PeterK2
Posts: 8
Joined: Sun Nov 26, 2017 12:44 am

Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Wed Jun 05, 2019 6:58 pm

Hello

sometimes we have Raspberry Pi installed on location without a public IP, so we can't redirect port to it, but we need access.

I understand that Raspberry Pi need to constantly try to access a VPN server (for cases when internet is down etc), where you will also connect via VPN and the server will join these VPN connections.
Main goal is connect to the Raspberry Pi, in some cases the main goal is access the LAN where Raspbeery is, not the Raspbeery itself (for configuring devices there etc).

Is there a ready made solution for this, or like prepared config files etc?

thank you!

fanoush
Posts: 454
Joined: Mon Feb 27, 2012 2:37 pm

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Thu Jun 06, 2019 7:52 am

I found Zerotier https://www.zerotier.com/ to be quite painless. I use it occasionally to stream games to Steam Link on pi3B+ from Azure VM. You just install debian arm client on the pi and rest is configured via web on ZeroTier site - setting up networks, assigning IPs.

PeterK2
Posts: 8
Joined: Sun Nov 26, 2017 12:44 am

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Thu Jun 06, 2019 6:40 pm

fanoush wrote:
Thu Jun 06, 2019 7:52 am
I found Zerotier https://www.zerotier.com/ to be quite painless. I use it occasionally to stream games to Steam Link on pi3B+ from Azure VM. You just install debian arm client on the pi and rest is configured via web on ZeroTier site - setting up networks, assigning IPs.
hmm is zerotier something simlar like neorouter.com ? I'm not sure if neorouter can do what I need (connect raspberry with a windows pc via a VPS server)... but it is free as the zerotier.

gtoal
Posts: 106
Joined: Sun Nov 18, 2012 12:02 am

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Thu Jun 13, 2019 4:50 am

It's not a VPN as such, but if both caller and callee are behind gateways, you can call from one to the other using ssh forwarding, if you have a third host somewhere else with a public IP.

on callee:
export AUTOSSH_GATETIME=0
autossh -f -N -p 443 -R 10001:localhost:22 myacct@publichost -oLogLevel=error -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no

on caller:
ssh myacct@publichost to the public host, then issue: ssh -p 10001 pi@localhost

(There are some runes to conflate the double ssh hop into a single command line but I don't have the exact syntax handy. I worked it out from https://en.wikibooks.org/wiki/OpenSSH/C ... Jump_Hosts but it took a little trial and error.)

I picked port 443 above as that was a port that was allowed to be used for incoming traffic to the public host in the middle.

Postscript: I found an example of a multi-hop ssh command... (different context but it shows the key options)

Code: Select all

ssh -oProxyCommand="ssh -W 192.168.1.1:2001 pi@192.168.1.2" gtoal@192.168.2.251 "echo do the actual command here..."
Last edited by gtoal on Sun Jun 23, 2019 7:44 pm, edited 2 times in total.

PeterK2
Posts: 8
Joined: Sun Nov 26, 2017 12:44 am

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Fri Jun 14, 2019 2:19 pm

gtoal wrote:
Thu Jun 13, 2019 4:50 am
on callee:
autossh -f -N -p 443 -R 10001:localhost:22 myacct@publichost -oLogLevel=error -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no

on caller:
ssh myacct@publichost to the public host, then issue: ssh -p 10001 pi@localhost

I actually need 2 things:

1. is when I put Raspberry in the LAN only as a tool to access the whole LAN (so I don't need Raspberry there, but I need access to the LAN as when I will be connected to it directly), when public IP is not available, I'm still looking for final solution for this

2. when I need manage just the Raspberry, and for that is your solution the best, thank You!

gtoal
Posts: 106
Joined: Sun Nov 18, 2012 12:02 am

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Sun Jun 23, 2019 7:49 pm

PeterK2 wrote:
Fri Jun 14, 2019 2:19 pm
1. is when I put Raspberry in the LAN only as a tool to access the whole LAN (so I don't need Raspberry there, but I need access to the LAN as when I will be connected to it directly), when public IP is not available, I'm still looking for final solution for this
Have you considered OpenVPN? https://www.raspberrypi.org/forums/view ... 6&t=241590

(Or... tunnel PPP over the SSH solution from the previous post, as if it were a virtual RS232...)

Return to “Networking and servers”