No internet connection
  1. Home
  2. General

Disable Internet Access & Other Questions

By @understandingTiny
    2021-12-23 02:16:51.725Z
    1. I want to make sure my tinypilot cannot talk to the internet in any way and can only work on my LAN. How do I go about this? I understand this means that updates will also be disabled, that is okay. Assume Voyager 2

    2. If I have the ability to VPN to the network (using a VPN appliance) that the tinypilot resides on, I should be able to access it the same way I would if I were local and on the lan - albiet with more lag - correct? Assume Voyager 2.

    3. Is it easy to update the OS and the tinypilot software itself to be sure I'm getting security updates?

    Thanks!

    Solved in post #4, click to view
    • 3 replies
    1. F
      Don Eitner @FreihEitner
        2021-12-24 01:16:30.274Z

        I'm not affiliated with the TinyPilot devs, just a user myself. I'm also no expert, but I think the only real way to ensure that any device on a LAN cannot talk to the outside world is to restrict it through the router or switch to which it is connected. This goes for any networked device--if you rely on the device itself to follow your rule, you are beholden to every single software package on that device respecting your wish. A "no internet access" setting applied to the router port to which the device is connected is the only way to be sure.

        #2 sounds right. If you VPN into the network and open a web browser through that VPN tunnel, it should be able to see the TinyPilot.

        #3 is easy if you have not locked it down to forbid internet access. In the TinyPilot web app there is a menu item to check for updates. There's only been one update since I purchased mine in late November, but it was a point and click affair to update it.

        1. U@understandingTiny
            2021-12-24 04:50:18.108Z

            Thanks! I feel like because it runs rasberry pi os disabling the internet should be possible. Just looking for some direction on how to do #1 as best as possible without being on the router level.

          • Sorry for the delay! I've been traveling for the holidays.

            I want to make sure my tinypilot cannot talk to the internet in any way and can only work on my LAN. How do I go about this? I understand this means that updates will also be disabled, that is okay. Assume Voyager 2

            As @FreihEitner suggested, usually you'd do this at the router level. If there's a rogue application or malware on the device that's trying to access the internet, it can undo whatever device-level restrictions you've applied and access the Internet anyway. But if you're aware of that risk and just want a good-enough solution that would stop unsophisticated applications or attackers, you can use a device-level firewall.

            You can use ufw or iptables rules to allow traffic to your local network but deny traffic everywhere else.

            If I have the ability to VPN to the network (using a VPN appliance) that the tinypilot resides on, I should be able to access it the same way I would if I were local and on the lan - albiet with more lag - correct? Assume Voyager 2.

            Yep, that's correct.

            Is it easy to update the OS and the tinypilot software itself to be sure I'm getting security updates?

            Yes, you can run System > Update from the web UI and apply any available updates.

            ReplySolution