Hi, I would like to know if it is possible to have an SSH connection through the 3G? Or at least a way to connect the board remotely. Thank you.
Hi @leoheck, it would be possible using openvpn, which you can add to the image with the tarball provided on Sierra source.
I tried to do it directly without configuration to connect toi the ipv6 global address but it seems that the operator configured firewall the way we can’t. On the other hand, it was possible from mangOH connect to another computer by global ipv6 address very fast.
Interesting, so you are saying that you may connect from mangOH to a computer but you can’t connect from a computer to a mangOH board due to a firewall on the operator side.
I’m wondering here, what is the difference between both connections?
I am really interested in the connection from a computer to a mangOH (red) because it can be useful for debugging/fixing/changing things remotely. And it can be really helpful if the board is inside a sealed enclosure, for example.
I think the only way is to use a VPN with The SIM card. You will be able to ping the mangoh and start ssh connection.
This is definitely doable. In fact, we’ve implemented this for remote diagnostics and updates without needing Airvantage.
There’s a few requirements:
- Setup the devices
iptablesrules to allow
RMNET0- something like this:
# Allow SSH, PING and DHCP over RMNET (internet) -A INPUT -i rmnet0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i rmnet0 -p icmp -m icmp --icmp-type 8 -j ACCEPT -I INPUT -i rmnet0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
The SIM should support either a dynamic public IP (inexpensive) or a private static IP (expensive). This typically involves connecting to a specific operator APN which ‘opens’ the referred to firewall.
Once the modem has established a data connection you can connect to it via the IP address either directly or through a VPN.
This blog post gives an excellent summary on IP addressing for M2M/IoT Devices.
How you approach it really depends on your requirements. Do you need the device “online” at all times? Would you like the ability to remotely command the modem to open the connection up on it’s end for you to connect to (saves power, reduce online presence for security reasons) only when required?
Hope this helps.