On Sat, Oct 7, 2017 at 11:56 AM, James Harper <james@meadowcourt.org> wrote:
Hi all, I'm about to deploy a small server (raspberry pi) in a remote location (outback WA). The site has satellite internet, which I believe is reliable but laggy. I'd like to set up my server so I have remote shell access, but the problem I'm struggling with is the two layers of dynamic IP. The site as a whole has some satellite modem that gets a dynamic IP, but then my server will get a NATted dynamic IP from the router. I don't have control over the router, so I can't implement port forwarding with a static IP. Does anyone know what the "correct" solution might be? I've only gotten as far as very hacky solutions such as a reverse tunnel via an ssh cron job (hourly?) to my local IP. The server is in hourly communication with an Amazon S3 service to upload its collected data, so another possibility is that it periodically checks the S3 drive for a file to execute. If i place a > script there it could run it and pipe the results back to me. Nasty and not very interactive. Anyone? Cory
I would use an IPSEC or OpenVPN (or whatever) connection back to a central location and access from that way.
IPSEC is nice because its standard and should be supported in some form or another by just about anything. I don't know if the raspberry pi will support it, but your local router might. OpenVPN is nice because you can tunnel at L2 or L3 and you get an interface and routing is a bit more intuitive.
I've used OpenVPN before on a satellite connection for more or less the same reasons as you, and it worked really well.
You might also consider DynDNS and port forwarding, if your Satellite connection is actually a world routable IP. It could actually be CGN like most 4G connections though, in which case you won't be able to get back through it even if you know the dynamic IP via DynDNS.
Thanks for the pointers, I'll look into them. Correct me if I'm wrong, but they both depend heavily on me having a server with a static IP elsewhere. Do both method also require that some process periodically check whether the connection is still up and re-try? cheers, Cory