21
8
I want to deploy a Raspberry Pi in my weekend cottage. The Raspberry Pi is there to log the temperatures and send them to a remote server which has a fixed ip, saves the data and displays it on a simple website.
However the situation may arise that I want to change something on the Raspberry Pi. For example system updates or a change on the program which sends the data to the server or whatever.
With the proposed setup I wouldn’t be able to connect to the Raspberry Pi from outside of it’s LAN.
NOTE: I do not want to change the network, and the existing router doesn’t have the ability for port forwarding, dynDNS or VPN.
I recently read over UDP hole punching. The basic idea is, that the client sends a UDP Package to a known server address (i. e. with a public IP or dynDNS enabled). Client B which would want to connect to client A asks the server for the public IP and Port number of client A.
It then can connect to client A directly on it’s public IP and port which is dynamic. Because client A first connected to the server on the now used port, the NAT will forward the packages to client A.
I hope I summarized the idea correctly, more or less…
This all sounds nice, but the problem is, that this is not quaranteed to work with a TCP connection, as the router is able to “understand” the handshake of the TCP connection and if it is not built up correctly, it will not forward the packages.
So, how can I open a SSH Session from client B to client A, without client A sitting behind a router with dynDNS, a fix public IP or the ability for port forwarding? The usage of a central server with a public, fix IP or domain name would be possible tough.
You have an internet facing device that is capable of UDP hole-punching but not TCP? Get a better NAT device. – cpt_fink – 2015-03-04T05:48:56.050
I haevn't done ssh with udp but here is a link on it http://zarb.org/~gc/html/udp-in-ssh-tunneling.html
– barlop – 2015-03-17T12:47:42.427I don't know but I asked an ssh guru, they said ssh can forward udp, but only if it acts like a vpn, and there is a switch for it , he said it's
– barlop – 2015-12-16T06:18:08.567-w
but he said udp over tcp (perhaps by that he includes any attempt to forward udp with ssh), involves issues such as high latency, and retransmits of stuff you don't want anymore. I guess it's still an interesting thing to try though. I see this vpn via ssh and -w mentioned here too https://wiki.archlinux.org/index.php/VPN_over_SSHI'm curious as to why you don't want to open an inbound port? - this doesn't sound like a scenario that requires super awesome security... Alternatively, you could have client A maintain an outbound SSH connection with a reverse port binding to a server that client B has access to. That way you can connect via the middle-man server. However, these sorts of arrangements are prone to failure and so are pretty undesirable given limited physical access to sort it out when it goes wrong. – kabadisha – 2015-12-25T23:43:34.143