Close

Remote Access

A project log for Wandboard experiments

Setting up the WBQUAD

Christoph TackChristoph Tack 05/22/2020 at 17:190 Comments

How to make a connection from the internet to your wandboard when it's behind a router/NAT?  I see four options:

  1. Reverse-SSH tunnel
  2. Tor as a hidden service
  3. Tox TCP Tunnel
  4. Router port forwarding
  5. DMZ

I'll only handle reverse SSH tunneling here, because it avoids fiddling with your router settings.

1. SSH Remote port forwarding / Reverse SSH tunneling

Using Serveo.net almost any port can be forwarded.  In the following example port 22 (SSH) will be forwarded with serveo.net used as a jump server.  It's also explained here.

This command instructs Serveo.net to forward incoming SSH-connections (on port 22) destined for the alias "wandboard" (the first wandboard in the command) to the localhost (which is the wandboard) (also on port 22). 

The alias "wandboard" in the command is free for you to choose. The following command must be run from your wandboard:

ubuntu@arm:~$ ssh -R wandboard:22:localhost:22 serveo.net                                                                                                                                                   
Forwarding SSH traffic from alias "wandboard"
Press g to start a GUI session and ctrl-c to quit.

Remark that this command will lock up your terminal if you don't add an &.

 On your local machine, which could be located anywhere on the internet, you execute the following command:

christoph@christoph-ThinkPad-L580:~$ ssh -J serveo.net ubuntu@wandboard
Last login: Fri May 22 17:03:39 2020
ubuntu@arm:~$ 

This command makes an SSH-connection to serveo.net, which in turn connects us through to ubuntu@wandboard.

Weaved, Dataplicity, ngrokpitunnel offer similar services.  But they require registration and the execution of some sort of script.

Teleconsole can be used to share terminal sessions between users and port forwarding.  Basically, it's just an SSH-proxy.

2. TOR as a hidden service

The disadvantage is that the client side must also use Tor to make a connection.  For more info see Tor project log. Tor is also quite slow.

3. Router port forwarding

  1. You need access to the configuration of your router.  This will most likely only be possible on your own home network.
  2. Each forwarded port must be setup separately in the router.
  3. You might have to assign a static IP-address to the wandboard.
  4. The additional problem is that you'll probably don't have a static IP-address, so you'll have to use some Dynamic-DNS service such as Duck-DNS.

4. DMZ

This fully exposes your wandboard on the internet.  I don't see a reason in taking this risk.

Discussions