Differences

This shows you the differences between two versions of the page.

--- pi:remote_access [2025/04/14 21:19] – m0mzf
+++ pi:remote_access [2025/04/14 22:08] (current) – [Remotely accessing your Pi - Roll your own!] m0mzf
@@ Line 1: / Line 1: @@
-======= Remote accessing your Pi =======
+======= Remotely accessing your Pi - Roll your own!=======
-Unsurprisingly there are many solutions to this particular cat; is the client Windows or Linux, do you have an internet connection with a public-facing IP address, do you want to roll your own or use / purchase a commercial solution, what on the Pi do you want to access; all these questions and scenarios have different solutions. This guide is mostly geared towards packet operators running LinBPQ on a headless Pi, so let's get into it!
+Unsurprisingly there are many solutions to this particular cat; is the client Windows or Linux, do you have an internet connection with a public-facing IP address, do you want to roll your own or use / purchase a third party solution, what on the Pi do you want to access; all these questions and scenarios have different solutions. This "guide" is mostly geared towards packet operators with limited network / Linux / Pi experience running LinBPQ on a headless Pi, so let's get into it!
-=====Roll your own=====
+=====IP addresses, ports, and the internet=====
-====IP addresses, ports, and the internet====
 To set up remote access without using a third party provider, save of course whichever ISPs you have chosen, you will need what is known as a //globally routable IP//, or //Public IP// This is a unique address on the internet which your ISP provides to you, and from this address you connect out, or indeed people connect in. There are two address spaces, IPv4 (which look like 173.194.203.102) and IPv6 (which look like 2607:f8b0:400e:c05::8a); this guide is going to stick to IPv4 addresses for the sake of familiarity and ubiquity. To find out your public IP address (maybe, caveat below!) you can visit a website such as [[https://whatismyipaddress.com/]].
@@ Line 17: / Line 16: @@
 Increasingly, 4G providers and many domestic ISPs are using NAT internally within their infrastructure to share the limited number of IPv4 addresses available on the internet with their customers, much like what your home router is doing to share your single IP with all the computers in your home network. This is referred to as //Carrier Grade NAT, CGNAT//. To determine if your ISP is using GCNAT use a service such as [[https://whatismyipaddress.com/]] and compare this address to the address your internet router is reporting as your //Public IP//, or //WAN address//, depending on the terminology.
-**  *If your ISP is usig CGNAT your //Public IP// will not be a //Globally Routable IP//*  **
+**If your ISP is usig CGNAT your Public IP will not be a //Globally Routable IP//, and  if both your home connection and remote connection are using CGNAT you will be unable to roll your own access, and must use a third party provider.**
-**  *If both your home connection and remote connection are using CGNAT you will be unable to roll your own access, and must use a third party provider*  **
@@ Line 36: / Line 34: @@
 If you're provided with a globally routable IP address most ISPs will hand out a dynamic address. This is subject to change periodically, or when you disconnect / reconnect. If you've got a service running on your home network and a port forward set up to access it then this constantly moving IP address will require some sort of translation; and in any case remembering IP addresses is hard and remembering words is easy, so it's a good idea regardless to set up some sort of dynamic DNS.
-When you set up dynamic DNS a program will run on your Pi, usually every few minutes or so, which grabs your Public IP
+When you set up dynamic DNS a program will run on your Pi, usually every few minutes or so, which grabs your Public IP and sends it to the Dynamic DNS provider. Thus when your Public IP changes there will be, at most, a few minutes of outage before the Dynamic DNS provider is made aware of the new address.
+Probably the best service is [[https://www.duckdns.org/|DuckDNS]], here's how you [[https://pimylifeup.com/raspberry-pi-duck-dns/|set it up on a Pi]]
+=====Remote access tools=====
+By far and away the most secure, flexible and modern way of doing this is using wireguard. Wireguard creates a tunnel between two points, perhaps your Pi and your favourite home PC, and from there you can just use the IP address of the Pi's end of the tunnel to access anything you'd normally do over the network, just as if it was plugged in at home. Wireguard can do much more, but that's outside the scope of these ramblings.
 ====SSH====
+< To do >
 Public / Private keys
 SOCKS proxying; browser / telnet
 ====Wireguard====
-Setup
+(Further expansion needed! Is this the easiest? It's not the "cleanest" but it does work... are full manual setup instructions a good idea?)
-Usage examples
+Setting up Wireguard is a little complex, but most of the work has been taken out of it by the superb [[https://www.pivpn.io/|PiVPN Project]], [[here's how you set it up|https://pimylifeup.com/raspberry-pi-wireguard/]].
+Assuming your Pi is on an internet connection with a globally routable IP and you've set up dynamic DNS and port forwarding, this will work.
+Take a look at the file you created in, for example, /home/pi/configs/myvpn.conf:
+<code>
+[Interface]
+ListenPort = 51820
+PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
+Address = 172.16.23.58/32
+[Peer]
+PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
+AllowedIPs = 0.0.0.0/0
+Endpoint = x.x.x.x:58120
+PresharedKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
+</code>
+Make a note of the "Address" line under [Interface] - this will be the IP address you use to connect to your Pi.
+To set up the other end of the wireguard tunnel on Windows [[https://www.wireguard.com/install/|Install the client]] and import the file which PiVPN created in the previous step.
+To set up the other end of the wireguard tunnel on (most) Linux Distributions (which use NetworkManager) [[https://forum.manjaro.org/t/howto-configure-wireguard-via-the-networkmanager-gui-advanced-network-manager/138040|follow this guide]] to import the file which PiVPN created in the previous step.
+Now you can, for example telnet into your linbpq node:
+<code> telnet 172.16.23.58 8010 </code>
+or view the LinBPQ web server
+<code> http://172.16.23.58:8008 </code>
+or SSH into your Pi
+<code> ssh [email protected] </code>
-=====Commercial solutions=====
+=======Remotely accessing your Pi - Third party solutions=======
 To do!
-  * Tailscale
+  * Tailscale - wireguard made super easy
-  * Anydesk
+  * Anydesk - remote desktop made easy
-  * Rustdesk
+  * Rustdesk - remote desktop made easy and open source