![]() ![]() This does work, but remember that some users disable this feature as they feel it is a security risk. This would let your IOT device open a port on the user's home router letting you dial in directly. Most / All home routers support Universal Plug and Play. VPNs drop disconnect without warning and the client will need to reconnect automatically. Make sure you have read up on "auto reconnect".Otherwise how will you connect your laptop to the server such that it isn't a VPN client. However you will then need to consider how to use this VPN? Initiating SSH connections from the server will be fine. Would let clients talk to each other which you don't want. Don't enable OpenVPN's -client-to-client communication.Don't give your VPN server access to anything on your corporate network, make it standalone. You don't want to give your users access to snoop round your corporate network.You can find examples on the web for OpenVPN which will most likely be the right VPN technology for this situation. I would avoid this server having any access to your own network. But it works! Permanently attached VPNĪs you mention you can setup a VPN server. You are making an SSH connection which is wrapped in an ssh connection. You can then, yourself SSH into the remote server and from the server SSH onto the IOT device using the remote port previously mentioned: ssh -p 1234 localhost So if the remote port was 1234, the device would dial out to your server: ssh -R 1234:localhost:22 The device would need to be told a "remote" port to use, and you would then need to know what that port is. Typically you do this on-demand, so include some trigger in your own software which tells it to do this. You can configure the device to ssh into a remote server with a port forwarding back to port 22 on the device. If dialling in through SSH is your only option then you have a few options. If this opens up a hole for a hacker to get onto user's home network then it can end your business. Having worked in this space with ~3,000 devices you really don't want to get in the habit of logging in via SSH if you can possibly avoid it.Īlways consider security. Because the original connection came from the remote computer to you, using it to go in the other direction is using it 'in reverse.' And because SSH is secure, you're putting a secure connection. Consider tools similar to Puppet which can carry out maintenance unassisted and give a way to send the same upgrades to may devices simultaneously. Reverse SSH tunneling allows you to use that established connection to set up a new connection from your local computer back to the remote computer.Deploy your application in a similar manner, sending it as one complete package which self-deploys.so no remote calls to apt-get dist-upgrade which can brick the device and force you to send an engineer to fix them. Deploy your OS upgrades as complete images.This can work with tens or even hundreds of customers. In this context it's a little unidiomatic to want an SSH connection. I'll start by saying it sounds like you are implementing some kind of IOT device. I've answered your question below, but before I do. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |