Remote SSH to Gateway

I’m curious on suggestions/best ways to be able to remotely SSH to a LoRa GW that is running Chirpstack v4? Currently just running v4.10 full image on a Raspberry Pi 4B.

I was looking into using AWS tunneling service: Open a tunnel using manual setup and connect to remote device - AWS IoT Core, but building and deploying the dependencies on Gateway OS is proving to be challenging, so just curious if there is a better solution for remote access (i.e. outside of LAN)?

Thanks!
Bryan

1 Like

Can you just NAT your gateway so it is publicly reachable?

You also don’t need to download the AWS tunnel directly onto the gateway, you could install it onto a different device in your private network, like a Pi, and still use it to access your gateway.

1 Like

Would setting up a VPN be an option? The ChirpStack Gateway OS comes with Wireguard pre-installed.

If you have a server that has a public IP address, what about setting up a reverse SSH tunnel? If you run this inside the LoRagateway:

ssh -p yy -R 2222:localhost:22 loragateway@xx.xxx.xx.xx -N -o "ServerAliveInterval 2" -o "ExitOnForwardFailure yes"

This will connect to your SSH server at xx.xxx.xx.xx port yy, to forward the SSH service from the LoRa gateway to localhost:2222.

I have used a remote port forwarding/reverse tunneling solution. The solution works well. One part of the application runs in a public data center and the other end runs in a private network.

The autossh solution is running in a docker container. The system has been operating for over ten months without extra maintenance. So it seems like a good solution.

Here are some notes about the solution

"…Autossh Docker image to create a stable and reliable auto-ssh connection between two hosts by using ssh port forwarding. Port forwarding is a method for safely transmitting data over an encrypted SSH connection between a local and remote server.

GLS-autossh can configured two different port forwarding mode:

  • local port forwardind
  • remote port forwarding - Reverse Tunneling

Diagram of the gls-autossh reverse tunneling.

Local port forwarding Redirects traffic from a local port on the client machine to a specified port on a remote server via an SSH connection.

Remote port forwarding Redirects traffic from a port on the remote server to a specified port on the client machine.

Remote port forwarding reroutes traffic from a specified port on the remote server to a designated port on the local machine. This is in contrast to local port forwarding, which forwards data from a local machine to a remote server…"