HOWTO: Allow v8 Client Remote Control

Moderators: Site Moderators, FAHC Science Team

Post Reply
calxalot
Site Moderator
Posts: 871
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

HOWTO: Allow v8 Client Remote Control

Post by calxalot »

HOWTO: Allow v8 Client Remote Control

Summary

This tells how to configure a client to allow remote control direct connections.

This is not needed for remote control of FAH v8.3+, which has a login option for secure remote access via Web Control.

This allows you to add its host to the peers list of a local client (FAH v8.1).

The computer that will access remotes does not need its own local client.


WARNING

This has security implications.
The client will have a wide open port.
Anyone on the local network will be able to tamper with your client.
If vulnerabilities are found in fah-client, your computer could be compromised.

Only do this on completely trusted networks.
You should not do this on a laptop or any computer that might join a public network such as a coffee shop wifi.

A secure way to control remotes is with a ssh tunnel.
If you are proficient with tunnels, you should consider using them instead.


Prerequisites
  • Administrator account so you can use sudo
  • Comfortable using the command line in Terminal

Create/Edit config.txt on a remote client computer

macOS

Code: Select all

sudo nano "/Library/Application Support/FAHClient/config.xml"
Linux
Note: for v8.1, the path was /etc/fahclient/config.xml

Code: Select all

sudo mkdir -p /etc/fah-client
sudo nano /etc/fah-client/config.xml
If the file is empty, first add

Code: Select all

<config>
</config>

Allow access on all network interfaces, for all local network addresses

Copy-paste these lines after <config>

Code: Select all

  <http-addresses v='0.0.0.0:7396'/>
  <allow v='127.0.0.1 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 169.254.0.0/16'/>
  <deny v='0/0'/>
Note: You should always include 127.0.0.1 in your allow list.

For improved security, use a more restrictive allow list

Remove networks that don't apply to you.
For example, most home networks use the 192.168 network, so you might use

Code: Select all

  <allow v='127.0.0.1 192.168.0.0/16'/>
Most home networks further only vary the last number.
If your assigned addresses were all, for example, 192.168.22.*, you could use

Code: Select all

  <allow v='127.0.0.1 192.168.22.0/24'/>
On your (macOS) control/monitor computer, see System Settings/Preferences > Sharing and Network for hostname and address. Use the specific hostname or address of the computer that will control remotes.

On Linux, use the `hostname` command, and add suffix ".local". If you are using virtual machines, the numeric address of the control computer may be different on the remote host.
On remote, get numeric address using something like `ping -c 1 my-control-computer.local`.
Note that numeric addresses can change.

Code: Select all

  <allow v='127.0.0.1 192.168.77.222'/>
WARNING: The client will fail to launch if named hosts in the allow list cannot be resolved.
Example:

Code: Select all

  <allow v='127.0.0.1 no-such-host.local'/>
Save your config.xml

In nano, use Write Out, <enter>, Exit.


Restart client

macOS

Code: Select all

sudo /bin/launchctl stop org.foldingathome.fahclient
sudo /bin/launchctl start org.foldingathome.fahclient
Linux

Code: Select all

sudo /usr/bin/systemctl restart fah-client

Configure your browser

On your control computer, in a browser other than Safari or Firefox, go to Web Control

https://beta.foldingathome.org

Change site settings to allow insecure content.
E.g., in Chrome
  • click lock next to url
  • click Site settings
  • scroll down to Insecure content
  • select Allow

Add Peers
  • Click Settings for local client
  • Add remote client hosts as Peers
  • Save

Optional direct Web Control v8.1 to remote

Once a client allows remote control, you also have the option to point Web Control directly at that client.

When https://app.foldingathome.org is open, press control-shift-L and enter the remote host name.

This is stored in the browser. To reset, press control-shift-L, delete the host and save. It will revert to 127.0.0.1:7396.
jonault
Posts: 214
Joined: Fri Dec 14, 2007 9:53 pm

Re: HOWTO: Allow v8 Client Remote Control

Post by jonault »

Has the control & monitoring interface changed between v7 & v8? I tried adding my v8 client to the v7 Advanced Control on a different machine (making sure to use the new port number) but it's stuck on Updating.

I suppose the fact that they're using different port numbers is a pretty strong hint that they aren't cross compatible, but I wanted to verify.
Image
calxalot
Site Moderator
Posts: 871
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: HOWTO: Allow v8 Client Remote Control

Post by calxalot »

Yes, very different.

v8 uses asynchronous json over websocket.

v7 uses an asynchronous text/telnet interface that returned blobs that usually contained a python object representation.

FAHControl is not compatible with v8.
HFM is not compatible with v8. Yet.
Holdolin
Posts: 15
Joined: Thu Oct 10, 2013 3:38 am

Re: HOWTO: Allow v8 Client Remote Control

Post by Holdolin »

For the sake of saving some typing, you don't have to "sudo touch<filename>" the config file in Linux. sudo nano<filename> will create the file and open it for you.
Image
calxalot
Site Moderator
Posts: 871
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: HOWTO: Allow v8 Client Remote Control

Post by calxalot »

Thanks, updated.
Post Reply