Simplest 3G/4G connection for Pi, must work headless and stand-alone

I meant to add: Most 3G/4G dongles come with software, but at least some of them say 'iOS and Windows only', i.e. no Linux driver supplied, but there are, or were, OSS drivers/FTP equivalent programs available for Linux: I remember trying to use one back in 2005 - the software and dongle seemed to work OK and connect to the phone network, but where I was, out in the sticks, the connection was unuseably slow.

--
--   
Martin    | martin at 
Gregorie  | gregorie dot org

Mobile networks are often quite aggressive at killing idle connections through their CG-NAT - 30 seconds idle is common, for example. To avoid that you have to send keepalives, which will gradually consume your data allowance.

Sending packets from your device is fine - you can just set up a new connection. But receiving is difficult if the NAT mapping has gone away, so the external machine can't reach you. I'm not sure if there's a VPN protocol that handles this appropriately without using keepalives.

It may be that using IPv6 avoids this problem.

Theo

Hardware is cheap, a machine2machine airtime contract may not be.

Theo

Or even better, use OpenVPN to allow the remote device to appear on your local network. If your router supports OpenVPN, use that, otherwise run it on a Raspberry Pi.

---druck

How much do they charge for the /48 after you get the free tunnel ?

Whenever I try to understand how to configure OpenVPN I rapidly get lost.

Presumably I'd run the remote Pi (the one on the boat in France) as a VPN client and have the VPN server running on my home LAN somewhere. I have two Pis already on my home LAN, one of them is a Pi 4, would that be OK to run Open VPN server?

Does an Open VPN server play nicely with an existing LAN whose DNS and DHCP is provided by (yet) another Pi on the LAN? I.e. does everything else work as before locally with just the addition of the remote system so that it adds itself to the existing LAN?

--
Chris Green

Dongles are as cheap as chips, it's the M2M SIM that costs.

--
Chris Green

But a keepalive is only a character (or two), even if it sends a TCP packet as a result that's 1500 bytes. Say 600 keepalives per Mb, that's only a few Mb per day which shouldn't cost too much.

--
Chris Green

-=> The Natural Philosopher wrote to Joe It's a common requirement, and the magic codeword is 'M2M' (machine to > machine). You'll probably need to go to a specialist SIM provider, the > average high-street phone shop salesman won't have a clue what you're > talking about.

TNP> That I did NOT know. That simplifies everything

We have a handful of T-Mobile 4G hotspots, and that service is $5/month, if memory serves. It's a great deal for what possibilities it opens up.

... Are there sections? Consider transitions

I'm running OpenVPN with Pi3's in three different locations, and all are runnning well.

You have to provide proper routing to the server Pi from the public network. I'm using dyn.com dsynamic DNS services to make the ISP's DHCP -assigned IP addresses accessible from the outside.

If your OpenVPN machine is not the same as the incoming firewall/router, you do need port forward from the outside to the OpenVPN machine. The usual port is UDP/1194.

You have also a need to provide routing from the internal network to the OpenVPN daemon for the subnet (or host) to tunnel via the VPN.

--

-TV

-=> Martin Gregorie wrote to Chris Green IOW it does about the same job as the wifi link on a Pi 3, 4 or Zero W MG> except that it preferentially connects to a 3G or 4G base station MG> rather than to the nearest wifi router.

Getting the carrier to provision them properly may be tough. I have a Thinkpad laptop with a SIM slot for a Gobi card, but if I slot in a working GSM sim, it doesn't work. Don't know if they're locked to a specific carrier or need to be provisioned differently to work.

kurt weiske | kweiske at realitycheckbbs dot org |

| 1:218/700@fidonet

Not all of 'em by any means - Amazon prices seem to run from 13 quid to over 160.

--
--   
Martin    | martin at 
Gregorie  | gregorie dot org

On Sun, 27 Dec 2020 18:04:03 +0000, Chris Green declaimed the following:

From

""" A VPN server is nothing more than a software program than runs on your office PC 24 hours a day, waiting for you (the VPN client) to connect to it remotely. """

Unless you want the remote system to continuously "phone home" to access your home system, I suspect you need the server to be on the remote R-Pi. It will sit, waiting for an inbound connection request from your home system, so that you can then interact with ITS OS.

""" Once the connection is made to the VPN server, you would have access to your office PC files and other resources in the office - just as if you were physically attached to your office network in person """

Of course, that may mean having some sort of internet connection active, with either a fixed-IP or via some dynamic DNS service (which gives you a fixed domain name, which it then routes to whatever was the last IP# provided it by the remote -- via some periodic daemon or cron job). And requires open ports on the firewall and any router that may be in the way (I suspect it will be the router that is a problem if using a cellular module -- the cellular service providers expect the module to initiate requests out to the internet, not to respond to requests coming in from the internet).

A VPN may not even be needed at this stage. Merely having an SSH server accessible from outside would provide a command-line management interface. In contrast, a VPN tends to provide an encrypted tunnel allowing the client to "see" the remote machine as if it were a local display.

--
	Wulfraed                 Dennis Lee Bieber         AF6VN 
	wlfraed@ix.netcom.com    http://wlfraed.microdiversity.freeddns.org/

My home desktop/LAN has a static IP so I can open the firewall and route directly to the Pi running the VPN server.

Ay? I'm not at all sure what you mean by this.

--
Chris Green

If he has several rPis dotted around, and wants to connect to any of them by SSH, far easier to just get a static IP addr on the home broadband than dick around with various dynDNS services, just make all the Pis (or beagles) phone home with a VPN or reverse SSH, all the time.

That's free too.

--
Steve O'Hara-Smith                          |   Directable Mirror Arrays 
C:\>WIN                                     | A better way to focus the sun 
The computer obeys and wins.                |    licences available see 
You lose and Bill collects.                 |    http://www.sohara.org/

More accurately, it's the monthly contract that costs. I'm aware of a

4G SIM with a fixed public IP address that costs about GBP16.00 per month, with 1GB of data. Data overrun is very expensive. I've seen much higher prices quoted. There are PAYG versions, but the providers want to make the same kind of money, so the cost per GB is very high.

--
Joe

I think what he means is that using a VPN from a single computer doesn't need any routing changes, but if you want one computer to handle VPN for other local computers, and the VPN machine is not the network's default gateway, then you need to tell the other computers that the VPN computer is the gateway to the distant network. The simplest way is with a DCHP configuration. I recall using a Win2000 workstation as a VPN server for a remote office and needing to do this.

--
Joe

Hmm!! I don't see how that makes sense. 'Using VPN from a single computer' when the 'single computer' is on a LAN - but then it all goes to pot doesn't it? Either the computer is on one's LAN or it's in a VPN with the remote but it can't really do both can it?

--
Chris Green