Raspberry Pi Remote Access - what is the best (your) way?


#1

the raspis at my site i can easily access in house via ssh/vnc through my internal (wifi)network - from outside i use the vpn-appliance network access.

but when using a pi at a remote site where no external vpn-box is available up to now i see two ways:

  1. ssh to pi via router port-forwarding (what i do not like much)
  2. weavedconnectd

what’s your ultimate solution and why
thanks
tom


"My ADS-B" as seen from another location?
Multiple Stations with RPi, but I can't merge them!
#2

I generally use SSH with public/private key authorization with a passphrase set on the key as well.
In the case of my feeder it sits in a DMZ as well to isolate it from my internal network.


#3

Solution 1.

If you are worried about some scripts could break in, use fail2ban and/or use a different port than 22 for ssh. Use ssh always with a key (and of course a passphrase for that key).


#4

@ jprochazka + sesom

i forgot to mention what my main problem is. i want to place it a the house of girl :slight_smile:
so i do not want to mess around on her network …


#5

Make a dedicated router/firewall… Use PFsense and make your own vpn for free, and access your pi via ssh remotely.


#6

This eltechs.com/run-teamviewer-on-raspberry-pi/ looks interesting, however I did not tried that yet on RPi (I do use TeamViewer to support my mother-in-law laptop :wink: :slight_smile: ).


#7

Without messing around on the router at the remote location complicates things a bit. (Normally you’d port forward some random port and use ssh with a key instead of a password). But if your end is a known IP address, or you have a DDNS, might you be able to use openvpn on the Pi to tunnel into your network from the remote site? If the remote site maintains the vpn, you can then ssh into it by using the local address on your network. I’ve not tried openvpn this way round but worth a test maybe.


#8

OpenVpn is a payed vpn service to run with your network, BUT you can use it continuously for free provided if you make your own VPN server where your Pi is located and run under OpenVpn client. You dont need DNS for this. As what i mentioned in my previous post, make your own VPN,Firewall and Proxy server using PFsense and for free too. :slight_smile:


#9

haha - cool :slight_smile: never noticed this way of using teamviewer on the tiny raspi. i also use teamviewer often and love the ease of use and how it overcomes firewalls, routers etc. without any hassle. i’ll give that a try - but most of the time i do not need the graphical interface - and so this maybe is bit too much (using wine and on top teamviewer) for my needs in this case …


#10

@ blueskyspotter + Jranderson777

thanx for your ideas :slight_smile:

brillant - that’s just the other way round i was thinking about - but your’e right - this is an option too - initiating the vpn from the pi and not from where i want to remote-control it. this way i’d not have to forward a dedicated port on the router. a little downside here would be - i could make a fixed tunnel to my network at home - and then when beeing elsewhere i’d have to connect to my network first to then reach the remote pi.

did you ever hear/try this weavedconnectd thing which is promoted at raspberry pis website? https://www.raspberrypi.org/documentation/remote-access/access-over-Internet/internetaccess.md


#11

Hi all, :smiley:

A reverse SSH tunnel is also a nice solution… for example, see this tutorial.
tunnelsup.com/raspberry-pi-p … sh-tunnel/

Regards,

Erik


#12

hi erik - is it mandatory to use this spy-housing for the pi :))) in my understanding it’ a bit like autossh - and a similar setup as mentioned from blueskyspotter and Jranderson777 - the remote pi opens a tunnel (whatever kind of) …


#13

I have almost zero knowledge about remote networking and protecting a network from unauthorized access. Reading all above posts made me so alarmed, I took a very simple and basic precautionary measure - removed SSH, WebServer & Port forwarding for my Pi from my Router. Peace of mind now :smiley:.


#14

not at all - you have to pull raspis power plug first :)))


#15

Seems right. I am feeding data to several sites, which means tunnels are established between Pi & these sites. Is there a likelyhood that these tunnels can be used by hackers as backdoor to access my network? If yes, then I have to pull the power plug of Pi :smiley:


#16

hi erik - is it mandatory to use this spy-housing for the pi :slight_smile:)) in my understanding it’ a bit like autossh - and a similar setup as mentioned from blueskyspotter and Jranderson777 - the remote pi opens a tunnel (whatever kind of) …

No the spy-housing is not mandatory… :smiley: , blueskyspotter and Jranderson777 mention Open-VPN , i found OpenVpn hard to setup…
The tunnel can also be used to transport web-traffic

Google is your best friend… :smiley:

Another tutorial.

chamibuddhika.wordpress.com/201 … explained/


#17

go with weaved.
ssh into the control console or use the pi’s web interface, whichever you need.
no cost for 30 minute connects, works flawlessly, and you can use a very strong password.


#18

sure - that’s what i meant when saying ‘opens a tunnel (whatever kind of)’. thanx again - i’ll read this article now :slight_smile:


#19

hi elpipila, thanx - so you use weaved thing and are happy with? good to hear - so i’ll give this a try too over the next days :slight_smile:


#20

yep - this is possible. even with trusted partners. e.g. flightawares auto-update - if somebody hacks their servers - he then could install whatever he wants on your pi and monitor/access your network. so - never put the feeding pi into your main network - use dmz or a seperate network. but this is something for a different thread …

edit: but i’m a happy german and do not have to spend thoughts on most unlikely cases - our by far biggest security risk is our actual government :slight_smile: