Hello,
I want to access to Node Red dashboard over internet.
So i have installed a OPENVPN server on a vps host by OVH. Node Red was host on a raspberry pi and connected to internet with 4G box (ref box Huawei flybox) and obviously i have installed openvpn client on Rpi.
My problem is: I can't access to node red througt the vpn but i can access SSH or VNC with my phone connected on the VPN but node red is not accessible.
I try to openport with iptables on Rpi but no change.
So i need your help, and sorry for bad english i'm french
Not all VPS hosts allow vpn endpoints to be run - did you check your terms and conditions before doing this?
Also, you've put all the trust in a shared server running on a shared platform which isn't the most secure arrangement. I assume that you've done this so that you don't have to leave the 4G connection live all the time? If not, then why not simply run the VPS server on the Pi and simplify the whole thing (also making it probably more secure)?
OpenVPN server is installed in the cloud on a hosted platform
OpenVPN client is accessing this VPN from a RPi (over 4G) - your Node -Red instance is running on this same RPi ?
If this is so then it appears to be a little backwards
Usually you would access an OpenVPN server (through whatever method) and that OpenVPN server would have a series of SUbnets/addresses that it made available to access (which is usually pushed out to the OPenVPN clinet (dependant on exact configuration)
So it would make more sense to have the OpenVPN Server running on your RPi and use a Dynamic DNS service to be able to access it as the IP address changes (due to the 4G connection)
I can't use VPN server on Rpi because i can't open port on my 4g router this is why i use an external VPN.
I just want to access to my node red dashboard from everywhere and the VPN seems to be the best way. The VPN work well because i can use SSH and VNC but node red is very slow to load or is impossible to reach.
I can't install openvpn server on my rpi because is not possible to open port on my 4G box this is why i use external VPN, the VPN seems to work fine because i can connect to Rpi with SSH or VNC through VPN.
If i connect my phone to the VPN and i scan port on the ip adress of my Rpi i can see 2 port open 22 for ssh and 5900 for vnc. I try to port 1880 on Rpi with Iptables but no change.
Right, So what you actually want to do is to setup a Site to Site VPN rather than just the client on the Rpi
You would install OpenVPN server on the RPI and have it establish a VPN to the other server on the Hosted system, then you could expose whatever you wished from your RPi and by accessing the hosted OpenVPN from your phone be able to tunnel through that VPN to the RPi
I think you are confused about what a VPN will do. If you want to use a VPN to access node-red without opening your pi to the internet then the VPN needs to be running on same local network as the pi. VPN's in the cloud fulfill a different function.
i have install node on my pi connected to my 4g box, i have installed OPENVPN on my private vps in cloud. i connect the pi to the vpn (it works), i have connected my phone to the vpn (it work). So with the vpn i have created a private network. I can connect my pi and my phone with ssh or vnc. So i have connected my pi with my photo through internet as if i have connected my pi and my phone on the same private network, so why node red is unreachable ?
Change the url if you don't have local TLS set up & remove the -inspect=false if you want the ngrok inspector web app. If you want to, you can also restrict the intermediary website to be in a specific region, e.g. add -region eu to the command.
This creates an HTTPS only channel which is password protected.
This works fine with Node-RED though some corporate networks block access to ngrok. This is a lot more secure than your current setup and likely to work better. It is also possible to use ngrok to proxy SSH, you could then use SSH tunnels in case you want access to other local web services like Grafana, MQTT and InfluxDB for example.
Of course, SSH tunnels will also work on your vpn since you can connect that way.
Yes i can access to node red on the local network with the ip adress give by the 4G box (ex 192.168.1.102).
When i want to access node red i have a blank page but if i connect my phone to the 4G box and i connect my phone to the vpn, i can access node red with the ip adress give by the vpn (ex 10.8.0.5:1880) but if my phone is not connected to the same real network is not working for node red but ssh and vnc work.
One thing to check is that websockets are not being blocked.
My setup at work has Node-Red hosted at a Cloud server, but we have a dedicated VPN connection between us and the IaaS provider so that it looks like the Node-Red server is just on a different subnet in the WAN. The VPN connection was going through a firewall and websockets were being blocked by the firewall. There was another post on this board about someone hosting Node-Red behind a reverse-proxy and in that case the reverse-proxy was blocking Node-Red from using Websockets. In both cases the Websockets traffic was being dropped rather then rejected and would take a long time for Node-Red to load as it had to wait on the websocket to timeout before it would fallback to using a plain http connection.
Does that apply to the editor and dashboard urls? When you say a blank page do you mean absolutely blank? Is there anything visible at all. If websockets are not getting through the VPN then I think you will get something.
That might be websockets being dropped. We were seeing Firefox and Chrome behave different, Firefox would eventually load (after a minute & a half), but Chrome would only sometimes work (second or third try).
To check if it Websocket issue fire up the network tools on your favorite browser and look for the traffic to the "/comms" location and see it it's working.
Here's it looks like working correctly in FireFox: