Hi,
I have set up MyCloud and also ID & password were created, everything is fine and also I can logon via browser
http://192.168.1.5/UI
But when I tried to access it on remote site via VPN, it shows “You don’t have permission to access /UI on this server”
The remote site IP is 192.168.2.x , is it MyCloud security issues ? Please advise, thanks.
It’s not security issues but on the other hand, security measures. You can only access the Dashboard locally via subnet 192.168.1.0/24.
Yes, I can access it via 192.168.1.x/24, but if I access it via 192.168.2.x/24, it doesn’t !
oh, you mean I can only access locally via 192.168.1.x/24, in that case, access it via the WAN or VPN is impossible !
Yes your VPN IP is in the 192.168.2.0/24 range NOT 192.168.1.0/24 and WD only allows Dashboard access from 192.168.1.0/24 (192.168.1.1 - 192.168.1.255).
You need dangerous security modifications to remove this restriction (that I’ll not cover here) which probably void the warranty.
OMG! Why WD design this products so stupxx!!! Even other firewall products that can allow administrators access it via WAN or VPN ~ WD MyCloud… it is nightmare!!!
I’m not defending WD but this is for the good cause. Imagine if this restriction is not implemented, and the remote access is enabled? The NAS login page could get brute force attacks.
Since you’re using VPN and I assumed you have some networking experience, you can create a tunnel to view the Dashboard. SSH from your VPN to MyCloud and create a tunnel which you can access via the browser.
See my similar post here:
I am IT guy, I know that it is security issue, but if no IT guy on 192.168.1.x site, that is trouble!
For the first time set up, I use Teamviewer to remote access remote site PC, then set up WD MyCloud id & pw, it is fine, but I cannot every time run Teamviewer to remote access remote site PC to do any admin task on MyCloud as that PCs always busy always!
Thru the WAN I am not suggested but via VPN, I think it is OK, can you advise how to enable this feature on WD MyCloud, many thanks.
Ok IT guy, setup the VPN-> SSH tunneling as I described on the previous post. You will have full access on the 192.168.1.x site. No modifications needed 
The problem with this is if you remove the restriction to allow VPN, it will also allow dangerous WAN access directly to the MyCloud.
Instead add your VPN subnet to the restriction:
sed -ri 's/(\$\{LOCAL_NET\})$/\1 192.168.2.0\/24/' /etc/apache2/sites-available/wdnas-ui.conf>/dev/null 2>&1;
Then restart the daemon:
service apache2 restart;
I assumed above modifications are done on a Gen1 Single Bay MyCloud firmware v4. Modifying any part of the device may void your warranty.
Hi Nazar78,
Modify /etc/apache2/sites-available/wdnas-ui.conf file and restart the deamon, OK, thanks.
When I add the local net info there’s no error, cat wdnas-ui.conf shows edits…
However when I service apache2 restart I get an error
“-sh: service:not found”
Should I be in a different location in the shh session before using the restart command? When I use the reboot command it reboots the drive, and the modification made to the wdnas-ui is no longer there.
When at root, doing “/etc/apache2 restart”
I get a “Permission denied” error message .
I’m on the current version 2.21.111
Erm this mod is only supported on MyCloud single bay Gen1 devices firmware v3/v4. The only MyCloud that supports permanent (survive reboots) modifications to its rootfs.
Thanks for the info Nazar… Never fails for a company to make their hardware less appealing as the gen’s go up.lol
Well, depending on what kind of router you have, you can modify the subnet used when connecting to the VPN. For example, on the Asus routers, you can access the advanced settings from the dropdown in the VPN Server tab and change the client ip address to 192.168.1.x ~ 192.168.1.x. Just be sure to change the DHCP IP Pool Starting Address to something above the range specified in the VPN settings.
I am able to access the UI of the MyCloud from anywhere remotely as long as I connect to my router via VPN.
Hi All,
you can edit apache config file as you wish and always access everywhere via ssh
please follow the below;
0- run this command for create backup file “cp /usr/local/apache2/conf/httpd.conf /usr/local/apache2/conf/httpd.conf_orj”
1- edit and update the file with command “vi /usr/local/apache2/conf/httpd.conf”
2- Delete the “RequireAny” tag everywhere
3- apache restart web
4- you can able to access from any subnet
---------------- You must be see latest situation for httpd.conf Removed the RequireAny tag ---------------
---------------- You must be see latest situation for httpd.conf Removed the RequireAny tag ---------------
---------------- Original File ---------------
It is a shame, that WD gives no possibility to configure the address ranges, for which the access via webbrowser is to the GUI is allowed. There are Users (like me) that have more than one local network or that want to enable access via VPN, and in such a case, it would be useful to enable access for all “trusted local networks” (including VPN Pools), even if that is more than one network. A warning may be OK, but giving no possibility to configure this via Webbrowser is not really a good thing …
One solution (if there is a host, that allows ssh access in the same network as the "mycloud NAS) would be to use “ssh tunneling” to make access to the NAS possible, but that is a hack, that i personally would not prefer, if there is an other possibility …
@jilse
Did you notice that the original topic was started in 2016?
My two WDMYCLOUDS are working fine. The old one running OS3 is set up for use on my home network only. The other running OS5 can be opened under Network and on my cell phone I have the app.
