Unsurprisingly there are many solutions to this particular cat; is the client Windows or Linux, do you have an internet connection with a public-facing IP address, do you want to roll your own or use / purchase a commercial solution, what on the Pi do you want to access; all these questions and scenarios have different solutions. This guide is mostly geared towards packet operators running LinBPQ on a headless Pi, so let's get into it!

To set up remote access without using a third party provider, save of course whichever ISPs you have chosen, you will need what is known as a globally routable IP. This is a unique address on the internet which your ISP provides to you, and from this address you connect out, or indeed people connect in. There are two address spaces, IPv4 (which look like 173.194.203.102) and IPv6 (which look like 2607:f8b0:400e:c05::8a); this guide is going to stick to IPv4 addresses for the sake of familiarity and ubiquity. To find out your public IP address (maybe, caveat below!) you can visit a website such as https://whatismyipaddress.com/.

The IP address of your computer on your home network will almost certainly not be the a public IPv4 address because you are using a Router. One of the jobs of this Router is to translate your internal addresses (most often in the range 192.168.x.x) to the single external address (e.g. 173.194.203.102) such that many computers can share a single internet connection. This is referred to as NAT, Network Address Translation. In order for you access a service inside your home network from the outside world your router must be configured to pass that traffic from the outside to the inside; this is referred to as Port Forwarding, or NAPT, Network Address Port Translation.

All network-able software running on a Host also uses a Port in conjunction with this IP address, ranging from 0 to 65535. There are also a number of protocols (for example TCP and UDP) which a service may use; this unique combination of IP address, protocol and port is referred to as a Socket. Any application running on a Host will have a unique Socket, and for a Client to connect to that Host it needs to know what Socket to connect to.

Thus, in order to access your Pi from the outside world you have to tell your Router to pass traffic from an external Socket to an internal Socket, i.e. set up Port Forwarding. The exact process for doing this on your home router will change from model to model, but is usually pretty easy after a little googling.

Increasingly, 4G providers and many domestic ISPs are using NAT internally within their infrastructure to share the limited number of IPv4 addresses available on the internet with their customers, much like what your home router is doing to share your single IP with all the computers in your home network. This is referred to as Carrier Grade NAT, CGNAT. To determine if your ISP is using GCNAT use a service such as https://whatismyipaddress.com/ and compare this address to the address your internet router is reporting as your public address, or WAN address, depending on the terminology.

*If both your home connection and remote connection are using CGNAT you will be unable to roll your own access, and must use a third party provider*

ISPs known to use CGNAT:

• All 4G / 6G providers
• Toob
• … expand the list please!

ISPs known to distribute globally routable IPs:

• Most UK ADSL / VDSL providers
• Toob, if you pay 'em
• Virgin
• Three 4G / 5G connections using the 3internet APN
• … expand the list please!

If they provide you with a globally routable IP address most ISPs will provide you with a dynamic address. This is subject to change periodically, or when you disconnect / reconnect

DuckDNS No-IP

Public / Private keys SOCKS proxying; browser / telnet

Setup Usage examples

To do!

• Tailscale
• Anydesk
• Rustdesk