Hello and Happy New Year! Hope the start of the new year find you in great shape for the upcoming year! I myself started the year in force, with lots of work and technical challenges 😁
Today I would like to share with you an easy solution that I found if you plan to connect to RaspberryPI from outside your home network, without the need to use port forwarding. To me it’s very useful because I want to be able to act remotely if some processes installed on my Raspberry stop for whatever reason.
The natural solution in this case would be to use port forwarding to connect to your Raspberry. But it might not be suitable for all kinds of reasons:
- The technical complexity of using port forwarding and ensuring that the client IP address doesn’t change over time
- Your ISP does not allow you to open ports
- You don’t have a static public IP address from your ISP
- The router doesn’t support Dynamic DNS
- Or simply your home network architecture is more complicated, like in my case where I use a router that connect to another router with internet access
NGROK to the rescue
By browsing out there for available cloud tunneling solutions, I found NGROK which seems to be sufficient for the purpose. It allows you to have TCP tunnels, setup custom domains, tunnel sessions and also features an API for select requirements. Let’s now see how to configure it!
First step is to login here. Create an account first if you don’t have one already. When you successfully login, you’ll be redirected to the “Getting Started” page. Then open an SSH connection to your Raspberry and be ready to run the following commands to setup ngrok on your Raspberry:
$ wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.tgz # Use https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm64.tgz for 64 bit version $ tar -xvf ngrok-stable-linux-arm.tgz # Use ngrok-stable-linux-arm64.tgz for 64 bit version $ ./ngrok authtoken <token_key>
You need to replace <token_key> with your auth token generated by the dashboard. This command will add the token into the ~/.ngrok2/ngrok.yml configuration file.
Let’s do a test run and see if we can connect to it through SSH via NGROK tunnel. First run this ngrok command:
$ ./ngrok tcp 22
If everything is ok, you should see that it prints a TCP URL similar to tcp://6.tcp.ngrok.io:23122. Alternatively, you can see it in dashboard, the “Online Endpoints” page:
Now, in another Terminal, try to connect to the Raspberry via the SSH tunnel we created. Be careful to omit the tcp:// part and the port number for the address. The port has to be specified separately like in the following:
$ ssh email@example.com -p 23122 The authenticity of host '[6.tcp.ngrok.io]:19528 ([220.127.116.11]:23122)' can't be established.
When prompted for the authenticity of host, type yes and press Enter. Then you’ll be asked for your user’s password and if you remember it, you are right inside your Raspberry, ready for remote hacking! Yuhuu 🙂
Yet, this is not over, because you’ll have to make sure that NGROK starts automatically if your Raspberry reboots. This can be achieved by my favorite solution PM2 or by using systemd. I’m not such an expert on systemd, but I’ll write an article about PM2, which I believe it’s a great tool for this type of scenarios.
As you can notice, with the right tools and documentation, you can basically achieve almost anything. It can be demanding at first, but remember that it’s all about taking the bull by the horns. I hope you’ll be ready to remotely connect to your Raspberry in less than 20 minutes and let me know if you get in trouble.
I will secretly let you know that this can be adapted to connect to any computer inside your network, just download the right NGROK executable from their landing page!
Thanks for reading, I hope you found this article useful and interesting. If you have any suggestions don’t hesitate to contact me. If you found my content useful please consider a small donation. Any support is greatly appreciated! Cheers 😉