-4

Let's say I have 20 Raspberry Pis each located in different cities. I want to be able to monitor them, transfer files to/from them, control them, etc. remotely and securely from my office.

I searched for possible solutions in the past few days, and found the following solutions:

  1. Port Forwarding
  2. VPN
  3. Using some 3rd party websites like RealVNC, Remote3.it, TeamViewer, etc.

As I've understood, the port forwarding is the least secure solution in this list. Also, 3rd party websites have limits on the number of Pis you can access in free versions. Besides, they are not open source, so you cannot design your desired monitoring system/interface based on them. Hence, the VPN seems a better solution all in all.

As for the VPN, I searched the net a lot, but in most of the relevant tutorials, the RPi is the server, and the PC is the client. There's no problem in being so, until you have only 1 RPi to remotely access to.

Now here are my questions:

  1. If I want to remotely access to 20 RPis in different locations and monitor them from 1 PC, what configuration shall I use !? 20 VPN servers + 1 client !? How is this possible !? Or shall I change the configuration to 1 server + 20 clients !? If so, how shall I do that !?
  2. Are there any other methods for remote access to RPis securely from the office!? (else than those 3 ones listed above)?

Thanks.

Omid1989
  • 93
  • 1
  • 7

2 Answers2

1

Just configure a VPN server that is reachable from all the remote machines and have them log into that VPN.

Use any VPN you like, e.g. OpenVPN, which is widely documented (hint: This is often called a road warrior configuration because it is used for external employees logging into the company network).

Sven
  • 97,248
  • 13
  • 177
  • 225
  • Thanks @Sven for your answer and hints. Just two questions: (1) Is your suggested configuration, like 1 server (PC) + 20 clients !? (2) Will this configuration be a two-way solution!? Who initiates the connection? The RPis or the PC !? – Omid1989 Apr 27 '17 at 10:14
  • 1
    Of course it is 1 server and 20 clients. The clients would need to initiate the connection (and maintain/reestablish it upon connection loss). I don't know what you mean by "two-way solution" – Sven Apr 27 '17 at 10:16
  • Thanks @Sven. By two-way, I mean can I transfer files to/from RPis !? (Full control and monitoring)? Also, what hardware do I need in each side !? – Omid1989 Apr 27 '17 at 10:19
  • 1
    If configured accordingly, you can fully control the machines and transfer files. The remote machines obviously need a working internet connection that doesn't block your VPN of choice and on the server side you need a VPN server that is reachable from the internet. – Sven Apr 27 '17 at 10:21
0

Easy & fast
The easiest way would be to forward a non-standard port to the SSH port on the Raspberry Pi. For example 11111 (external on router) to 22 (internal on Pi). If the remote locations are using dynamic IPs you should also configure a service like dyndns so you can always connect to the currently used IP.

Bit more complicated and secure
It would take a bit more time and configuration effort but if it's a business or more secure environment it's worth the effort.

Option A:

Configure an OpenVPN server on each Raspberry Pi and connect to each indiviually if necessary.

Pros:

  • Once you have a working configuration you can mostly copy-paste the configuration to all Raspberry Pi's.
  • You can probably even use the same server certificate on all Pi's to eliminate the necessity of maintaining 20 server certificates with 1 client certificate each.

Cons:

  • If security is a necessity you need to generate and maintain 20 Server and 20 Client certificates.
  • Requires creating and maintaining 20 server and 20 client certificates
  • Requires 20 DynDNS (or similar) services configured and maintained (if remote locations use dynamic IPs)
  • Each Pi should always run up-to-date software since they're directly exposed to the internet.
  • Firewall / Router requires at least 1 port forwarding rule to Pi

Option B:

Configure one centralized OpenVPN server and have each Pi connect to it on it's own. If necessary you can even use the Raspberry as a Gateway to the remote network for other administrative tasks.

Pros:

  • Only one server required and one server certificate
  • 20 client certificates can be easily centrally maintained and revoked (if necessary)
  • No open ports on client side required
  • Remote access to network possible if necessary. (Use client as gateway)

Cons: - ?

adiuva
  • 394
  • 2
  • 7
  • Thanks @adiuva for your answer, but you almost rementioned my own suggestions! Would you please clarify the difference, pros and cons of Options A and B !? – Omid1989 Apr 27 '17 at 10:29
  • 1
    @Omid1989: Option A is largely the same as the "easy and fast" method, as you usually need port forwarding for both to make the machine reachable from the internet. This is often impossible (e.g. in mobile networks) or out of your control. – Sven Apr 27 '17 at 10:35