-
I want to make sure my tinypilot cannot talk to the internet in any way and can only work on my LAN. How do I go about this? I understand this means that updates will also be disabled, that is okay. Assume Voyager 2
-
If I have the ability to VPN to the network (using a VPN appliance) that the tinypilot resides on, I should be able to access it the same way I would if I were local and on the lan - albiet with more lag - correct? Assume Voyager 2.
-
Is it easy to update the OS and the tinypilot software itself to be sure I'm getting security updates?
Thanks!
- FDon Eitner @FreihEitner
I'm not affiliated with the TinyPilot devs, just a user myself. I'm also no expert, but I think the only real way to ensure that any device on a LAN cannot talk to the outside world is to restrict it through the router or switch to which it is connected. This goes for any networked device--if you rely on the device itself to follow your rule, you are beholden to every single software package on that device respecting your wish. A "no internet access" setting applied to the router port to which the device is connected is the only way to be sure.
#2 sounds right. If you VPN into the network and open a web browser through that VPN tunnel, it should be able to see the TinyPilot.
#3 is easy if you have not locked it down to forbid internet access. In the TinyPilot web app there is a menu item to check for updates. There's only been one update since I purchased mine in late November, but it was a point and click affair to update it.
- U@understandingTiny
Thanks! I feel like because it runs rasberry pi os disabling the internet should be possible. Just looking for some direction on how to do #1 as best as possible without being on the router level.
In reply tounderstandingTiny⬆:Michael Lynch @michael2021-12-29 16:56:16.551ZSorry for the delay! I've been traveling for the holidays.
I want to make sure my tinypilot cannot talk to the internet in any way and can only work on my LAN. How do I go about this? I understand this means that updates will also be disabled, that is okay. Assume Voyager 2
As @FreihEitner suggested, usually you'd do this at the router level. If there's a rogue application or malware on the device that's trying to access the internet, it can undo whatever device-level restrictions you've applied and access the Internet anyway. But if you're aware of that risk and just want a good-enough solution that would stop unsophisticated applications or attackers, you can use a device-level firewall.
You can use ufw or iptables rules to allow traffic to your local network but deny traffic everywhere else.
If I have the ability to VPN to the network (using a VPN appliance) that the tinypilot resides on, I should be able to access it the same way I would if I were local and on the lan - albiet with more lag - correct? Assume Voyager 2.
Yep, that's correct.
Is it easy to update the OS and the tinypilot software itself to be sure I'm getting security updates?
Yes, you can run System > Update from the web UI and apply any available updates.