I had to manage my Raspberry Pi remotely, but the Raspberry Pi sits behind a NAT (home internet), so how does one SSH into it while away (for a long time)? Easiest way is to put the Pi on a VPN network where we can talk to each other directly.
My solution is quite tedious, since it requires a VPS server, which can be set up on demand when I need to access Pi, and another client on the Pi that phones home to my cheap (almost free) web host to get details on how to connect to the VPN server which resides on the VPS server.
The whole idea can be illustrated below
The underlying VPN tunnel is OpenVPN. Why? Because it is super easy to use on the Raspberry Pi. One configuration file (which is generated from the Softether Server manager) and one credentials file and one command line is all required to get the Pi to connect.
The Pi probes the cheap WWW host every 5 minutes which tells the Pi where to download the configuration file and credentials file (which is two line of username and password), and whether to initiate the VPN connection. The probe is written in Python and invoked by crontab. If I need to access the Pi, I just flick a switch on the WWW host and upload the necessary files and the Pi downloads them and starts an OpenVPN client. Then I connect to the VPN and voila, I can SSH into it as if we’re on a LAN.
The Softether VPN server, which is installed on the VPS, is extremely easy to use. It can be said to be a swiss-knife of VPN, as it comes with L2TP, OpenVPN server and a GUI out of the box, and it’s freeeee!
Will find another time to write up the setup of a proper Softether server, with native NAT!