zackj
Posts: 19
Joined: Tue Jan 22, 2013 6:49 am

Incoming SSH through VPN

Tue Feb 17, 2015 12:33 pm

So I have a challenging problem regarding my current network setup. I want to access my Pi remotely over SSH, so I can access files stored on a USB disk. Specifically Android Studio projects and git, which seem incapable of syncing properly over cloud services like BitTorrent Sync, OneDrive, Google Drive. Now, this is not difficult to set up, I already have public-key authentication and it all works nicely on my local network.

Problem is, my university's ISP is super restrictive. My Pi is behind at least 2 levels of NAT. No port forwarding. Inbound connections are blocked. Also, they reboot their router at 4AM (or something else that makes me lose connectivity). Oh, and once in a while, I'll find I can't connect to anything, unless I load a non-secure webpage first (as if they forgot I registered my MAC address and send me to their captive portal, and then realize I am registered and change their mind).

So, anyways, it's difficult to connect from outside my room! I believe my best option is to use a paid VPN service which offers port forwarding. I'm currently looking at AirVPN, which provides both port forwarding, and a dynamic DNS service.

How can I go about getting the Pi to connect to the VPN on boot, and more importantly, to reconnect when disconnected? Furthermore, if it is unable to connect due to the captive portal thing, to load a webpage (any non-secure one will work) and then retry the connection?

My idea is to write a Python/Bash script that runs every hour, that does this (obviously not actual code):

Code: Select all

(if OpenVPN is running) && (if internet connection eth0 is working) && (VPN tunnel tun0 is working):
   exit

else:
    kill any OpenVPN process
    try downloading an HTML file from a non-secure site
    start OpenVPN
    try downloading an HTML file over tun0
   cleanup
Before I go ahead and waste a ton of time on this.... is there a better way? Any suggestions, improvements?

lucdig
Posts: 103
Joined: Sat Aug 24, 2013 6:45 am

Re: Incoming SSH through VPN

Tue Feb 17, 2015 7:02 pm

If you have a raspberry at home and a public ip address with dynamic dns, you can connect the raspberry at your university via ssh doing a reverse tunnel. Or you can install openvpn in your raspberry at home running on a well known port (443) that would be probably open in the university.
Hope it helps.

zackj
Posts: 19
Joined: Tue Jan 22, 2013 6:49 am

Re: Incoming SSH through VPN

Tue Feb 17, 2015 7:13 pm

lucdig wrote:If you have a raspberry at home and a public ip address with dynamic dns, you can connect the raspberry at your university via ssh doing a reverse tunnel. Or you can install openvpn in your raspberry at home running on a well known port (443) that would be probably open in the university.
Hope it helps.
Thanks for the reply! Sadly I do not have a public IP address, nor are unsolicited inbound connections permitted. I tried running OpenVPN server from my router, but there's no way to reach it. :cry:

stijn.ghesquiere
Posts: 26
Joined: Sat May 19, 2012 9:44 pm

Re: Incoming SSH through VPN

Fri Feb 20, 2015 10:38 am

zackj wrote:
lucdig wrote:If you have a raspberry at home and a public ip address with dynamic dns, you can connect the raspberry at your university via ssh doing a reverse tunnel. Or you can install openvpn in your raspberry at home running on a well known port (443) that would be probably open in the university.
Hope it helps.
Thanks for the reply! Sadly I do not have a public IP address, nor are unsolicited inbound connections permitted. I tried running OpenVPN server from my router, but there's no way to reach it. :cry:
I think Lucdig described a scenario where you have a raspberry at home that is outside the university network and one inside. You then connect the one at the university to the one outside (home), thus outbound port to you home. Next you can use that outport port to enter the university raspberry through ssh from home. But this all stand or falls depending if your home is outside the university network.

If I've understood your situation well, your home ISP is the university, so yes, you need to find an external server.

stijn.ghesquiere
Posts: 26
Joined: Sat May 19, 2012 9:44 pm

Re: Incoming SSH through VPN

Fri Feb 20, 2015 10:46 am

Btw is it a lot of data you want to transport?
Depending on that, you could also get a unmanaged vps (virtual private server) webhost that allows you to manage it like any other web-connected linux computer, including ssh and openpvn. You can get those relatively cheap (from 3 dollar/month and up).

Return to “Networking and servers”