ngrok for LocalStatusPanel on Remote Computer

Started by mcsarge, November 20, 2019, 03:36:43 PM

Previous topic - Next topic

mcsarge

Hello All,

I have been using an awesome little tool called ngrok (https://ngrok.com/)  to connect to port 502 on the Classic on my remote network. I need to use this tool since I am running my remote network on a cellular connection; I can't just forward a port from the cell router to the Classic, the cell company blocks all incoming ports. I have a Rasperry Pi running at the remote site and I connect to it by VNC. I installed ngrok on it, and I use it to create a tunnel to the Classic.

Essentially, the ngrok tool allows you to create a tunnel from behind your firewall/router to a server on the internet, you then connect to that server to communicate with your Classic. After installing, use this command to start up the tunnel:


./ngrok tcp 192.168.0.225:502


Which instructs ngrok to forward tcp port 502 from IP address 192.168.0.225. In my system, the Classic is on IP 192.168.0.225, while my Raspberry Pi is on another IP address on the same network.

And the tool then shows this:


ngrok by @inconshreveable                                       (Ctrl+C to quit)
                                                                               
Session Status                online                                           
Account                       Matt Sargent (Plan: Free)                         
Version                       2.3.35                                           
Region                        United States (us)                               
Web Interface                 http://127.0.0.1:4040                             
Forwarding                    tcp://0.tcp.ngrok.io:19146 -> 192.168.0.225:502   
                                                                               
Connections                   ttl     opn     rt1     rt5     p50     p90       
                              0       0       0.00    0.00    0.00    0.00     
                                                                             


All I have to do now is connect the LocalStatusPanel to 0.tcp.ngrok.io and use port 19146 instead of 502.

Once you are done, hit Cntrl-C and the tunnel is taken down. On the free version you get a new server and port every time, if you pay, you can setup one that does not change. But to be honest, it is a security risk so use at your own risk. I setup the tunnel, do what I need to and then take it down, but it works great!

Matt
Off Grid Island in Ontario Canada (Beaverstone Bay)
Primary: Classic 150 + wbjr; 3s2p HES 270watt
Winter: SolarBoost 50 MPPT (into wbjr); 2 x Sharp NE-80EJEA 80watt
Pack: 4s2p ROLLS S6-460AGM 6V for 24V pack
Inverter/Charger: Trace DR2424
Call Sign: KG4EUF

boB

K7IQ 🌛  He/She/Me

mcsarge

All,

I did not mention it, but this tool is used heavily for getting a web server out form behind a firewall - this would be great if one of the guys creating the Raspberry Pi based monitoring system wanted to see the UI from the internet. Also, you it gives a lot of very good information about the tunnel, you can even look at the tunnel info using a browser - just open a page on http://localhost:4040 and you see some cool stuff about the connection.

Matt
Off Grid Island in Ontario Canada (Beaverstone Bay)
Primary: Classic 150 + wbjr; 3s2p HES 270watt
Winter: SolarBoost 50 MPPT (into wbjr); 2 x Sharp NE-80EJEA 80watt
Pack: 4s2p ROLLS S6-460AGM 6V for 24V pack
Inverter/Charger: Trace DR2424
Call Sign: KG4EUF

atop8918

You can do the same thing with the native openSSH library on the pi. It does require you to have your own "local" machine running ssh to connect to though.



ClassicCrazy

Quote from: mcsarge on November 20, 2019, 04:51:33 PM
All,

I did not mention it, but this tool is used heavily for getting a web server out form behind a firewall - this would be great if one of the guys creating the Raspberry Pi based monitoring system wanted to see the UI from the internet. Also, you it gives a lot of very good information about the tunnel, you can even look at the tunnel info using a browser - just open a page on http://localhost:4040 and you see some cool stuff about the connection.

Matt

Not sure any of these Raspberry Pi things would be of use or maybe you saw this already - but Andreas does have some things about getting info in and out of Pi remotely and securely https://youtu.be/a6mjt8tWUws

Larry
system 1
Classic 150 , 5s3p  Kyocera 135watt , 12s Soneil 2v 540amp lead crystal for 24v pack , Outback 3524 inverter
system 2
 5s 135w Kyocero , 3s3p 270w Kyocera  to Classic 150 ,   8s Kyocera 225w to Hawkes Bay Jakiper 48v 15kwh LiFePO4 , Outback VFX 3648 inverter
system 3
KID / Brat portable

mcsarge

Larry,

I have 2 Raspberry Pis (one primary, one for backup) on the island and they are awesome. I regularly use the Dropbox library to move pictures down and the Twitter library to send out a tweet each evening about the weather. The usual VPN for a Pi is having it setup as a Server, which is a no-go when yu are working from a cell connection - you need the Pi to be a Client and attach to a remote network, then you connect to it too and then you can communicate with the Pi as if it was on your local lan.

But the Pis have some weaknesses - sometimes they just need to be reset, impossible without a remote power switch, and the SD Card can wear out due the continual re-writes. Most of these setups are in locations where a simple power cycle is easy to do and will fix everything - but when the system is on an island that is similar to being on the moon, there are issues.

To combat that I have several experiments pending - I created a Pi with an SSD as the storage and I use the WittyPi RTC to auto cycle the Pi every week and to auto start it in the case of a power cycle.

The best thing, by far, has been the addition of the Cradlepoint Router - it has an internal watchdog and a scheduled reboot as well as a GPIO interface that can be used to control a relay for doing a hard power rest on sub-systems. But best among the features is that you can have the Cradlepoint VPN to a virtual LAN that you can connect to with you phone or laptop. Once connected, your device and and the router and all of the devices behind it are available to you through that virtual and secure LAN.

But they cost, and to get the cool remote monitoring you have to pay a subscription. All worth it if you ask me.

Matt
Off Grid Island in Ontario Canada (Beaverstone Bay)
Primary: Classic 150 + wbjr; 3s2p HES 270watt
Winter: SolarBoost 50 MPPT (into wbjr); 2 x Sharp NE-80EJEA 80watt
Pack: 4s2p ROLLS S6-460AGM 6V for 24V pack
Inverter/Charger: Trace DR2424
Call Sign: KG4EUF

ClassicCrazy

#6
Not sure if you are into ham radio but you could probably get into your system via RF and activate a power switch via RF . Really depends on the local network but I have a box for APRS that lets you switch things on and off via messaging on the internet which can gate the commands to RF. 

A bit of messing around but RF is always fun to play around with - ham radio great hobby so worth getting the license . You can also set up APRS to send out telemetry data which if in range of an igate makes its way to be stored in APRS servers.

https://www.argentdata.com/catalog/

Larry
system 1
Classic 150 , 5s3p  Kyocera 135watt , 12s Soneil 2v 540amp lead crystal for 24v pack , Outback 3524 inverter
system 2
 5s 135w Kyocero , 3s3p 270w Kyocera  to Classic 150 ,   8s Kyocera 225w to Hawkes Bay Jakiper 48v 15kwh LiFePO4 , Outback VFX 3648 inverter
system 3
KID / Brat portable

schroew

Is this available across the internet? The address tcp.ngrok.io seems to be hosted in Amazon. If this is publicly available couldn't someone mess with your stuff?

mcsarge

ngrok is available over the internet and is indeed a security risk. As I mentioned in my original post, but I only put it up when I need it and then disconnect it when done.

Larry - KG4EUF here :-) Sadly, where the island is in Canada there are no relays in range of a reasonable sized radio and antenna. Having redundant systems and system designed for unattended service is better IMHO. But I have designed an ESP32 based relay closure device that would leverage the internet connection that the Cradlepoint provides.

Matt 
Off Grid Island in Ontario Canada (Beaverstone Bay)
Primary: Classic 150 + wbjr; 3s2p HES 270watt
Winter: SolarBoost 50 MPPT (into wbjr); 2 x Sharp NE-80EJEA 80watt
Pack: 4s2p ROLLS S6-460AGM 6V for 24V pack
Inverter/Charger: Trace DR2424
Call Sign: KG4EUF

mcsarge

Another use case for ngrok:

If you have run out of the free slots in your RealVNC Free account, you can start up an ngrok tunnel to port 5900 and then use that in the VNC Client to connect to your computer.

./ngrok tcp 5900

with my Cradlepoint, I can establish an SSH link from the Cradlepoint Netcloud Manager via the browser but I can not tunnel as that link is controlled by the web client.

Matt
Off Grid Island in Ontario Canada (Beaverstone Bay)
Primary: Classic 150 + wbjr; 3s2p HES 270watt
Winter: SolarBoost 50 MPPT (into wbjr); 2 x Sharp NE-80EJEA 80watt
Pack: 4s2p ROLLS S6-460AGM 6V for 24V pack
Inverter/Charger: Trace DR2424
Call Sign: KG4EUF