Connecting to Domoticz behind non public IP - More than one
Moderator: leecollings
-
- Posts: 65
- Joined: Wednesday 14 January 2015 12:08
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Location: India
- Contact:
Connecting to Domoticz behind non public IP - More than one
First up, I really love domoticz – After running a production system in my primary home for more than a year (DOM1), I now intend to use domoticz for my secondary home (DOM2) and an outhouse (DOM3)
The problem with the latter locations is that the internet connection available is a basic connection behind a NAT.
Thus there is no way I can connect to DOM2 and DOM3 externally directly.
One alternative is to use my.domoticz.com but unfortunately it works extremely slow in India (probably latency with the European servers)
I am ready to rent out a VPS assuming I can create some sort of a proxy on the VPS that DOM1, 2 and 3 connect to.
Subsequently I can connect to the VPS which in turn routes the request to 1, 2 or 3
Maybe some kind of a mydomoticz service instance running on this VPS or perhaps some other solution?
The problem with the latter locations is that the internet connection available is a basic connection behind a NAT.
Thus there is no way I can connect to DOM2 and DOM3 externally directly.
One alternative is to use my.domoticz.com but unfortunately it works extremely slow in India (probably latency with the European servers)
I am ready to rent out a VPS assuming I can create some sort of a proxy on the VPS that DOM1, 2 and 3 connect to.
Subsequently I can connect to the VPS which in turn routes the request to 1, 2 or 3
Maybe some kind of a mydomoticz service instance running on this VPS or perhaps some other solution?
- bbqkees
- Posts: 407
- Joined: Sunday 17 August 2014 21:01
- Target OS: Linux
- Domoticz version: 4.1x
- Location: The Netherlands
- Contact:
Re: Connecting to Domoticz behind non public IP - More than
Cant you do a portforward?
Bosch / Nefit / Buderus / Junkers / Worcester / Sieger EMS bus Wi-Fi MQTT Gateway and interface boards: https://bbqkees-electronics.nl/
-
- Posts: 65
- Joined: Wednesday 14 January 2015 12:08
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Location: India
- Contact:
Re: Connecting to Domoticz behind non public IP - More than
No, the ISP at DOM2 /DOM3 locations does not give out public IPs but rather NATted private IPsbbqkees wrote:Cant you do a portforward?
- jvdz
- Posts: 2189
- Joined: Tuesday 30 December 2014 19:25
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 4.107
- Location: Netherlands
- Contact:
Re: Connecting to Domoticz behind non public IP - More than
You shouldn't need a separate public IP address when you use a unique port on the public side and NAT/Portforward that the private ipaddress for the domoticz server...right?
Jos
Jos
New Garbage collection scripts: https://github.com/jvanderzande/GarbageCalendar
-
- Posts: 65
- Joined: Wednesday 14 January 2015 12:08
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Location: India
- Contact:
Re: Connecting to Domoticz behind non public IP - More than
Yes, but please read the original post.jvdz wrote:You shouldn't need a separate public IP address when you use a unique port on the public side and NAT/Portforward that the private ipaddress for the domoticz server...right?
Jos
The ISP does the NATting - I do not have control over the ISP and thus there is no way I can reach the Domoticz server at DOM2/DOM3 from outside directly.
The only possibility I see is that DOM2/DOM3 initiate a connection from their end to either a public VPS or to a server I can run at the primary location (DOM1)
Public access to DOM2/DOM3 is brokered by my own server
Think of it is as something similar to the way IoT devices like Belkin WEMO or IP Cameras manage WAN side connectivity without any portforwarding/Dynamic DNS
-
- Posts: 65
- Joined: Wednesday 14 January 2015 12:08
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Location: India
- Contact:
Re: Connecting to Domoticz behind non public IP - More than
Thanks - The only reason I was thinking of a VPS was for improved reliability but yes, I can do the same via the primary home server alsogordonb3 wrote:Unsure what the VPS would be needed for. If you can access your primary home server through the public network (either by fixed IP or DDNS service) it will be sufficient if your other two locations can set up a VPN connection to the server in your primary home. You can then proxy the requests using whatever web server you like best (e.g. apache, nginx). I read an entry that the latest version of domoticz supports setting an alternate web root, so you could even concentrate the locations on a single https host.
So to summarize what you are saying, I should create an always on VPN connection between location 2 and 3 to location 1
Plus I use apache or nginx to act as a reverse proxy to route requests to location 1 directly or via the VPN to 2 or 3 as required
Anything in particular I should look up in google for such a use case?
-
- Posts: 65
- Joined: Wednesday 14 January 2015 12:08
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Location: India
- Contact:
Re: Connecting to Domoticz behind non public IP - More than
Thanks - I think I have got on the right trackgordonb3 wrote:None that I can think of right now. I guess nginx is likely the simplest to configure. Note that you should not reverse proxy, i.e. not translate any links. If the paths are not identical on the proxying server as they are on the target domoticz UI it will not work (I tried - and tried). I guess the troublesome part may be the VPN. If you decide to go for a net to net VPN the IP ranges need to be different on the three member sites, but some ISPs lock the routers they provide to a specific range. In this case you'll need to buy different routers, but that can also simplify the task at hand if you buy routers that have built-in VPN.
In any case, whatever I'd tell you how I would do it, there's probably 50 other methods to achieve the same.
For now, I am simply going to do a reverse SSH tunnel the local domoticz ports from DOM2 and 3 to 2 different ports on DOM1 (say 8081 and 8082)
That way, I get to see DOM2 and DOM3 on DOM1:8081 and 8082
-
- Posts: 65
- Joined: Wednesday 14 January 2015 12:08
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Location: India
- Contact:
Re: Connecting to Domoticz behind non public IP - More than one
For posterity's sake , let me just add how I configured this:
1) Signed up for a free VPS on Amazon Webservices - Set it up as a Ubuntu Micro instance
2) Configured the SSH service on the VPS to allow Port forwarding (add a line "Gateway Ports yes" to /etc/ssh/sshd_config)
3) On all domoticz instance, Installed AutoSSH (tool to monitor and reinitiate SSH if it fails)
4) Add a line to startup scripts for AutoSSH to start the following SSH session at startup (remote port: local IP:localport )
1) Signed up for a free VPS on Amazon Webservices - Set it up as a Ubuntu Micro instance
2) Configured the SSH service on the VPS to allow Port forwarding (add a line "Gateway Ports yes" to /etc/ssh/sshd_config)
3) On all domoticz instance, Installed AutoSSH (tool to monitor and reinitiate SSH if it fails)
4) Add a line to startup scripts for AutoSSH to start the following SSH session at startup
Code: Select all
ssh -R 8080:localhost:8080 [email protected]
-
- Posts: 13
- Joined: Friday 15 May 2015 8:21
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 2.25
- Contact:
Re: Connecting to Domoticz behind non public IP - More than one
I need to do a similar setup since I have a raspberry+domoticz with a 3G connection (no public IP), hence I cannot connect from outside the LAN.
I am planning to do a ssh reverse tunnel from this raspberry to another one that has a public IP. Suppose the one in the 3G network is Pi-A and the other Pi-B.
If the autoSSH setup described here works by connecting to port 8081 on Pi-B I should get the domoticz inteface running on port 8080 of Pi-A.
My question is: when I am within the LAN of Pi-A can I get the interface on the local port 8080 or I am forced to go through Pi-B since the channel is always in place?
I was thinking I could use https (port 443) locally and 8080 remotely but I suspect that 443 is then forwarded to 8080 and in that case it would not work.
Thanks for any hint.
I am planning to do a ssh reverse tunnel from this raspberry to another one that has a public IP. Suppose the one in the 3G network is Pi-A and the other Pi-B.
If the autoSSH setup described here works by connecting to port 8081 on Pi-B I should get the domoticz inteface running on port 8080 of Pi-A.
My question is: when I am within the LAN of Pi-A can I get the interface on the local port 8080 or I am forced to go through Pi-B since the channel is always in place?
I was thinking I could use https (port 443) locally and 8080 remotely but I suspect that 443 is then forwarded to 8080 and in that case it would not work.
Thanks for any hint.
RPi 2 + RazBerry
-
- Posts: 13
- Joined: Friday 15 May 2015 8:21
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 2.25
- Contact:
Re: Connecting to Domoticz behind non public IP - More than one
Thank you for the pointer Tony, but I would prefer keeping my data on hosts that I control. Despite the https network connections, with mydomoticz the data is going to an intermediate server administered by a third party.
I will look more into the security issues of that solution but I would also like to try the SSH reverse tunnel on my own machines and I still look for
the answer to my question above.
I will look more into the security issues of that solution but I would also like to try the SSH reverse tunnel on my own machines and I still look for
the answer to my question above.
RPi 2 + RazBerry
-
- Posts: 66
- Joined: Monday 20 July 2015 14:12
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Connecting to Domoticz behind non public IP - More than one
Yes, I understand your point. Actually I'm just developing a remote-controlled heating system for a holiday cottage (the point is to be able to switch between maintenance heating (~ +10 C) and normal heating remotely, and to control both electric radiators and the air-to-air heatpump).
Solutions which work without Dynamic DNS and port forwarding, even with a Raspberry Pi:
OpenVPN is a good choice as well, I've tried that out on my Linksys WRT54GL router, with the DD-WRT firmware.
(Oh yes, should have read the first mail more carefully, the VPN server idea will not work if you don't have a public IP)
Solutions which work without Dynamic DNS and port forwarding, even with a Raspberry Pi:
- Teamviewer, https://pages.teamviewer.com/published/raspberrypi/
- remot3.it (successor of weaved.com), http://forum.weaved.com/t/how-to-get-st ... or-pi/1029
OpenVPN is a good choice as well, I've tried that out on my Linksys WRT54GL router, with the DD-WRT firmware.
(Oh yes, should have read the first mail more carefully, the VPN server idea will not work if you don't have a public IP)
-
- Posts: 111
- Joined: Monday 18 January 2016 9:56
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Connecting to Domoticz behind non public IP - More than one
I use autossh myself for a location with a 4g dongle.
And you can still use 8080 when on location.
You can also do one then more forward for example:
In the example I use a different port on the remote host running the nginx proxy, this way I can have nginx listen on port 443 and 8080.
You could even forward ssh itself for some remote debugging.
And you can still use 8080 when on location.
You can also do one then more forward for example:
Code: Select all
ssh -R 40433:localhost:433 -R 48080:localhost:8080 [email protected]
In the example I use a different port on the remote host running the nginx proxy, this way I can have nginx listen on port 443 and 8080.
You could even forward ssh itself for some remote debugging.
-
- Posts: 13
- Joined: Friday 15 May 2015 8:21
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 2.25
- Contact:
Re: Connecting to Domoticz behind non public IP - More than one
Sneezydevil, thank you for confirming I can still use the port locally. However I have some problems setting up the reverse tunnel: I use on Pi3g (this is the Pi without public IP that is running domoticz exposing it to local port 8080)
ssh -R 8081:localhost:8080 me@myPublicIP-Pi -p222
(myPublicIP-Pi is configured to accept out-of-Lan ssh connections on port 222)
in principle now I should be able to open a browser and find my remote domoticz typing the url http://myPublicIP-Pi:8081
However the browser does connect to anything.
Do I need to setup something else?
myPublicIP-Pi is running a VPN server and another domoticz but not using port 8081 When pointing my browser to it I first connect to the VPN so it is like I am in the local Lan and there should not be any problem with reachability of port 8081
any hint?
Thank you!
Sent from my iPad using Tapatalk
ssh -R 8081:localhost:8080 me@myPublicIP-Pi -p222
(myPublicIP-Pi is configured to accept out-of-Lan ssh connections on port 222)
in principle now I should be able to open a browser and find my remote domoticz typing the url http://myPublicIP-Pi:8081
However the browser does connect to anything.
Do I need to setup something else?
myPublicIP-Pi is running a VPN server and another domoticz but not using port 8081 When pointing my browser to it I first connect to the VPN so it is like I am in the local Lan and there should not be any problem with reachability of port 8081
any hint?
Thank you!
Sent from my iPad using Tapatalk
RPi 2 + RazBerry
-
- Posts: 13
- Joined: Friday 15 May 2015 8:21
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 2.25
- Contact:
Re: Connecting to Domoticz behind non public IP - More than one
I answer myself in case others may have the same problem.
What was missing was editing sshd_config file in the myPublicIP-Pi machine to insert the option
'GatewayPorts yes'
This way the tunnel can be used also from other machines that can reach myPublicIP-Pi:8081
What was missing was editing sshd_config file in the myPublicIP-Pi machine to insert the option
'GatewayPorts yes'
This way the tunnel can be used also from other machines that can reach myPublicIP-Pi:8081
RPi 2 + RazBerry
-
- Posts: 49
- Joined: Thursday 17 December 2015 22:24
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 3.5877
- Location: Norway
- Contact:
Re: Connecting to Domoticz behind non public IP - More than one
Has anyone tried "DATAPLICITY" to connect to the domoticz remotely?
I tried remot3.it (earlier weaved) and installation goes fine but for whatever reason pi doesn't appear into my account. Also my.domoticz.com is very very unstable for me, each reset of modem (which is not something I control) causes domoticz to go offline.
Then I read here https://www.raspberrypi.org/documentati ... -Internet/ about the Dataplicity
https://docs.dataplicity.com/docs/how-it-works
and it looks like a simpler version of weaved, without login panel (which is convenient for my wifes mobile). Only concern is that domoticz is basically open to the web if you know the right url.
Could this be avoided by having a password in domoticz for only that type of connection? It looks to me that it "simulates" local connection, thus domoticz might not be able to identify where does connection comes from (if it is local or remote). They do suggest firewall for ngin-x, but I have zero experience with security and firewalls and things.
What do you think, would the approach be possible / secure / smart to implement?
I tried remot3.it (earlier weaved) and installation goes fine but for whatever reason pi doesn't appear into my account. Also my.domoticz.com is very very unstable for me, each reset of modem (which is not something I control) causes domoticz to go offline.
Then I read here https://www.raspberrypi.org/documentati ... -Internet/ about the Dataplicity
https://docs.dataplicity.com/docs/how-it-works
and it looks like a simpler version of weaved, without login panel (which is convenient for my wifes mobile). Only concern is that domoticz is basically open to the web if you know the right url.
Could this be avoided by having a password in domoticz for only that type of connection? It looks to me that it "simulates" local connection, thus domoticz might not be able to identify where does connection comes from (if it is local or remote). They do suggest firewall for ngin-x, but I have zero experience with security and firewalls and things.
What do you think, would the approach be possible / secure / smart to implement?
Raspberry Pi 2 B - MySensors (dimmers, switches, motion, temperature, lux, humidity sensors)
zWave (220v switches)
various 433 via RFLink
zWave (220v switches)
various 433 via RFLink
Who is online
Users browsing this forum: No registered users and 1 guest