Simplest 3G/4G connection for Pi, must work headless and stand-alone

As I understand it, data connections (as opposed to voice connections) are permanently on and don't accrue connection charges. You get a standard amount of data per month that can be transferred over the connection, which varies according to the tariff.

So you need a USB mobile data device and a SIM with a suitable data tariff. Then you need a means of connecting to the Pi, in the same way that you would if it was connected by Ethernet/wifi to your home network. VNC Server on the Pi and VNC Client on the computers that will connect to the Pi will give you a remote desktop. There maybe ways of doing it with PuTTY or other ssh terminal apps, though I'm not sure how those handle you being connected by a public WAN rather than LAN: I've only used Juice SSH on my mobile phone for connecting to my Pi over my private LAN.

Since you will be running the Pi headless, one little hint (in case you haven't discovered this already) with the Pi 4: you need to tell the Pi to boot even if it can't find a monitor connected by HDMI and to set the video mode which would normally be negotiated between Pi and monitor at boot time.

modify /boot/config.txt:

hdmi_force_hotplug=1 # allow Pi to boot with no monitor connected hdmi_group=2 hdmi_mode=82 # force 1920x1080x60 even though monitor can?t be auto-detected

It seems very much to me that this depends on whether the Pi can have a fixed IP address, or be behind a router that supports Dynamic DNS. If either of those is true, you can ssh to it easily.

If you have no idea of its IP address, then it gets somewhat harder.

Tell us a bit more about the Pi's connectivity, and we may be able to help you more.

David

So does just trying to connect *to* the device which has the data sim dongle wake up the connection? It means one needs a dynamic DNS service but that's not a big problem.

Yes, as I said it needs a dynamic DNS service but that's all.

I probably have got it all wrong! The Pi is actually a Beaglebone Black but that's irrelevant.

All I want to do is be able to use ssh to connect *to* the BBB from home computers which have an internet connection. The BBB doesn't have WiFi available.

Currently it uses (rather flaky) marina WiFi and sets up ssh reverse tunnels by connecting to an intermediate system so that I can then connect *to* it via the intermediate system.

I am looking for something more reliable.

So, if one has 'always on' FROM the pi does that then just require some sort of dynamic dns service to be able to ssh *to* it?

--
Chris Green

Not really, if the 4G connection is down, there's no remote way you can ask it to come up, you could do something custom like sending an SMS to the dongle (if the SIM supports SMS in addition to data) and have something running on the Pi to bring up the 4G connection in response (and maybe text you back the IP address it has)

The other possible wrinkle is that even with the 4G connection up, it may be using CGNAT which doesn't allow inbound TCP connections, just outbound, so again you might homebrew something that brings up a VPN tunnel from the Pi end over the 4G, then you can connect though the tunnel ...

Yes, I don't think I realised this and it makes a big difference! Do they care which direction the data goes?

Does it have to be a 'data only' SIM for this to work or would any SIM with included data work OK?

I use ssh and command line for everything. Once both ends are connected to the internet it 'just works', that's what I want.

Yes, I know, I run several Pis headless. It's a good reminder though, plus the real killer, the ssh daemon isn't enabled by default.

--
Chris Green

But all-in-all, I think I'd just nail the VPN and/or 4G up all the time.

A *little* bit more than that, a lot of 4G dongles still pretend to be modems, using e.g. ATDT*99# command to "dial" the connection, no dialling takes place, but it's a convenient lie to allow a PPP daemon to bring up the 4G connection and get an IP addr etc.

That'll work, provided your mobile provider gives you a public IP address, not a private one that's NATed.

It is possible to get a fixed, public IP address on a 4G SIM, but it takes a bit of finding. Even then, the actual IP address is dynamic and private, but the 4G operator runs a NAT server to accept calls on a fixed public address and route them to the SIM.

It's a common requirement, and the magic codeword is 'M2M' (machine to machine). You'll probably need to go to a specialist SIM provider, the average high-street phone shop salesman won't have a clue what you're talking about.

--
Joe

By definition on a mobile network its behind a HUGE NAT proxy. Unless you are supremely lucky and you het an IPV6 address

--
Truth welcomes investigation because truth knows investigation will lead  
to converts. It is deception that uses all the other techniques.

No, not even that will work.

Because that will take you to the ISPS NAT router and there will be no way to route onward to the Pi.

*Only if the Pi initiates the connection* will the NAT router set up a mapping between public IP/port and PI IP/port.

Its analogous to your current wifi setup. The Pi will have to be online and permanently connected in some way to a publiclly accessible server that you can use as a gateway.

Thats how stuff like whatsapp or wificalling or skype, work on a mobile, they are constantly polling a server registering what ip address and socket they can be accessed on and when another phone contacts the server it simply proxies the traffic or possibly tells them what ip to use.

You will need a server in public internet space I think. A virtual private server can be VERY cheap if all you are running in it is a gateway.

I am not up in VPS so I would code up some custom daemon on one of my VPSes. Then your clients would contact that daemon which would 'know' where the Pi was, and perhaps start relaying packets down the pipe to te pi.

--
Truth welcomes investigation because truth knows investigation will lead  
to converts. It is deception that uses all the other techniques.

thats a very very big IF.

I run a few public websites and trawl through the logs have happened when they have been DOSed

All IP ranges from mobile devices have been NATed. It is extremely rare to find *anyone* actually not behind a NAT router - some big companies.

Obviously if YOU control the NAT router not the mobile ISP, and THAT has a fixed IP address you can set up an inbound connection but not many people do.

--
Future generations will wonder in bemused amazement that the early  
twenty-first century?s developed world went into hysterical panic over a  
globally average temperature increase of a few tenths of a degree, and,  
on the basis of gross exaggerations of highly uncertain computer  
projections combined into implausible chains of inference, proceeded to  
contemplate a rollback of the industrial age. 

Richard Lindzen

Or I can do what I already do out through the marina WiFi, set up reverse ssh tunnels. That might actually be the way to do it anyway as it avoids the need for dynamic DNS.

--
Chris Green

That I did NOT know. That simplifies everything

--
?The ultimate result of shielding men from the effects of folly is to  
fill the world with fools.? 

Herbert Spencer

I already run ssh tunnels from the Pi (well it's a BBB actually) to get through the NAT'ted WiFi connection so I can easily do the same to use the 3G/4G.

--
Chris Green

That should work purrfect if you know how to so it, I dont

--
There is nothing a fleet of dispatchable nuclear power plants cannot do  
that cannot be done worse and more expensively and with higher carbon  
emissions and more adverse environmental impact by adding intermittent  
renewable energy.

OP here. Yes, I get through a NAT router firewall already when connecting via the (unreliable) marina WiFi by using ssh tunnelling.

The Pi (well BBB actually) makes an ssh connection out to an intermediate system where I have an ssh login account and sets up reverse tunnels to allow ssh from the 'outside' back into the BBB. It works well apart from the marina WiFi disappearing at intervals.

--
Chris Green

I think it's quite expensive (M2M that is).

--
Chris Green

OK, my current WiFi set up is (as a mobile connection would be) behind a NAT router and I set up reverse ssh tunnels to allow me to connect 'on demand' to the Pi (BBB). So I can do exactly the same using the mobile data connection.

Will the mobile provider object to the connection being up all the time but with virtually no data going through it?

--
Chris Green

That or tunnel an IPv6 connection in from Hurricane Electric and have a routed /64 to play with (or even a /48).

--
Steve O'Hara-Smith                          |   Directable Mirror Arrays 
C:\>WIN                                     | A better way to focus the sun 
The computer obeys and wins.                |    licences available see 
You lose and Bill collects.                 |    http://www.sohara.org/