You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ssh tunnel for access to local services is started when:
Remote support is enabled, or
Remote console (VNC) on VRM is on
The problem is that remote Node-RED and Signal K also needs this tunnel, but there is no 'Node RED on VRM' option. It currently just says in the GUI: "Access node-RED via http://venus.local:1881 and via VRM". But via VRM only works if the ssh tunnel is on, so only when 'remote support' or 'remote console on VRM' is enabled.
Desired situation
Probably a new option to 'expose local web services to VRM' should be made. I don't know what the best wording is. It affects both Node-RED and Signal K, but that is probably too long, and may change in the future.
And, with the GUIv2, the ssh tunnel's run condition for remote console is no longer required, for most people. But, it's still used for when you're running a custom build of the wasm. I'm unsure how to deal with that.
The text was updated successfully, but these errors were encountered:
The following would be taking it a bit wider, but how about we change the Logging to VRM setting (vrmlogger on/off) into a setting with three options. Name of the setting is VRM Portal. Options are:
Off
Read only. (vrmlogger is enabled)
Full access (default) (MQTT + the option for ssh tunnel)
The VRM two way communication setting, as well as the Remote console on VRM setting can then be removed. What we accomplish then is one setting less.
Resulting settings:
Local gui (gui v1, gui v2). (on GUIv1: start ssh tunnel when VRM is 'full access')
remote support (on, off) (always start SSH tunnel, and put the authorized_keys in place)
vrm (off, read only, full access). 'Full access' starts flashmq and enables the MQTT bridge config. LAN access is only opened up in iptables when MQTT on LAN is also on.
services -> Node-Red (start ssh tunnel when VRM is 'full access')
services -> Signal-K (start ssh tunnel when VRM is 'full access')
Added later, because a coming change requires this too: EVCS (start ssh tunnel when VRM is 'full access')
services -> MQTT on LAN: starts flashmq and opens up the firewall, as already the case.
Services that are influenced:
FlashMQ runs when services/mqtt on LAN or VRM full access is on. Bridge config is placed in when 'full access' VRM. LAN access is protected by iptables when MQTT on LAN is off. This is like this currently already.
Firewall opens up access to MQTT LAN when services/MQTT on lan.
SSH tunnel is started when (VRM is full access + service that needs it. OR 'remote support' is enabled.
As discussed today, @jhofstee & @jepefe will review the idea and if they agree we go for this.
mpvader
changed the title
Change ssh tunnel run conditions wrt to GUIv2 and Node-RED
Change settings around VRM / ssh tunnel / remote access
Apr 18, 2024
Current situation
The ssh tunnel for access to local services is started when:
The problem is that remote Node-RED and Signal K also needs this tunnel, but there is no 'Node RED on VRM' option. It currently just says in the GUI: "Access node-RED via http://venus.local:1881 and via VRM". But via VRM only works if the ssh tunnel is on, so only when 'remote support' or 'remote console on VRM' is enabled.
Desired situation
The text was updated successfully, but these errors were encountered: