SSH connection through mobile network?

mangOH Red
1

Hi, I would like to know if it is possible to have an SSH connection through the 3G? Or at least a way to connect the board remotely. Thank you.

1 Like
2

Hi @leoheck, it would be possible using openvpn, which you can add to the image with the tarball provided on Sierra source.
I tried to do it directly without configuration to connect toi the ipv6 global address but it seems that the operator configured firewall the way we canā€™t. On the other hand, it was possible from mangOH connect to another computer by global ipv6 address very fast.

3

Interesting, so you are saying that you may connect from mangOH to a computer but you canā€™t connect from a computer to a mangOH board due to a firewall on the operator side.

Iā€™m wondering here, what is the difference between both connections?

I am really interested in the connection from a computer to a mangOH (red) because it can be useful for debugging/fixing/changing things remotely. And it can be really helpful if the board is inside a sealed enclosure, for example.

4

I think the only way is to use a VPN with The SIM card. You will be able to ping the mangoh and start ssh connection.

5

Hi @leoheck.

This is definitely doable. In fact, weā€™ve implemented this for remote diagnostics and updates without needing Airvantage.

Thereā€™s a few requirements:

  1. Setup the devices iptables rules to allow SSH over RMNET0 - something like this:
# Allow SSH, PING and DHCP over RMNET (internet)
-A INPUT -i rmnet0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i rmnet0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-I INPUT -i rmnet0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT

  1. The SIM should support either a dynamic public IP (inexpensive) or a private static IP (expensive). This typically involves connecting to a specific operator APN which ā€˜opensā€™ the referred to firewall.

  2. Once the modem has established a data connection you can connect to it via the IP address either directly or through a VPN.

This blog post gives an excellent summary on IP addressing for M2M/IoT Devices.

How you approach it really depends on your requirements. Do you need the device ā€œonlineā€ at all times? Would you like the ability to remotely command the modem to open the connection up on itā€™s end for you to connect to (saves power, reduce online presence for security reasons) only when required?

Hope this helps.

Cheers,
Raf

6

Thanks for the explanation @Raf ! My college said he tested that once using Sierra SIM card, maybe the problem was the operator like @alex1 said.

7

I checked my connection conditions on ipv6-test.com and it occured that ICMPv6 at my operator is filtered. The connection is provided by mangOH through IPV6 and forwarded to computer.

1 Like