I need your help
I want to connect a Pi save and encrypted to a server. The Pi is behind a Router which is not configurable - no portforwarding, no firewall settings.
- I have a server with static ip in the internet with full root access
- there are several Pis (about 10 at the beginning of this project) on different locations/citys and connected to the internet via Wifi (maybe also ethernet or GSM as well)
- the Pi connects to the Wifi with the WPS-Button push during first set up at location
- the Wifirouter is not accessible, means it can not be configured so portforwarding and firewallsettingchanges are not possible!
- the server sends a command to a specific Pi which leads to a GPIO action
- the pi sends a statuschange to the server when a GPIO recognises an input
- the connection between Pi and Server has to be save and encrypted e.g. via a VPN tunnel
- it should be a plug and play solution means I set up the Pi at home and the just plug it in at the desired location. Dont wanna work an Pi setting at location, just push the WPS button and connect to Wifi and then start connection to Server
- its getting a bit complicated due to the fact that the router is not configurable and the ISP is changing its IP every 24 hours or so
- during my research i found some key words like NAT traversal, STUN-protocol, IPsecVPN, UPnP etc... For example Skype uses the STUN-protocol to connect to each other behind routerNATs and firewalls.
- Do you have made an experience in the above described setting and would share them with us here?
- Is my scenario realistic?
- Is there an easier solution? (that Im not seeing because of the tenthousends of portnumbers in my head)
- how scalable is this? (as I said at the beginning 10 Pis but could get 100)
Thank you so much in advance!