Connect to a device's SSH on a network that has no inbound traffic enabled and no static IP address











up vote
3
down vote

favorite












what I'm trying to do is to enable a Raspberry, physically placed in a client's site, that has internet access via Dynamic IP, to receive SSH commands from the wild without having to manipulate the client's router and firewall. No Inbound connections allowed on that network, plus, the internet address of the Client's site is dynamic.



I've already tried to study and understand what's proposed on ssh to private-ip on Unix Stack Exchange, but I'm really not getting the point.



I do want to connect from my, say, laptop, to the Client's VPS server, and make the VPS server connect to the Raspberry SSH. So:



           ( firewall access allow in+out )
| => VPS Server ( firewall access allow out only )
| | => Raspberry
MY PC /


Here is it a case scenario with given IP adresses, ports and names configurations:



MY PC 
name: mypc@local.lan

Client VPS Server
name: remote.null.tld
IP Address: 98.76.54.32
SSH Port: 9876

Raspberry
model: Zero W
name: raspi1@clientlocal.lan
IP Address: dynamic IP ( based on Internet Provider )
SSH Port: 22
Raspberry's iptables: empty
Router's Firewall Restrictions: allow only out
Internet stability: very low


The Raspberry's external IP is the one assigned from the Internet Provider, and may vary depending on router restarts. Cannot determine it absolutely.



Internet Access on the client's network is really unstable. Radio link or something like that. Anyway, internet connection suffers of very dancing bandwidth.



Plus, the Client's router cannot be manipulated not because of laziness but because of restrictions imposed by the Client's IT dep.



I do have SSH access to the Client's VPS and I'm able to install whatever software on it.










share|improve this question









New contributor




Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    I'd take a look at having the RPi run a cronjob that SSH'es out to a known server and port forwards on that known machine (the "-L" switch) ... you could then connect to that port on the server and be inside the RPi.
    – Kevin_Kinsey
    21 hours ago










  • @Kevin_Kinsey can you please expand on your kind suggestion based on my question's case scenario config?
    – Maurizio
    19 hours ago










  • Been a long time since I had this working ... I will look & see what I can dig up.
    – Kevin_Kinsey
    19 hours ago










  • Look up "reverse port forwarding" on A Major Search Engine. I found an entry in the blog at "devolutions dot net" that looks promising.
    – Kevin_Kinsey
    19 hours ago










  • I've attempted to encapsulate this concept in an answer, below.
    – Kevin_Kinsey
    19 hours ago















up vote
3
down vote

favorite












what I'm trying to do is to enable a Raspberry, physically placed in a client's site, that has internet access via Dynamic IP, to receive SSH commands from the wild without having to manipulate the client's router and firewall. No Inbound connections allowed on that network, plus, the internet address of the Client's site is dynamic.



I've already tried to study and understand what's proposed on ssh to private-ip on Unix Stack Exchange, but I'm really not getting the point.



I do want to connect from my, say, laptop, to the Client's VPS server, and make the VPS server connect to the Raspberry SSH. So:



           ( firewall access allow in+out )
| => VPS Server ( firewall access allow out only )
| | => Raspberry
MY PC /


Here is it a case scenario with given IP adresses, ports and names configurations:



MY PC 
name: mypc@local.lan

Client VPS Server
name: remote.null.tld
IP Address: 98.76.54.32
SSH Port: 9876

Raspberry
model: Zero W
name: raspi1@clientlocal.lan
IP Address: dynamic IP ( based on Internet Provider )
SSH Port: 22
Raspberry's iptables: empty
Router's Firewall Restrictions: allow only out
Internet stability: very low


The Raspberry's external IP is the one assigned from the Internet Provider, and may vary depending on router restarts. Cannot determine it absolutely.



Internet Access on the client's network is really unstable. Radio link or something like that. Anyway, internet connection suffers of very dancing bandwidth.



Plus, the Client's router cannot be manipulated not because of laziness but because of restrictions imposed by the Client's IT dep.



I do have SSH access to the Client's VPS and I'm able to install whatever software on it.










share|improve this question









New contributor




Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    I'd take a look at having the RPi run a cronjob that SSH'es out to a known server and port forwards on that known machine (the "-L" switch) ... you could then connect to that port on the server and be inside the RPi.
    – Kevin_Kinsey
    21 hours ago










  • @Kevin_Kinsey can you please expand on your kind suggestion based on my question's case scenario config?
    – Maurizio
    19 hours ago










  • Been a long time since I had this working ... I will look & see what I can dig up.
    – Kevin_Kinsey
    19 hours ago










  • Look up "reverse port forwarding" on A Major Search Engine. I found an entry in the blog at "devolutions dot net" that looks promising.
    – Kevin_Kinsey
    19 hours ago










  • I've attempted to encapsulate this concept in an answer, below.
    – Kevin_Kinsey
    19 hours ago













up vote
3
down vote

favorite









up vote
3
down vote

favorite











what I'm trying to do is to enable a Raspberry, physically placed in a client's site, that has internet access via Dynamic IP, to receive SSH commands from the wild without having to manipulate the client's router and firewall. No Inbound connections allowed on that network, plus, the internet address of the Client's site is dynamic.



I've already tried to study and understand what's proposed on ssh to private-ip on Unix Stack Exchange, but I'm really not getting the point.



I do want to connect from my, say, laptop, to the Client's VPS server, and make the VPS server connect to the Raspberry SSH. So:



           ( firewall access allow in+out )
| => VPS Server ( firewall access allow out only )
| | => Raspberry
MY PC /


Here is it a case scenario with given IP adresses, ports and names configurations:



MY PC 
name: mypc@local.lan

Client VPS Server
name: remote.null.tld
IP Address: 98.76.54.32
SSH Port: 9876

Raspberry
model: Zero W
name: raspi1@clientlocal.lan
IP Address: dynamic IP ( based on Internet Provider )
SSH Port: 22
Raspberry's iptables: empty
Router's Firewall Restrictions: allow only out
Internet stability: very low


The Raspberry's external IP is the one assigned from the Internet Provider, and may vary depending on router restarts. Cannot determine it absolutely.



Internet Access on the client's network is really unstable. Radio link or something like that. Anyway, internet connection suffers of very dancing bandwidth.



Plus, the Client's router cannot be manipulated not because of laziness but because of restrictions imposed by the Client's IT dep.



I do have SSH access to the Client's VPS and I'm able to install whatever software on it.










share|improve this question









New contributor




Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











what I'm trying to do is to enable a Raspberry, physically placed in a client's site, that has internet access via Dynamic IP, to receive SSH commands from the wild without having to manipulate the client's router and firewall. No Inbound connections allowed on that network, plus, the internet address of the Client's site is dynamic.



I've already tried to study and understand what's proposed on ssh to private-ip on Unix Stack Exchange, but I'm really not getting the point.



I do want to connect from my, say, laptop, to the Client's VPS server, and make the VPS server connect to the Raspberry SSH. So:



           ( firewall access allow in+out )
| => VPS Server ( firewall access allow out only )
| | => Raspberry
MY PC /


Here is it a case scenario with given IP adresses, ports and names configurations:



MY PC 
name: mypc@local.lan

Client VPS Server
name: remote.null.tld
IP Address: 98.76.54.32
SSH Port: 9876

Raspberry
model: Zero W
name: raspi1@clientlocal.lan
IP Address: dynamic IP ( based on Internet Provider )
SSH Port: 22
Raspberry's iptables: empty
Router's Firewall Restrictions: allow only out
Internet stability: very low


The Raspberry's external IP is the one assigned from the Internet Provider, and may vary depending on router restarts. Cannot determine it absolutely.



Internet Access on the client's network is really unstable. Radio link or something like that. Anyway, internet connection suffers of very dancing bandwidth.



Plus, the Client's router cannot be manipulated not because of laziness but because of restrictions imposed by the Client's IT dep.



I do have SSH access to the Client's VPS and I'm able to install whatever software on it.







ssh ssh-tunneling private-network






share|improve this question









New contributor




Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 19 hours ago





















New contributor




Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









Maurizio

192




192




New contributor




Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Maurizio is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1




    I'd take a look at having the RPi run a cronjob that SSH'es out to a known server and port forwards on that known machine (the "-L" switch) ... you could then connect to that port on the server and be inside the RPi.
    – Kevin_Kinsey
    21 hours ago










  • @Kevin_Kinsey can you please expand on your kind suggestion based on my question's case scenario config?
    – Maurizio
    19 hours ago










  • Been a long time since I had this working ... I will look & see what I can dig up.
    – Kevin_Kinsey
    19 hours ago










  • Look up "reverse port forwarding" on A Major Search Engine. I found an entry in the blog at "devolutions dot net" that looks promising.
    – Kevin_Kinsey
    19 hours ago










  • I've attempted to encapsulate this concept in an answer, below.
    – Kevin_Kinsey
    19 hours ago














  • 1




    I'd take a look at having the RPi run a cronjob that SSH'es out to a known server and port forwards on that known machine (the "-L" switch) ... you could then connect to that port on the server and be inside the RPi.
    – Kevin_Kinsey
    21 hours ago










  • @Kevin_Kinsey can you please expand on your kind suggestion based on my question's case scenario config?
    – Maurizio
    19 hours ago










  • Been a long time since I had this working ... I will look & see what I can dig up.
    – Kevin_Kinsey
    19 hours ago










  • Look up "reverse port forwarding" on A Major Search Engine. I found an entry in the blog at "devolutions dot net" that looks promising.
    – Kevin_Kinsey
    19 hours ago










  • I've attempted to encapsulate this concept in an answer, below.
    – Kevin_Kinsey
    19 hours ago








1




1




I'd take a look at having the RPi run a cronjob that SSH'es out to a known server and port forwards on that known machine (the "-L" switch) ... you could then connect to that port on the server and be inside the RPi.
– Kevin_Kinsey
21 hours ago




I'd take a look at having the RPi run a cronjob that SSH'es out to a known server and port forwards on that known machine (the "-L" switch) ... you could then connect to that port on the server and be inside the RPi.
– Kevin_Kinsey
21 hours ago












@Kevin_Kinsey can you please expand on your kind suggestion based on my question's case scenario config?
– Maurizio
19 hours ago




@Kevin_Kinsey can you please expand on your kind suggestion based on my question's case scenario config?
– Maurizio
19 hours ago












Been a long time since I had this working ... I will look & see what I can dig up.
– Kevin_Kinsey
19 hours ago




Been a long time since I had this working ... I will look & see what I can dig up.
– Kevin_Kinsey
19 hours ago












Look up "reverse port forwarding" on A Major Search Engine. I found an entry in the blog at "devolutions dot net" that looks promising.
– Kevin_Kinsey
19 hours ago




Look up "reverse port forwarding" on A Major Search Engine. I found an entry in the blog at "devolutions dot net" that looks promising.
– Kevin_Kinsey
19 hours ago












I've attempted to encapsulate this concept in an answer, below.
– Kevin_Kinsey
19 hours ago




I've attempted to encapsulate this concept in an answer, below.
– Kevin_Kinsey
19 hours ago










6 Answers
6






active

oldest

votes

















up vote
5
down vote













I am assuming the user names remote on the VPS and pi on the raspberry.




  1. You choose a free port on the VPS. A random five-digit value below 65000 should work.


  2. On the Raspberry, you run



    ssh -R PORT:localhost:22 remote@vps



  3. On the VPS, you connect to the Raspberry with



    ssh -p PORT pi@localhost



Replace the PORT with the port you have chosen in the first step.



In step 2, you create a reverse tunnel from the PORT on the VPS to port 22 on the Raspberry, which is where the Raspberry's SSH server listens. In step 3, you connect to the PORT on the VPS and get transferred to the port 22 on the Raspberry.



You can then configure a connection inside the VPS' ~/.ssh/config such as:



Host raspberryTunnel
Hostname localhost
User pi
Port PORT


If that works reliably, you can replace the single SSH connection on the Raspberry with autossh, which will automatically recreate the connection when it goes down.



autossh -R PORT:localhost:22 remote@vps





share|improve this answer










New contributor




Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • Thank you Florin, I've tried to simulate what you suggest by: On the Raspberry: ssh -p 9876 -R 63876:localhost:9876 myuser@remote.null.tld On the VPS: ssh raspberryTunnel ( after editing the .ssh/config file ) On the Raspi side, I'm able to make an SSH connection to the VPS. On the VPS side, while trying to connect, i get: myuser@localhost's password: Providing the myuser's password gives a "Permission denied, please try again.". Unfortunately I'm not understanding what's happening under the hood :(
    – Maurizio
    19 hours ago












  • @Maurizio note that if the username is not same on VPS and rpi, you will have to specify it... for example step2 would be ssh -R PORT:localhost:22 vpsuser@vps and step3 ssh -p PORT raspi1@localhost. Also you must enter vps password in step2, and raspberryPi password in step3.
    – Matija Nalis
    16 hours ago






  • 1




    Admittedly, it is a bit confusing. What happens is that the SSH command from the raspberry open a reverse tunnel from PORT on the VPS to port 22 on the Raspberry. So when you connect to the PORT on the VPS, you get actually connected to port 22 on the Raspberry, where the SSH server listens. So, as Matija said, you need to set the correct users, I'll update the answer.
    – Florin Godard
    16 hours ago


















up vote
4
down vote













What you're trying to do exactly as you ask is impossible:




No Inbound connections allowed on that network




However, you can easily:




  • have the Pi make an outbound connection to your laptop using reverse SSH that you schedule


  • ssh from your laptop to the VPS server and from the VPS server ssh again to the Pi






share|improve this answer























  • Thank you Fabby, would you try and give me an advice on how to for the two methods you suggested?
    – Maurizio
    yesterday






  • 5




    If @Maurizio has outbound access, he can create a reverse SSH tunnel to a machine on the Internet and then connect back to the PI through that SSH connection. It is not impossible, it is only impossible to initiate the connection from the outside to the inside.
    – number9
    23 hours ago










  • @Maurizio Clarified answer. (Prego.... ;-) )
    – Fabby
    17 hours ago












  • @number9 Clarified answer.
    – Fabby
    17 hours ago






  • 1




    This. We had pretty much the same scenario and the device would just be set up to "dial home" every hour or so (could be configured) to pick up any new instructions. Where feasible it would maintain a VPN connection to home, and with that in play you could SSH using its IP on the VPN. It was flaky but that's literally the best you can do.
    – Lightness Races in Orbit
    17 hours ago




















up vote
3
down vote













This is possible. Use "reverse port forwarding". You'll probably need a cronjob set up to check if it's connected. If not, run something like this:



ssh -f -N -T -R 2210:localhost:22 me@example.com



"Example.com" is some server outside the FW that you do have access to. You're forwarding port 22 on the RPi to port 2210 on example.com. You can then SSH into example.com and do:



ssh RaspberryUser@localhost -p 2210



And you'll be connected to the RPi box.






share|improve this answer

















  • 1




    As for what the cronjob/test would look like, there are probably a lot of way to skin that cat.
    – Kevin_Kinsey
    19 hours ago


















up vote
3
down vote













Essentially, you can reach your goal only with maintenance connections from the device to a server you maintain.



What exactly these connections consist of can be different:




  • connect, fetch tasks to execute and proceed with them.

  • connect to a VPN and be part of that, allowing to be connected to

  • connect via SSH and establish a tunnel connection


Usable protocols




  • VPN (uses several ports)

  • SSH

  • HTTPS

  • even UUCP, although a little bit outdated


Depending on what the customer allows inside their network, you can even implement several of these methods to then choose from.



Each method has its pros and cons.





  • SSH:




    • +: only one port needed

    • -: maybe not every network allows outbound SSH connections




  • VPN:




    • +: easiest integration into server's network

    • -: several ports needed

    • -: maybe not every network allows outbound SSH connections




  • HTTPS:




    • +: probably supported

    • -: no real command line, only "work packages" are sendable

    • -: big effort needed to set up




  • UUCP:




    • +: allows batches to be sent

    • -: outdated protocol








share|improve this answer























  • what do you suggest is the best approach based on my question's case scenario config?
    – Maurizio
    19 hours ago










  • @Maurizio As said, that depends on what the customer allows.
    – glglgl
    5 hours ago


















up vote
1
down vote













If Pi firewall doesn't allow incoming connections then there is no way to establish connection. Your only way is to punch a hole through a firewall by using established connections.






share|improve this answer








New contributor




Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    up vote
    0
    down vote













    I'd check out ZeroTier: it lets you set up a virtual network with the rules you want, e.g., that any node can directly connect to any other node. They handle all kinds of connectivity issues under the hood, including relaying traffic through their servers if needed.






    share|improve this answer








    New contributor




    Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.


















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "106"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });






      Maurizio is a new contributor. Be nice, and check out our Code of Conduct.










       

      draft saved


      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f482724%2fconnect-to-a-devices-ssh-on-a-network-that-has-no-inbound-traffic-enabled-and-n%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      6 Answers
      6






      active

      oldest

      votes








      6 Answers
      6






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      5
      down vote













      I am assuming the user names remote on the VPS and pi on the raspberry.




      1. You choose a free port on the VPS. A random five-digit value below 65000 should work.


      2. On the Raspberry, you run



        ssh -R PORT:localhost:22 remote@vps



      3. On the VPS, you connect to the Raspberry with



        ssh -p PORT pi@localhost



      Replace the PORT with the port you have chosen in the first step.



      In step 2, you create a reverse tunnel from the PORT on the VPS to port 22 on the Raspberry, which is where the Raspberry's SSH server listens. In step 3, you connect to the PORT on the VPS and get transferred to the port 22 on the Raspberry.



      You can then configure a connection inside the VPS' ~/.ssh/config such as:



      Host raspberryTunnel
      Hostname localhost
      User pi
      Port PORT


      If that works reliably, you can replace the single SSH connection on the Raspberry with autossh, which will automatically recreate the connection when it goes down.



      autossh -R PORT:localhost:22 remote@vps





      share|improve this answer










      New contributor




      Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.


















      • Thank you Florin, I've tried to simulate what you suggest by: On the Raspberry: ssh -p 9876 -R 63876:localhost:9876 myuser@remote.null.tld On the VPS: ssh raspberryTunnel ( after editing the .ssh/config file ) On the Raspi side, I'm able to make an SSH connection to the VPS. On the VPS side, while trying to connect, i get: myuser@localhost's password: Providing the myuser's password gives a "Permission denied, please try again.". Unfortunately I'm not understanding what's happening under the hood :(
        – Maurizio
        19 hours ago












      • @Maurizio note that if the username is not same on VPS and rpi, you will have to specify it... for example step2 would be ssh -R PORT:localhost:22 vpsuser@vps and step3 ssh -p PORT raspi1@localhost. Also you must enter vps password in step2, and raspberryPi password in step3.
        – Matija Nalis
        16 hours ago






      • 1




        Admittedly, it is a bit confusing. What happens is that the SSH command from the raspberry open a reverse tunnel from PORT on the VPS to port 22 on the Raspberry. So when you connect to the PORT on the VPS, you get actually connected to port 22 on the Raspberry, where the SSH server listens. So, as Matija said, you need to set the correct users, I'll update the answer.
        – Florin Godard
        16 hours ago















      up vote
      5
      down vote













      I am assuming the user names remote on the VPS and pi on the raspberry.




      1. You choose a free port on the VPS. A random five-digit value below 65000 should work.


      2. On the Raspberry, you run



        ssh -R PORT:localhost:22 remote@vps



      3. On the VPS, you connect to the Raspberry with



        ssh -p PORT pi@localhost



      Replace the PORT with the port you have chosen in the first step.



      In step 2, you create a reverse tunnel from the PORT on the VPS to port 22 on the Raspberry, which is where the Raspberry's SSH server listens. In step 3, you connect to the PORT on the VPS and get transferred to the port 22 on the Raspberry.



      You can then configure a connection inside the VPS' ~/.ssh/config such as:



      Host raspberryTunnel
      Hostname localhost
      User pi
      Port PORT


      If that works reliably, you can replace the single SSH connection on the Raspberry with autossh, which will automatically recreate the connection when it goes down.



      autossh -R PORT:localhost:22 remote@vps





      share|improve this answer










      New contributor




      Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.


















      • Thank you Florin, I've tried to simulate what you suggest by: On the Raspberry: ssh -p 9876 -R 63876:localhost:9876 myuser@remote.null.tld On the VPS: ssh raspberryTunnel ( after editing the .ssh/config file ) On the Raspi side, I'm able to make an SSH connection to the VPS. On the VPS side, while trying to connect, i get: myuser@localhost's password: Providing the myuser's password gives a "Permission denied, please try again.". Unfortunately I'm not understanding what's happening under the hood :(
        – Maurizio
        19 hours ago












      • @Maurizio note that if the username is not same on VPS and rpi, you will have to specify it... for example step2 would be ssh -R PORT:localhost:22 vpsuser@vps and step3 ssh -p PORT raspi1@localhost. Also you must enter vps password in step2, and raspberryPi password in step3.
        – Matija Nalis
        16 hours ago






      • 1




        Admittedly, it is a bit confusing. What happens is that the SSH command from the raspberry open a reverse tunnel from PORT on the VPS to port 22 on the Raspberry. So when you connect to the PORT on the VPS, you get actually connected to port 22 on the Raspberry, where the SSH server listens. So, as Matija said, you need to set the correct users, I'll update the answer.
        – Florin Godard
        16 hours ago













      up vote
      5
      down vote










      up vote
      5
      down vote









      I am assuming the user names remote on the VPS and pi on the raspberry.




      1. You choose a free port on the VPS. A random five-digit value below 65000 should work.


      2. On the Raspberry, you run



        ssh -R PORT:localhost:22 remote@vps



      3. On the VPS, you connect to the Raspberry with



        ssh -p PORT pi@localhost



      Replace the PORT with the port you have chosen in the first step.



      In step 2, you create a reverse tunnel from the PORT on the VPS to port 22 on the Raspberry, which is where the Raspberry's SSH server listens. In step 3, you connect to the PORT on the VPS and get transferred to the port 22 on the Raspberry.



      You can then configure a connection inside the VPS' ~/.ssh/config such as:



      Host raspberryTunnel
      Hostname localhost
      User pi
      Port PORT


      If that works reliably, you can replace the single SSH connection on the Raspberry with autossh, which will automatically recreate the connection when it goes down.



      autossh -R PORT:localhost:22 remote@vps





      share|improve this answer










      New contributor




      Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      I am assuming the user names remote on the VPS and pi on the raspberry.




      1. You choose a free port on the VPS. A random five-digit value below 65000 should work.


      2. On the Raspberry, you run



        ssh -R PORT:localhost:22 remote@vps



      3. On the VPS, you connect to the Raspberry with



        ssh -p PORT pi@localhost



      Replace the PORT with the port you have chosen in the first step.



      In step 2, you create a reverse tunnel from the PORT on the VPS to port 22 on the Raspberry, which is where the Raspberry's SSH server listens. In step 3, you connect to the PORT on the VPS and get transferred to the port 22 on the Raspberry.



      You can then configure a connection inside the VPS' ~/.ssh/config such as:



      Host raspberryTunnel
      Hostname localhost
      User pi
      Port PORT


      If that works reliably, you can replace the single SSH connection on the Raspberry with autossh, which will automatically recreate the connection when it goes down.



      autossh -R PORT:localhost:22 remote@vps






      share|improve this answer










      New contributor




      Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this answer



      share|improve this answer








      edited 16 hours ago





















      New contributor




      Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      answered 23 hours ago









      Florin Godard

      512




      512




      New contributor




      Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Florin Godard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      • Thank you Florin, I've tried to simulate what you suggest by: On the Raspberry: ssh -p 9876 -R 63876:localhost:9876 myuser@remote.null.tld On the VPS: ssh raspberryTunnel ( after editing the .ssh/config file ) On the Raspi side, I'm able to make an SSH connection to the VPS. On the VPS side, while trying to connect, i get: myuser@localhost's password: Providing the myuser's password gives a "Permission denied, please try again.". Unfortunately I'm not understanding what's happening under the hood :(
        – Maurizio
        19 hours ago












      • @Maurizio note that if the username is not same on VPS and rpi, you will have to specify it... for example step2 would be ssh -R PORT:localhost:22 vpsuser@vps and step3 ssh -p PORT raspi1@localhost. Also you must enter vps password in step2, and raspberryPi password in step3.
        – Matija Nalis
        16 hours ago






      • 1




        Admittedly, it is a bit confusing. What happens is that the SSH command from the raspberry open a reverse tunnel from PORT on the VPS to port 22 on the Raspberry. So when you connect to the PORT on the VPS, you get actually connected to port 22 on the Raspberry, where the SSH server listens. So, as Matija said, you need to set the correct users, I'll update the answer.
        – Florin Godard
        16 hours ago


















      • Thank you Florin, I've tried to simulate what you suggest by: On the Raspberry: ssh -p 9876 -R 63876:localhost:9876 myuser@remote.null.tld On the VPS: ssh raspberryTunnel ( after editing the .ssh/config file ) On the Raspi side, I'm able to make an SSH connection to the VPS. On the VPS side, while trying to connect, i get: myuser@localhost's password: Providing the myuser's password gives a "Permission denied, please try again.". Unfortunately I'm not understanding what's happening under the hood :(
        – Maurizio
        19 hours ago












      • @Maurizio note that if the username is not same on VPS and rpi, you will have to specify it... for example step2 would be ssh -R PORT:localhost:22 vpsuser@vps and step3 ssh -p PORT raspi1@localhost. Also you must enter vps password in step2, and raspberryPi password in step3.
        – Matija Nalis
        16 hours ago






      • 1




        Admittedly, it is a bit confusing. What happens is that the SSH command from the raspberry open a reverse tunnel from PORT on the VPS to port 22 on the Raspberry. So when you connect to the PORT on the VPS, you get actually connected to port 22 on the Raspberry, where the SSH server listens. So, as Matija said, you need to set the correct users, I'll update the answer.
        – Florin Godard
        16 hours ago
















      Thank you Florin, I've tried to simulate what you suggest by: On the Raspberry: ssh -p 9876 -R 63876:localhost:9876 myuser@remote.null.tld On the VPS: ssh raspberryTunnel ( after editing the .ssh/config file ) On the Raspi side, I'm able to make an SSH connection to the VPS. On the VPS side, while trying to connect, i get: myuser@localhost's password: Providing the myuser's password gives a "Permission denied, please try again.". Unfortunately I'm not understanding what's happening under the hood :(
      – Maurizio
      19 hours ago






      Thank you Florin, I've tried to simulate what you suggest by: On the Raspberry: ssh -p 9876 -R 63876:localhost:9876 myuser@remote.null.tld On the VPS: ssh raspberryTunnel ( after editing the .ssh/config file ) On the Raspi side, I'm able to make an SSH connection to the VPS. On the VPS side, while trying to connect, i get: myuser@localhost's password: Providing the myuser's password gives a "Permission denied, please try again.". Unfortunately I'm not understanding what's happening under the hood :(
      – Maurizio
      19 hours ago














      @Maurizio note that if the username is not same on VPS and rpi, you will have to specify it... for example step2 would be ssh -R PORT:localhost:22 vpsuser@vps and step3 ssh -p PORT raspi1@localhost. Also you must enter vps password in step2, and raspberryPi password in step3.
      – Matija Nalis
      16 hours ago




      @Maurizio note that if the username is not same on VPS and rpi, you will have to specify it... for example step2 would be ssh -R PORT:localhost:22 vpsuser@vps and step3 ssh -p PORT raspi1@localhost. Also you must enter vps password in step2, and raspberryPi password in step3.
      – Matija Nalis
      16 hours ago




      1




      1




      Admittedly, it is a bit confusing. What happens is that the SSH command from the raspberry open a reverse tunnel from PORT on the VPS to port 22 on the Raspberry. So when you connect to the PORT on the VPS, you get actually connected to port 22 on the Raspberry, where the SSH server listens. So, as Matija said, you need to set the correct users, I'll update the answer.
      – Florin Godard
      16 hours ago




      Admittedly, it is a bit confusing. What happens is that the SSH command from the raspberry open a reverse tunnel from PORT on the VPS to port 22 on the Raspberry. So when you connect to the PORT on the VPS, you get actually connected to port 22 on the Raspberry, where the SSH server listens. So, as Matija said, you need to set the correct users, I'll update the answer.
      – Florin Godard
      16 hours ago












      up vote
      4
      down vote













      What you're trying to do exactly as you ask is impossible:




      No Inbound connections allowed on that network




      However, you can easily:




      • have the Pi make an outbound connection to your laptop using reverse SSH that you schedule


      • ssh from your laptop to the VPS server and from the VPS server ssh again to the Pi






      share|improve this answer























      • Thank you Fabby, would you try and give me an advice on how to for the two methods you suggested?
        – Maurizio
        yesterday






      • 5




        If @Maurizio has outbound access, he can create a reverse SSH tunnel to a machine on the Internet and then connect back to the PI through that SSH connection. It is not impossible, it is only impossible to initiate the connection from the outside to the inside.
        – number9
        23 hours ago










      • @Maurizio Clarified answer. (Prego.... ;-) )
        – Fabby
        17 hours ago












      • @number9 Clarified answer.
        – Fabby
        17 hours ago






      • 1




        This. We had pretty much the same scenario and the device would just be set up to "dial home" every hour or so (could be configured) to pick up any new instructions. Where feasible it would maintain a VPN connection to home, and with that in play you could SSH using its IP on the VPN. It was flaky but that's literally the best you can do.
        – Lightness Races in Orbit
        17 hours ago

















      up vote
      4
      down vote













      What you're trying to do exactly as you ask is impossible:




      No Inbound connections allowed on that network




      However, you can easily:




      • have the Pi make an outbound connection to your laptop using reverse SSH that you schedule


      • ssh from your laptop to the VPS server and from the VPS server ssh again to the Pi






      share|improve this answer























      • Thank you Fabby, would you try and give me an advice on how to for the two methods you suggested?
        – Maurizio
        yesterday






      • 5




        If @Maurizio has outbound access, he can create a reverse SSH tunnel to a machine on the Internet and then connect back to the PI through that SSH connection. It is not impossible, it is only impossible to initiate the connection from the outside to the inside.
        – number9
        23 hours ago










      • @Maurizio Clarified answer. (Prego.... ;-) )
        – Fabby
        17 hours ago












      • @number9 Clarified answer.
        – Fabby
        17 hours ago






      • 1




        This. We had pretty much the same scenario and the device would just be set up to "dial home" every hour or so (could be configured) to pick up any new instructions. Where feasible it would maintain a VPN connection to home, and with that in play you could SSH using its IP on the VPN. It was flaky but that's literally the best you can do.
        – Lightness Races in Orbit
        17 hours ago















      up vote
      4
      down vote










      up vote
      4
      down vote









      What you're trying to do exactly as you ask is impossible:




      No Inbound connections allowed on that network




      However, you can easily:




      • have the Pi make an outbound connection to your laptop using reverse SSH that you schedule


      • ssh from your laptop to the VPS server and from the VPS server ssh again to the Pi






      share|improve this answer














      What you're trying to do exactly as you ask is impossible:




      No Inbound connections allowed on that network




      However, you can easily:




      • have the Pi make an outbound connection to your laptop using reverse SSH that you schedule


      • ssh from your laptop to the VPS server and from the VPS server ssh again to the Pi







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited 17 hours ago

























      answered yesterday









      Fabby

      2,95211125




      2,95211125












      • Thank you Fabby, would you try and give me an advice on how to for the two methods you suggested?
        – Maurizio
        yesterday






      • 5




        If @Maurizio has outbound access, he can create a reverse SSH tunnel to a machine on the Internet and then connect back to the PI through that SSH connection. It is not impossible, it is only impossible to initiate the connection from the outside to the inside.
        – number9
        23 hours ago










      • @Maurizio Clarified answer. (Prego.... ;-) )
        – Fabby
        17 hours ago












      • @number9 Clarified answer.
        – Fabby
        17 hours ago






      • 1




        This. We had pretty much the same scenario and the device would just be set up to "dial home" every hour or so (could be configured) to pick up any new instructions. Where feasible it would maintain a VPN connection to home, and with that in play you could SSH using its IP on the VPN. It was flaky but that's literally the best you can do.
        – Lightness Races in Orbit
        17 hours ago




















      • Thank you Fabby, would you try and give me an advice on how to for the two methods you suggested?
        – Maurizio
        yesterday






      • 5




        If @Maurizio has outbound access, he can create a reverse SSH tunnel to a machine on the Internet and then connect back to the PI through that SSH connection. It is not impossible, it is only impossible to initiate the connection from the outside to the inside.
        – number9
        23 hours ago










      • @Maurizio Clarified answer. (Prego.... ;-) )
        – Fabby
        17 hours ago












      • @number9 Clarified answer.
        – Fabby
        17 hours ago






      • 1




        This. We had pretty much the same scenario and the device would just be set up to "dial home" every hour or so (could be configured) to pick up any new instructions. Where feasible it would maintain a VPN connection to home, and with that in play you could SSH using its IP on the VPN. It was flaky but that's literally the best you can do.
        – Lightness Races in Orbit
        17 hours ago


















      Thank you Fabby, would you try and give me an advice on how to for the two methods you suggested?
      – Maurizio
      yesterday




      Thank you Fabby, would you try and give me an advice on how to for the two methods you suggested?
      – Maurizio
      yesterday




      5




      5




      If @Maurizio has outbound access, he can create a reverse SSH tunnel to a machine on the Internet and then connect back to the PI through that SSH connection. It is not impossible, it is only impossible to initiate the connection from the outside to the inside.
      – number9
      23 hours ago




      If @Maurizio has outbound access, he can create a reverse SSH tunnel to a machine on the Internet and then connect back to the PI through that SSH connection. It is not impossible, it is only impossible to initiate the connection from the outside to the inside.
      – number9
      23 hours ago












      @Maurizio Clarified answer. (Prego.... ;-) )
      – Fabby
      17 hours ago






      @Maurizio Clarified answer. (Prego.... ;-) )
      – Fabby
      17 hours ago














      @number9 Clarified answer.
      – Fabby
      17 hours ago




      @number9 Clarified answer.
      – Fabby
      17 hours ago




      1




      1




      This. We had pretty much the same scenario and the device would just be set up to "dial home" every hour or so (could be configured) to pick up any new instructions. Where feasible it would maintain a VPN connection to home, and with that in play you could SSH using its IP on the VPN. It was flaky but that's literally the best you can do.
      – Lightness Races in Orbit
      17 hours ago






      This. We had pretty much the same scenario and the device would just be set up to "dial home" every hour or so (could be configured) to pick up any new instructions. Where feasible it would maintain a VPN connection to home, and with that in play you could SSH using its IP on the VPN. It was flaky but that's literally the best you can do.
      – Lightness Races in Orbit
      17 hours ago












      up vote
      3
      down vote













      This is possible. Use "reverse port forwarding". You'll probably need a cronjob set up to check if it's connected. If not, run something like this:



      ssh -f -N -T -R 2210:localhost:22 me@example.com



      "Example.com" is some server outside the FW that you do have access to. You're forwarding port 22 on the RPi to port 2210 on example.com. You can then SSH into example.com and do:



      ssh RaspberryUser@localhost -p 2210



      And you'll be connected to the RPi box.






      share|improve this answer

















      • 1




        As for what the cronjob/test would look like, there are probably a lot of way to skin that cat.
        – Kevin_Kinsey
        19 hours ago















      up vote
      3
      down vote













      This is possible. Use "reverse port forwarding". You'll probably need a cronjob set up to check if it's connected. If not, run something like this:



      ssh -f -N -T -R 2210:localhost:22 me@example.com



      "Example.com" is some server outside the FW that you do have access to. You're forwarding port 22 on the RPi to port 2210 on example.com. You can then SSH into example.com and do:



      ssh RaspberryUser@localhost -p 2210



      And you'll be connected to the RPi box.






      share|improve this answer

















      • 1




        As for what the cronjob/test would look like, there are probably a lot of way to skin that cat.
        – Kevin_Kinsey
        19 hours ago













      up vote
      3
      down vote










      up vote
      3
      down vote









      This is possible. Use "reverse port forwarding". You'll probably need a cronjob set up to check if it's connected. If not, run something like this:



      ssh -f -N -T -R 2210:localhost:22 me@example.com



      "Example.com" is some server outside the FW that you do have access to. You're forwarding port 22 on the RPi to port 2210 on example.com. You can then SSH into example.com and do:



      ssh RaspberryUser@localhost -p 2210



      And you'll be connected to the RPi box.






      share|improve this answer












      This is possible. Use "reverse port forwarding". You'll probably need a cronjob set up to check if it's connected. If not, run something like this:



      ssh -f -N -T -R 2210:localhost:22 me@example.com



      "Example.com" is some server outside the FW that you do have access to. You're forwarding port 22 on the RPi to port 2210 on example.com. You can then SSH into example.com and do:



      ssh RaspberryUser@localhost -p 2210



      And you'll be connected to the RPi box.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered 19 hours ago









      Kevin_Kinsey

      1314




      1314








      • 1




        As for what the cronjob/test would look like, there are probably a lot of way to skin that cat.
        – Kevin_Kinsey
        19 hours ago














      • 1




        As for what the cronjob/test would look like, there are probably a lot of way to skin that cat.
        – Kevin_Kinsey
        19 hours ago








      1




      1




      As for what the cronjob/test would look like, there are probably a lot of way to skin that cat.
      – Kevin_Kinsey
      19 hours ago




      As for what the cronjob/test would look like, there are probably a lot of way to skin that cat.
      – Kevin_Kinsey
      19 hours ago










      up vote
      3
      down vote













      Essentially, you can reach your goal only with maintenance connections from the device to a server you maintain.



      What exactly these connections consist of can be different:




      • connect, fetch tasks to execute and proceed with them.

      • connect to a VPN and be part of that, allowing to be connected to

      • connect via SSH and establish a tunnel connection


      Usable protocols




      • VPN (uses several ports)

      • SSH

      • HTTPS

      • even UUCP, although a little bit outdated


      Depending on what the customer allows inside their network, you can even implement several of these methods to then choose from.



      Each method has its pros and cons.





      • SSH:




        • +: only one port needed

        • -: maybe not every network allows outbound SSH connections




      • VPN:




        • +: easiest integration into server's network

        • -: several ports needed

        • -: maybe not every network allows outbound SSH connections




      • HTTPS:




        • +: probably supported

        • -: no real command line, only "work packages" are sendable

        • -: big effort needed to set up




      • UUCP:




        • +: allows batches to be sent

        • -: outdated protocol








      share|improve this answer























      • what do you suggest is the best approach based on my question's case scenario config?
        – Maurizio
        19 hours ago










      • @Maurizio As said, that depends on what the customer allows.
        – glglgl
        5 hours ago















      up vote
      3
      down vote













      Essentially, you can reach your goal only with maintenance connections from the device to a server you maintain.



      What exactly these connections consist of can be different:




      • connect, fetch tasks to execute and proceed with them.

      • connect to a VPN and be part of that, allowing to be connected to

      • connect via SSH and establish a tunnel connection


      Usable protocols




      • VPN (uses several ports)

      • SSH

      • HTTPS

      • even UUCP, although a little bit outdated


      Depending on what the customer allows inside their network, you can even implement several of these methods to then choose from.



      Each method has its pros and cons.





      • SSH:




        • +: only one port needed

        • -: maybe not every network allows outbound SSH connections




      • VPN:




        • +: easiest integration into server's network

        • -: several ports needed

        • -: maybe not every network allows outbound SSH connections




      • HTTPS:




        • +: probably supported

        • -: no real command line, only "work packages" are sendable

        • -: big effort needed to set up




      • UUCP:




        • +: allows batches to be sent

        • -: outdated protocol








      share|improve this answer























      • what do you suggest is the best approach based on my question's case scenario config?
        – Maurizio
        19 hours ago










      • @Maurizio As said, that depends on what the customer allows.
        – glglgl
        5 hours ago













      up vote
      3
      down vote










      up vote
      3
      down vote









      Essentially, you can reach your goal only with maintenance connections from the device to a server you maintain.



      What exactly these connections consist of can be different:




      • connect, fetch tasks to execute and proceed with them.

      • connect to a VPN and be part of that, allowing to be connected to

      • connect via SSH and establish a tunnel connection


      Usable protocols




      • VPN (uses several ports)

      • SSH

      • HTTPS

      • even UUCP, although a little bit outdated


      Depending on what the customer allows inside their network, you can even implement several of these methods to then choose from.



      Each method has its pros and cons.





      • SSH:




        • +: only one port needed

        • -: maybe not every network allows outbound SSH connections




      • VPN:




        • +: easiest integration into server's network

        • -: several ports needed

        • -: maybe not every network allows outbound SSH connections




      • HTTPS:




        • +: probably supported

        • -: no real command line, only "work packages" are sendable

        • -: big effort needed to set up




      • UUCP:




        • +: allows batches to be sent

        • -: outdated protocol








      share|improve this answer














      Essentially, you can reach your goal only with maintenance connections from the device to a server you maintain.



      What exactly these connections consist of can be different:




      • connect, fetch tasks to execute and proceed with them.

      • connect to a VPN and be part of that, allowing to be connected to

      • connect via SSH and establish a tunnel connection


      Usable protocols




      • VPN (uses several ports)

      • SSH

      • HTTPS

      • even UUCP, although a little bit outdated


      Depending on what the customer allows inside their network, you can even implement several of these methods to then choose from.



      Each method has its pros and cons.





      • SSH:




        • +: only one port needed

        • -: maybe not every network allows outbound SSH connections




      • VPN:




        • +: easiest integration into server's network

        • -: several ports needed

        • -: maybe not every network allows outbound SSH connections




      • HTTPS:




        • +: probably supported

        • -: no real command line, only "work packages" are sendable

        • -: big effort needed to set up




      • UUCP:




        • +: allows batches to be sent

        • -: outdated protocol









      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited 5 hours ago

























      answered yesterday









      glglgl

      1,152811




      1,152811












      • what do you suggest is the best approach based on my question's case scenario config?
        – Maurizio
        19 hours ago










      • @Maurizio As said, that depends on what the customer allows.
        – glglgl
        5 hours ago


















      • what do you suggest is the best approach based on my question's case scenario config?
        – Maurizio
        19 hours ago










      • @Maurizio As said, that depends on what the customer allows.
        – glglgl
        5 hours ago
















      what do you suggest is the best approach based on my question's case scenario config?
      – Maurizio
      19 hours ago




      what do you suggest is the best approach based on my question's case scenario config?
      – Maurizio
      19 hours ago












      @Maurizio As said, that depends on what the customer allows.
      – glglgl
      5 hours ago




      @Maurizio As said, that depends on what the customer allows.
      – glglgl
      5 hours ago










      up vote
      1
      down vote













      If Pi firewall doesn't allow incoming connections then there is no way to establish connection. Your only way is to punch a hole through a firewall by using established connections.






      share|improve this answer








      New contributor




      Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















        up vote
        1
        down vote













        If Pi firewall doesn't allow incoming connections then there is no way to establish connection. Your only way is to punch a hole through a firewall by using established connections.






        share|improve this answer








        New contributor




        Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.




















          up vote
          1
          down vote










          up vote
          1
          down vote









          If Pi firewall doesn't allow incoming connections then there is no way to establish connection. Your only way is to punch a hole through a firewall by using established connections.






          share|improve this answer








          New contributor




          Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          If Pi firewall doesn't allow incoming connections then there is no way to establish connection. Your only way is to punch a hole through a firewall by using established connections.







          share|improve this answer








          New contributor




          Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          share|improve this answer



          share|improve this answer






          New contributor




          Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          answered yesterday









          Igor Smitran

          271




          271




          New contributor




          Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





          New contributor





          Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.






          Igor Smitran is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.






















              up vote
              0
              down vote













              I'd check out ZeroTier: it lets you set up a virtual network with the rules you want, e.g., that any node can directly connect to any other node. They handle all kinds of connectivity issues under the hood, including relaying traffic through their servers if needed.






              share|improve this answer








              New contributor




              Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.






















                up vote
                0
                down vote













                I'd check out ZeroTier: it lets you set up a virtual network with the rules you want, e.g., that any node can directly connect to any other node. They handle all kinds of connectivity issues under the hood, including relaying traffic through their servers if needed.






                share|improve this answer








                New contributor




                Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.




















                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  I'd check out ZeroTier: it lets you set up a virtual network with the rules you want, e.g., that any node can directly connect to any other node. They handle all kinds of connectivity issues under the hood, including relaying traffic through their servers if needed.






                  share|improve this answer








                  New contributor




                  Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  I'd check out ZeroTier: it lets you set up a virtual network with the rules you want, e.g., that any node can directly connect to any other node. They handle all kinds of connectivity issues under the hood, including relaying traffic through their servers if needed.







                  share|improve this answer








                  New contributor




                  Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  share|improve this answer



                  share|improve this answer






                  New contributor




                  Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  answered 18 hours ago









                  Ken Arnold

                  101




                  101




                  New contributor




                  Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.





                  New contributor





                  Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






                  Ken Arnold is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






















                      Maurizio is a new contributor. Be nice, and check out our Code of Conduct.










                       

                      draft saved


                      draft discarded


















                      Maurizio is a new contributor. Be nice, and check out our Code of Conduct.













                      Maurizio is a new contributor. Be nice, and check out our Code of Conduct.












                      Maurizio is a new contributor. Be nice, and check out our Code of Conduct.















                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f482724%2fconnect-to-a-devices-ssh-on-a-network-that-has-no-inbound-traffic-enabled-and-n%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      'app-layout' is not a known element: how to share Component with different Modules

                      android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

                      WPF add header to Image with URL pettitions [duplicate]