Question

Hi, I need to port forward in to the remote TRB140 and its LAN.  I can do this with a public IP but I can also achieve the same by SSH'ing from the TRB 140 to my data gathering system, using port forwarding.  I have tried this and it works perfectly, and does not require a sim with public IP and is intrinsically more secure.  But the TRB140's are in remote locations and not easily accessible.  So the question is, is it possible to achieve an automatic and persistent SSH out of the TRB140.  (In a previous life I did something similar on a Linux box using a bash script, but I have lost the details and am not sure how to proceed in the new context.)  Many thanks for any help.

Answer 1

Hello,

Instead of a ssh tunnel you may also consider using a VPN between the TRB and you data gathering system. Many solutions are possible : wireguard ipsec openvpn ... You won't need to perform port forwarding direct access of IP:port pairs will be possible.

Regards,

Comments

Many thanks - whilst I have quite a bit of experience with SSH etc I have never set up a VPN.  I see the TRB140 supports a number of varients - I wonder if you could advise which might be the simplest to set up on the server.  The requirements are simple - open a TCP port within the remote TRB network from a PC on the control room network - exactly as would be achieved with a public SIM IP and a port-forward in the TRB140.

Thanks for your interest.

---

Depends on what you have in the control room. Wireguard is easy to setup and has *very* good performance but if you don't have it at the other end it won't help much. Other VPNs are also possible from experience may not be as easy to debug. OpenVPN is not that hard but IPSEC is a large beast with many pitfalls.

---

We use an autossh based backup 'tunnel' with reverse port forwards (-g), but from a FreeBSD host behind the gateway.

But I agree that en OpenVPN/Wireguard based setup is preferable as its supported right from the Teltonika itself.

---

Many thanks for the advice.