this remotely outside of their WIFI.

Now - I would like to have this capability but I would like to use a VPN - but I am not up on those - can someone tell me how to put this on a VPN please? I use Windows XP as my operating system - I also have Windows 7 as well.

Thanks,

Bill

Share this post


Link to post
Share on other sites

Hire someone to set it up if you don't know how.

If you want to learn how, google end point vpn solutions, PPTP, L2TP, IPSEC, or read this http://en.wikipedia.org/wiki/Virtual_private_network as a starting point.

Or search this forum for vpn. This question has been answered many times before.

Since it completely depends on your environment.

There are lots of options from out of box appliances to DIY server solutions to corporate level vpns. All have ups and down and vary in cost from free to several thousand dollars.

If you do expose these ports, a simple port scan can reveal your control4 master controller, and a simple command to your controller can compromise your entire system. I would HIGHLY suggest you remove any port forwarding to your master controller to avoid potential problems.

Share this post


Link to post
Share on other sites

Is the 4sight subscription required? I refuse to pay any FEES after I already bought all the equip!

Edited by hevnbnd

Share this post


Link to post
Share on other sites
Is the 4sight subscription required? I refuse to pay any FEES after I already bought all the equip!

So I'm guessing you don't have telephone service? What about internet? After buying that PC and a router, you still pay your ISP.

4Sight is a service that you need to pay for. And yes...you have to have capable equipment that comes at a cost in order to use it. Much like your CELL PHONE.

Share this post


Link to post
Share on other sites

Actually NO i do not have telephone and I split my internet with my neighbor. I provide the equipment and they pay the monthly fee. So NO would be the answer. Besides I can think of no other electronics that I can connect to that charge fees to connect to them... IE Sling Box (FREE AFTER PURCHASE OF EQUIP), PCs via RDP (FREE AFTER PURCHASE OF EQUIP), HP Printer (FREE to connect to after purchase of Equip) Maybe you are FLUSH with cash, but I am like most trying to get by and not wanting to burn money that I don't have to burn. Also I figure with the extremely large markup that Control4 has on their equip, they make plenty off me already!

Edited by hevnbnd

Share this post


Link to post
Share on other sites

<edited>

It's not like Control4 is *forcing* you to purchase 4Sight. It's a service, which does allow you to connect remotely, and also allows your dealer to remotely service your system. As Control4 has to actually provide a data center and internet connections to allow this, yes, they do charge for the service.

Use it if you want, don't if not, but you can't complain just because Control4 *offers* a service.

RyanE

Edited to take out something rude. Sorry 'bout that.

Edited by RyanE

Share this post


Link to post
Share on other sites

I'm cool with 4sight costing money for those wanting to remote into their system without having to setup VPN etc. what I do think is shady is that they don't let your system send emails u less you have a 4sight subscription.

Share this post


Link to post
Share on other sites
I provide the equipment and they pay the monthly fee.

I think you might have gotten the better end of this deal.

You guys share garbage pickup too?

You are likely in violation of the ISP service agreements, but more than that, if everybody did this, the cost would just go up for everybody to make up for it.

Share this post


Link to post
Share on other sites
... what I do think is shady is that they don't let your system send emails u less you have a 4sight subscription.

This is inaccurate.

Control4 does *nothing* to block your system from sending emails / messages out. Control4 provides the *built-in* email capability as part of the 4Sight service, but there's *absolutely nothing* blocking a dealer / 3rd-party from creating an email driver that does the same thing, and giving it away/selling it.

Control4 *is* providing a service with the emails on 4Sight. Control4 uses 4Sight's infrastructure to send the email, as opposed to the dealer / end user having to setup their email SMTP server, ensure that their ISP allows port 25 outgoing, etc. It's not as cut and dried to set those things up. 4Sight does it seamlessly, and without any configuration other than creating the 4Sight account and linking it to a project.

RyanE

Share this post


Link to post
Share on other sites
Actually NO i do not have telephone and I split my internet with my neighbor. I provide the equipment and they pay the monthly fee. So NO would be the answer.

So your neighbor is willing to pay a monthly fee in exchange for you purchasing a wireless device? Does he realize that wireless device likely cost less than 2 months of internet service? Even if you got cheap internet and an expensive router, it certainly cost less than 6 months. You definitely got the better end of that deal.

Besides I can think of no other electronics that I can connect to that charge fees to connect to them... IE Sling Box (FREE AFTER PURCHASE OF EQUIP), PCs via RDP (FREE AFTER PURCHASE OF EQUIP), HP Printer (FREE to connect to after purchase of Equip) Maybe you are FLUSH with cash, but I am like most trying to get by and not wanting to burn money that I don't have to burn. Also I figure with the extremely large markup that Control4 has on their equip, they make plenty off me already!

So if you don't have telephone service and rob your neighbors internet service, then why are you worried about connecting remotely? It requires a remote device, ala CELL PHONE (which you said you don't have) as well as a remote internet connection (I guess this is generally available, especially if you don't mind piggybacking off someone elses dime).

Nobody is talking about anyone elses financial situation here...you just made what I felt like was a ridiculous claim. If the $100/year that 4Sight costs you puts you in a bind you probably shouldn't have spent all that money on fancy automation equipment.

I can only imagine your arguement for the power company. "Not only did I buy these lights bulbs AND the fixture they go in, but I paid $150 for a special light switch to turn them on. I CAN'T BELIEVE that you are charging me further fees to be able to turn these lights on, and I am TOTALLY BLOWN AWAY that you would increase said fee based on my usage! PREPOSTEROUS!".

On a side note, I am was impressed and surprised that SlingMedia doesn't charge any annual fees or anything for the use of their service. I am Slingbox owner and user, and absolutely love the service.

Share this post


Link to post
Share on other sites

I really could use a bit of help getting my head aruond this - I called all the people that I know that do computers and they all say that they can set up a VPN from my house to theirs etc but they have no idea how to do this on an iPHONE...

I have a LinkSYS router and my entire house is NATTED behind the router.

I believe that I simply need to set up the information in my router and then have the correct client on an iPHONE set up and I am done - right?

OK - if that is true then what client - how do I set this up on an iPHONE? What would you recommend?

Thanks,

Bill

Share this post


Link to post
Share on other sites
I really could use a bit of help getting my head aruond this - I called all the people that I know that do computers and they all say that they can set up a VPN from my house to theirs etc but they have no idea how to do this on an iPHONE...

I have a LinkSYS router and my entire house is NATTED behind the router.

I believe that I simply need to set up the information in my router and then have the correct client on an iPHONE set up and I am done - right?

OK - if that is true then what client - how do I set this up on an iPHONE? What would you recommend?

Thanks,

Bill

You already have everything on your iPhone...go to settings, then VPN. You likely need more then just the router you have at home though.

Exactly what model router do you have?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...