0

I have a Rpi with a cellular modem and SIM card attached. I can browse the web and login remotely to it using something like TeamViewer. However, I would like to use it as an access point.

I am in the US with ATT and not paying for a static IP. That being said, is it even possible to reverse SSH tunnel to something like Open VPN, and then from a desktop not on the LAN connect to that RPI that is connecting solely via the SIM card through Open VPN?

If not, is there any solution in which I can access this RPI running on a non-static IP 4G without being on the same LAN?

Improve this question
1
  • Welcome to SuperUser. Please take the Tour to learn how Q&A sites like this differ from internet discussion forums. It's also a good idea to check the Asking- and Answering -sections in the Help to learn how things work. From Review
    – Peregrino69
    Commented Oct 6, 2021 at 23:35

1 Answer 1

Reset to default
0

is it even possible to reverse SSH tunnel to something like Open VPN

That's pretty much "built in" into how a VPN works. Once a tunnel is established, it is always bidirectional.

Unlike SSH tunnels (which work with whole connections at a time), VPNs deal with individual packets, which already have to travel back and forth, and the tunnel doesn't try to distinguish which packets are supposed to belong to "inbound" or "outbound" connections. It just works both ways by default.

(Commercial VPN providers usually have a deliberate firewall ruleset configured to prevent clients from receiving inbound connections, as allowing them would typically pose security and privacy risks to the customers. But the point is that those aren't restrictions inherent to VPNs that you'd need to find a way to remove – they are custom restrictions that you'd need to not add in the first place.)

However, something needs to be static1, so that all other endpoints would know where to find it. If the RPi doesn't have a static address to accept incoming VPN tunnels, then it has to connect to something else which does.

(If neither you nor the RPi have static addresses, then it has to be a third device that both you and the RPi will connect to – for example, a rented virtual server.)

Products like TeamViewer work because they have a central directory server which acts as a "meeting point" between dynamic hosts, where devices register their own ID together with their IP address/port/etc. (The central server may also help with NAT traversal.)

OpenVPN doesn't have that, it's entirely "self-hosted", so you have to provide your own – or use another tool which does. (There are a few VPN products which use a centrally-hosted directory server, e.g. Tailscale or ZeroTier.)

1 Technically the address doesn't have to be "static", it actually has to be "public"/"dedicated" (i.e. not shared with other customers via CGNAT) and "able to receive incoming connections" (i.e. not deliberately firewalled by the ISP). If it satisfies these requirements but is merely non-static in that it changes every once in a while, this can be worked around – people have been hosting personal websites and services using "dynamic DNS" for quite a while. But a fully static IP address does indeed make things a lot simpler.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .