Hello sir ,I'm student form India .I want to access my raspberry pi GPIO pins over internet (not only same WiFi). Node red helped me a lot under WiFi communication. Plz help me to solve my problem. I'm searching form last 2 weeks for the solution.
Your post heading says "Access my dashboard over internet" and your post says you want to access the gpio pins. If you want to access your dashboard you will have to expose your system to the internet, which is not trivial as you need to secure your system against internet attacks (there are lots of malignant bots, the attacks will start shortly after the connection is made).
If you just want to access the gpio pins you can use Telegram as a two-way messaging system, which is very secure. If you search the forum you will find suggestions.
Thanks for your response , basically my dashboard UI buttons are ultimately connected to raspberry pi GPIO pins (sorry for insufficient info). That's why I mentioned GPIO pins in side post. Is there any way other than telegram.
As example, this is a great guide how you can install and configure your own vpn server and client certificates
I would never open up ports in my firewall for direct access from internet
There are also plenty of options for building a VPN in Docker whcih means that 90% of the work is done for you and if you pick a good one - then well peer reviewed so most of the basic errors would have been taken care of
Colin, that is a great blog, I think focusing on "how-to-do-it" is well thought - I remember when I did the setup a couple off years ago following Orsini's articles, it did take some time for sure but it also gave a good explanation
I have some questions for you
do I understand it correctly that you use encryption method 2048 bits?
(If so, do you have an opinion on how much more secure this is than staying at 1024? Should 1024 be avoided nowadays?)
Another thing that happened to me was that everything was working perfectly well with our d-link router until I changed provider and router to a Huawei 4G. The port forwarding was correct but I could not connect my clients anymore. Changing from udp to tcp was the key to solve that (change proto udp to proto tcp in the script), and in fact, I think I can notice it now connects faster
why not select tcp from start instead of udp?
(unfortunately, if you decide to change an already configured vpn setup, I think you have to generate new certificates)
2048bit is very much more secure than 1024 of course - I probably should be able to tell you how much but it is Sunday morning and I left the required brain cells in the office.
However, it is significant overkill unless you are planning world domination and expecting global powers to try to hack your connection.
As others may testify, I am pretty paranoid when it comes to security (part of my job) but even I recognise that 1024bit will be fine for a few years yet unless there is a big step change in technology.
Excuse my ignorance here but can you explain the topography here? Does the VPN sit on the same RPI as node red or a separate RPI? If it's on the same am I correct in understanding that as long as you're connected via Open VPN to that VPN server it is encrypted from your PC or Phone to the VPN server and then the UI is served up to this VPN?
As long as you are connected you will have an encrypted tunnel into your entire "home" network as if you are connected locally - so you could typically see everything on your network, depending on your common access rights on other devices/computers on your network.
If a single RPi is enough or not depends on
others tasks devoted to that RPi
performance requirements you might have for various needs
need to support multiple users connected simultaneously
If the RPi just runs NR with a "normal" flow with low cpu load and you just want access to the Dashboard for gui reasons, I think a single RPi will be able to handle that fine
Myself, I decided to install the VPN server on a separate RPi3. Reasons for this are that I wanted to have the possibility to override regional restrictions while streaming live TV channels from abroad. The streaming works very well when a hotel provides a good network connection. But for normal Dashboard operation, I think a RPi3 dedicated for the VPN server is a bit overkill
Yes, exactly. In my IPhone I have installed the OpenVPN app first. Then I mailed myself the generated certificate file and opened it with the app. That's it
Sorry, one last question (I think). Does that mean that if you accidentally left it on and accessed other things on your phone, your home data usage would go through the roof...............but be secure?
Yes, as long as you are connected via the tunnel and reading data from any resource on your network or internet, that data will be passed on to your remotely connected device (phone, mac book whatever..) via your home network. The same if you would write/send data from your phone to your network. The data in the tunnel will be secured with the level of encryption decided when you configured the vpn server (we discussed 1024-bits versus 2048 briefly earlier). So you can think of the tunnel as an extension of the network that is "behind" the VPN server
Well, I guess there are tons of various solutions for a gui but it was specifically asked how to access the NR Dashboard in a secure way from internet. As far as I understood
If I remember correctly I found it noticeably quicker on udp. However I did find that I had to set the router up to forward both udp and tcp. Perhaps that was the problem you encountered, I can't think of any other reason that changing a router should make any difference. I think the openvpn recommendation is generally to use udp unless you find this causes problems as it is generally faster. There should be no need to use tcp as the communications that are being tunnelled using udp are generally themselves tcp so the error correction features of tcp are handled end to end and are therefore not necessary for the actual tunnel itself, if that makes sense. I am no expert on this though, so I may be talking through my hat.