Page 1 of 1

Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Posted: Wed Jun 05, 2019 6:58 pm
by PeterK2
Hello

sometimes we have Raspberry Pi installed on location without a public IP, so we can't redirect port to it, but we need access.

I understand that Raspberry Pi need to constantly try to access a VPN server (for cases when internet is down etc), where you will also connect via VPN and the server will join these VPN connections.
Main goal is connect to the Raspberry Pi, in some cases the main goal is access the LAN where Raspbeery is, not the Raspbeery itself (for configuring devices there etc).

Is there a ready made solution for this, or like prepared config files etc?

thank you!

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Posted: Thu Jun 06, 2019 7:52 am
by fanoush
I found Zerotier https://www.zerotier.com/ to be quite painless. I use it occasionally to stream games to Steam Link on pi3B+ from Azure VM. You just install debian arm client on the pi and rest is configured via web on ZeroTier site - setting up networks, assigning IPs.

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Posted: Thu Jun 06, 2019 6:40 pm
by PeterK2
fanoush wrote:
Thu Jun 06, 2019 7:52 am
I found Zerotier https://www.zerotier.com/ to be quite painless. I use it occasionally to stream games to Steam Link on pi3B+ from Azure VM. You just install debian arm client on the pi and rest is configured via web on ZeroTier site - setting up networks, assigning IPs.
hmm is zerotier something simlar like neorouter.com ? I'm not sure if neorouter can do what I need (connect raspberry with a windows pc via a VPS server)... but it is free as the zerotier.

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Posted: Thu Jun 13, 2019 4:50 am
by gtoal
It's not a VPN as such, but if both caller and callee are behind gateways, you can call from one to the other using ssh forwarding, if you have a third host somewhere else with a public IP.

on callee:
export AUTOSSH_GATETIME=0
autossh -f -N -p 443 -R 10001:localhost:22 myacct@publichost -oLogLevel=error -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no

on caller:
ssh myacct@publichost to the public host, then issue: ssh -p 10001 pi@localhost

(There are some runes to conflate the double ssh hop into a single command line but I don't have the exact syntax handy. I worked it out from https://en.wikibooks.org/wiki/OpenSSH/C ... Jump_Hosts but it took a little trial and error.)

I picked port 443 above as that was a port that was allowed to be used for incoming traffic to the public host in the middle.

Postscript: I found an example of a multi-hop ssh command... (different context but it shows the key options)

Code: Select all

ssh -oProxyCommand="ssh -W 192.168.1.1:2001 pi@192.168.1.2" gtoal@192.168.2.251 "echo do the actual command here..."

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Posted: Fri Jun 14, 2019 2:19 pm
by PeterK2
gtoal wrote:
Thu Jun 13, 2019 4:50 am
on callee:
autossh -f -N -p 443 -R 10001:localhost:22 myacct@publichost -oLogLevel=error -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no

on caller:
ssh myacct@publichost to the public host, then issue: ssh -p 10001 pi@localhost

I actually need 2 things:

1. is when I put Raspberry in the LAN only as a tool to access the whole LAN (so I don't need Raspberry there, but I need access to the LAN as when I will be connected to it directly), when public IP is not available, I'm still looking for final solution for this

2. when I need manage just the Raspberry, and for that is your solution the best, thank You!

Re: Is there a ready-made vpn solution for Raspi to be accessible via non-public IP ?

Posted: Sun Jun 23, 2019 7:49 pm
by gtoal
PeterK2 wrote:
Fri Jun 14, 2019 2:19 pm
1. is when I put Raspberry in the LAN only as a tool to access the whole LAN (so I don't need Raspberry there, but I need access to the LAN as when I will be connected to it directly), when public IP is not available, I'm still looking for final solution for this
Have you considered OpenVPN? https://www.raspberrypi.org/forums/view ... 6&t=241590

(Or... tunnel PPP over the SSH solution from the previous post, as if it were a virtual RS232...)