protobufs icon indicating copy to clipboard operation
protobufs copied to clipboard

Published 20 hours ago verified publisher icon meshtastic

[Feature Request]: Protobuf authentication

Open bmatic385 opened this issue 6 months ago • 2 comments

Tell us your idea.

Recently I opened a Feature Request #614 on meshtastic/web where I asked to implement basic http/https authentication in internal Web UI which is served from node itself, because I wanted to access Web UI over the internet, when at work, and I got rejected reasoning that it is not secure, and sugested to implement authenticating proxy in front of Meshtastic node, and I did just that, installed Caddy on Raspberry Pi, and it works excelent. Now I want to connect with Android App on my phone to Meshstatic node that is on a pole, on a roof, on my house, which is connected via ethernet, and when I forward TCP port 4403 I can connect to it over the internet, and everything works OK. But now anyone can connect to my node using Android App over the internet.

So my new Feature Request consists of 2 parts:

  1. in Android App implement that I can write a domain name instead only numerical IP address to connect to
  2. I plan to use stunnel (or something similar) running on Raspberry Pi to implement simple authenticating method in protobuf protocol on TCP port 4403, so authentification also must be implemented in Android App also

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

bmatic385 avatar May 09 '25 13:05 bmatic385

Unfortunately same thing applies as the web client. There has been some discussion to allow connection via domain - but there are no plans to do auth via protobuf.

Take a look at some of the solutions recommended in your previous issue.

jamesarich avatar May 09 '25 13:05 jamesarich

Hi James,

I understand that most of the people using Meshtastic is not that tech savy, and do not want to / need to to do port forwarding on a router to connect to node remotely, but there are some of as crazy mf :-) I already have some ideas in my head to do it securely, like implement port knocking on my MikroTik, and based on port knocking automatically creating firewall rule. I understand that it is complicated and not a burning issue to implement auth via protobuf, but at least I need a way to input my domain in App. So could it be possible to implement:

  1. domain input in address field instead only numerical IP address
  2. implement custom port input, like "domain.com:5403" if I wanted to do a port remaping
  3. implement node addresses profiles, like:
  • Home profile - 192.168.1.100
  • Internet profile - domain.com:5403

bmatic385 avatar May 09 '25 20:05 bmatic385