On Saturday, 6 June 2020 13:40:26 BST Ralph Corderoy wrote:
> Getting this all working whilst talking someone else through the
> experimentation and typing sounds hard.
If I can get this working with my simulated WMT network here in my home, then
the on-site volunteer should only have to set up port forwarding on the Office
Router. Surely he'd have to do that anyway, whether we used VPN or SSH
ultimately?
The 'simulated WMT network' is a physical representation of the real network
at WMT, so I have an RPi3 with the Webserver software on it (and ulimately the
VPN if I can get it to co-exist with nodogsplash). On the eth0 side of the
RPi3 I have several actual Pi-based devices that are simply spares of the ones
installed at WMT, eg a Gate Valve and a Sensor and Control Assembly which
connects to the measurement probes. In this setup eth0 is connected to the
devices and eth1 is connected to my home Router.
Before I ask the on-site volunteer to do anything, I'll get this lot working
here and test it by getting the on-site volunteer and others to log in to the
Pi network.
I will then simply pass the (fully backed-up) SD Card to the on-site volunteer
who will substitute it for the one currently in the on-site RPi3 and then
configure the Office Router. Only the latter activity should need hand-holding.
> I'd start by having autossh(1) on the r-r Pi maintain a SSH connection
> from r-r Pi through the office router to an Internet SSH server, which
> may be in your home. The Pi's user account would have a private key
> with the matching public key installed on the server so no password is
> required. The password option should also be forbidden on the server.
>
> The Pi's .ssh/config would use RemoteForward to forward connections made
> to a port on the server back across the established SSH connection where
> they'd pop out to the Pi's SSH server's port. Thus you'd have SSH
> access to the Pi if you have access to the server and this allows
> further experimentation, though there's always a risk what you do will
> break everything. A second Pi acting as the SSH tunnel and future VPN
> would avoid co-existing with nodogsplash.
Is this instead of VPN or both together? Until I go in, I would have to rely
on the on-site volunteer to install and integrate the second Pi. That's a bit
more than the tasks that I have in mind for him at the moment.
--
Terry Coles
--
Next meeting: Online, Jitsi, Tuesday, 2020-07-07 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... http://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
