Tuesday, July 3, 2018

Mobile NAT

Cellular modems are really nifty in the sense that they give you internet access pretty much anywhere. Unfortunately, unless you pay for the expense of a business plan, this comes at the cost of not having a public IP address. Essentially the cellular networks operate just like a giant version of your home network; each modem gets assigned a private address that is NAT'd to a public address.

Usually this is OK as long as you're just making outbound connections (such as surfing the web). It does however make it very difficult to establish an inbound connection to a cellular modem from the public network, which we want to be able to do with the CabinPi in the event that we need to ssh into to check on things.

The solution we found was to use AutoSSH. In short, the CabinPi runs the AutoSSH daemon to ensure that there is always a persistent ssh tunnel open to a well known host on the Internet. You can then log into this well known host and then use that tunnel to connect back to the Pi.

Generally, I followed this guide to configure AutoSSH: SSH TUNNELLING FOR FUN AND PROFIT: AUTOSSH.

The final configuration that I used for autossh.service is:
[Unit]
Description=AutoSSH tunnel service
After=network.target

[Service]
User=autossh
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -q -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -NR 2222:localhost:22 autossh@remotehost.com

[Install]
WantedBy=multi-user.target

In general it has worked pretty well and considering that I can ssh to a device up in the mountains it's pretty impressive.

No comments:

Post a Comment