Thanks for that beautifully clear explanation, it's this sort of thing that is *far* from obvious when you look at how tos for VPNs.
I guess it's the 'road-warrior setup' is nearest to what I want to do though in reality the 'insecure LAN' involved is just one computer.
-- Chris Green
I guess that's part of my issue with all this. I don't need speed, all I need is something fast enough to handle interactive terminal usage. Neither do I need security, the remote system has no personal information on it at all, the only data to be stolen is temperatures, voltages and other measurements on my boat.
All I need is a reliable piece of wet string between me and the SBC on the boat. :-)
I don't need or want any of that, the remote machine doesn't need to be able to see my home LAN at all, it's the other direction I need.
It's a headless system so command line only and I want it to be able to boot up into a connected state without any local interaction.
Yes, VPNs aren't really designed for what I want to do are they!
It's possible to use a VPN to get to what I want but it's hardly the obvious/ideal way to do it.
I think in reality my existing setup (behind a WiFi NAT firewall) using ssh tunnels is much closer to what I need than a VPN. It'll work just as well behind a 3G/4G router that's NAT'ted.
-- Chris Green
Yes, and this is a nice gotcha if you want to connect two networks behind the same type of modem/from one isp; they are bound to use the same subnet, just their default settings; so the vpn connection won't work. I had this once on different modems/isp's; apparently 192.168.178.0 is a popular choice. Solution is to give one of them a different subnet.
You do need security, to prevent it from being taken over by a botnet/hacker and getting you banned from the network. Also if you have a vpn connection, it's effectively on your home lan.
Am 29.12.2020 um 11:28 schrieb A. Dumas:
Yes, it is the standard default on AVM Fritzbox, the de-facto standard internet modem+router in Germany.
Stumbled once over this when trying out VPNs between my network and my parents...
To prevent what "from being taken over by a botnet/hacker"? If they break into my boat and have access to the computer there then there's absolutely nothing that using a VPN will prevent. As I've said it has to be capable of restarting with the connection in place without my interaction. A VPN doesn't help in the slightest as far as I can see.
Exactly the problem, I don't need this at all. I want communication in the other direction only.
Getting back to my original requirement:-
I want to communicate *from* my home system to a headless SBC.
The headless SBC (Pi or whatever) can connect to the internet but it's almost certainly going to be behind a NAT/firewall of some sort.
-- Chris Green
How does a Pi receive SMS?
How does a phone receive SMS if it isn't 'always on'
because its always on?
-- ?when things get difficult you just have to lie?
Indeed it is,
I wouldnt mkind having e.g. a streaming wildlife camera down te garden, out of wifi range
-- There is something fascinating about science. One gets such wholesale returns of conjecture out of such a trifling investment of fact. Mark Twain
On a sunny day (Tue, 29 Dec 2020 09:59:11 +0000) it happened Chris Green wrote in :
Depends on your programing skills I wrote smsio.c
The other way around, from boat to your phone via SMS, I wrote the script 'ssms' it is part of xgpspc:
Very basically it works like this, raspi measures things like GPS location, water level in bilge, some other things, compares it to some setpoints, and sends SMS to your phone every 15 minutes if an error condition persists. It can notify over radio too if needed.
You can repy to that SMS from your phone with an other SMS with some predefined commands as shown above.
But anyways ssms (send SMS part of xgpspc) is like this: #!/bin/bash
# ssms # sends SMS message to a Huawei G3 USB stick, stick must be in data mode with usb_modeswitch
let error=0
if [ "$1" == "" ] then let error=1 fi
if [ "$2" == "" ] then let error=1 fi
if [ "$3" == "" ] then let error=1 fi
if [ "$4" == "" ] then let error=1 fi
if [ $error == "1" ] then echo "Usage:" echo "ssms PIN phone_number device_name message"
echo "Example:" echo "ssms 1234 31612345678 /dev/ttyUSB4 \"hello there\""
echo " WARNING ssms WILL NOT WARN IF WRONG PIN IS ENTERED!!!!" exit 1 fi
# For now we ignore any response from the USB modem # so if it does not work you don't know why.
# send PIN echo -en "AT+CPIN=\"$1\"\r" > $3 sleep 1
# request text mode echo -en "AT+CMGF=1\r" >> $3 sleep 1
# send phone number echo -en "AT+CMGS=\"+$2\"\r" >> $3 sleep 1
# send SMS message 0, terminated with ctrl Z echo -en "$4\x1a\r" >> $3
echo "ready SMS send"
exit 0
This then runs on your boat with whatever data you want to send,
When nothing out of the ordinary happens no SMS is sent.
Not sure this helps, is more for programmers....
Some pseudo code:
while true do measure water_level if( water_level >= up to chin) ssms PIN YOUR_PHONENUMBER /dev/ttyUSB1 \"blub blub blub\" sleep 10*60 done
while true do measure GPS_position if(distance GPS_position - anchor_GPS_position >= 20 meter) ssms PIN YOUR_PHONENUMBER /dev/ttyUSB1 \"adrift at $GPS_position\" sleep 10*60 done
To prevent the Raspberry Pi (or Beagle Bone or whatever) from being taken over. It isn't about protecting your humidity sensor readings, it's to prevent it becoming part of a botnet used for sending spam or DDOS attacks. Admittedly a very low chance, they mainly target always-on office Windows PC's, but still worth considering, I think, to prevent it being cut off by the network owner. And, you know, to be a decent netizen.
There is a third common useage, the one I use frequently: I VPN to the universtity library and go to a publisher's website. The publisher sees my university IP-address and recognizes me as authorized to access his content.
It is this that allows me to work from home.
-- / \ Mail | -- No unannounced, large, binary attachments, please! --
This is ~exactly how the general public now knows "vpn": to pretend to be from a different country and circumvent geoblocks on content. Unfortunately, but perhaps inherently, these are often dodgy services.
I do that by using a simple proxy setup, one-liner ssh command, configure Firefox to use the proxy and it's done.
-- Chris Green
What the content providers? Yep the UK's BBC (boy buggering communists as we call em )are distinctly dodgy ....and you need a VPN or some sort of proxy to access them from overseas.
-- "In our post-modern world, climate science is not powerful because it is true: it is true because it is powerful." Lucas Bergkamp
Nowadays it's easy to set up a VPN server with PiVPN
It supports both WireGuard and OpenVPN. The installation is "guided", so it's almost impossible to forget a step.
Warning: Wireguard is great, but often still breaks after apt update/upgrade, so for now I prefer OpenVPN.
-- Regards, Kees Nuyt
It's me, there's a lot I don't know about networks, but I do not understand that sentence at all, not one little bit.
-- / \ Mail | -- No unannounced, large, binary attachments, please! --
Yes, decent routers such as the ASUS range (I'm currently using a RT-ac86u), have built in VPN clients (PPTP, L2TP and OpenVPN) and severs (PPTP, OpenVPN and IPSec VPN).
If your router supports a VPN server, everything on your LAN works as it does now say on 192.168.1.x but there will be an extra subnet say
192.168.2.x on which any devices connected to the VPN will appear on. For those external devices they will think they are part of the 192.168.1.x LAN.When you create your VPN on the router, it will export a configuration text file, which you use with your OpenVPN client. Depending on the router this will either be usable as is (as my ASUS was) or need a little editing (some clients need it split in to config, key and cert files).
---druck
I've never seen that one, most default networks I've seen have been
192.168.0., 192.168.1. or 192.168.254. Occasionally 192.168.16.But it should be a matter of course to change a new router's network to something fairly random, when you change the admin password. No, you (or your mother) don't want to use a VPN now, but one day you might.
-- Joe
In my case I often use it when I'm in France because my library and my doctor both require a uk 'user'. So, on my laptop in France I simply do:-
ssh -C2qTnN -D 8080
Then in firefox Network Settings simply tell it to use port 8080 as the proxy address, job done!
-- Chris Green
I think a proxy would be easier, if you have some sort of presence in the required area of course.
-- Chris Green
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.