I'm building a home IoT device and I can't figure out a way of setting a static IP which would work on any network. I want to be able to ship this device to anyone having previously set a static IP and all they would have to do is connect to the internet and be good to go.
Any help is appreciated!
Consider using Teredo(Miredo in OpenSource world). Following is an excerpt copied shamelessly from Wikipedia.
In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network. Unlike similar protocols, it can perform its function even from behind network address translation (NAT) devices such as home routers.
You can let your customers to configure the robot like a normal IoT device. Once the device is up and running, it will automatically connect to relay server and get an IPv6 address. This IPv6 address can be static or dynamic, updated to your server without using any third party.
This will give you seamless bi-directional connectivity between your server and robot(s) without resorting to port forwarding. You may have to address the security concerns by restricting the access to IPv6 address using PKI infrastructure.
Checkout Miredo at https://www.remlab.net/miredo/. You can even consider setting up your own Miredo server/relay.
the gateway IP of home routers changes constantly. this is why there is No-IP, DynDNS,... and similar services . this is also a common working solution. your customers need a dynaemic DNS provider or a similar service. This is also a common solution for scurity cameras. Another possibility is that the RPi sends the information to a cloud or another storage outside of the network and the app has access to this cloud. however this could be problematic because of privacy...
http://www.noip.com/support/knowledgebase/using-security-camera-systems-with-no-ip/
http://www.networkcameracritic.com/?p=124
the problem is that you want the external or WAN IP to be static like that of google or other big companies. This is very expensive and not every Internet Service Provider has this service. Another problem is that the IP of a smartphone on that the app runs also changes constantly.
Maybe the accepted answer in this link is useful http://www.superuser.com/questions/778640/do-you-need-a-static-ip-address-to-setup-a-webserver
Why do you need a static IP? I assume you want to open ports on the device and then have users to connect to it.
If that is the case: Simply do not do it! Its a major security problem.
Why?
Having all ports closed provides zero attack surface. If you open ports to the Internet, IoT device search engines will find this and try to attack it. And even if you protocol is secure today and even if users use secure passwords, how can you guarantee this in 5 years?
Instead open a connection from the device to a server, and let the users connect to the server. This allows central protection, monitoring (IDS) and security updates.
Here is an update in case anyone is having the same issue. I ended up using node package ip to update each robot's ip in my database. Each client then pulls the ip from the DB to connect.
Here is a snippet of my code. The server is fired on boot.
var ip = require('ip');
var mongo = require('mongodb')
var MongoClient = mongo.MongoClient
var url = 'your_url'
var name = "example"
function updateIP() { // update ip if need be
var my_ip = ip.address()
console.log(my_ip)
MongoClient.connect(url, function(err, db){
console.log(err)
var robots = db.collection('robots')
robots.findAndModify(
{name: name},
[['name', 1]],
{$set: {ip: my_ip}},
{update: true})
})
}
Related
I am developing a home automation application using IoT components. Most of these SOC's implement a web page for configuration and control, and I would like to be able to access these pages using the hostname vs. IP address.
Problem is some devices are accessible vis hostname and others are not. A port scan of my LAN shows some devices have host names and some don't. The ones with host names are accessible using the name, the others are not. All are WiFi connected using DHCP. The router is a generic WiFi router, with DHCP.
Since this is working on some devices I'm assuming that the infrastructure that makes this work is Ok, and the failure is on the part of the host when it registers itself on the network. So the question is, how does a host make it's name known to the network? Is it part of the WiFi connection protocol, DHCP, or what?
The objective is to fix the failing devices to properly register themselves on the network. I have source code for everything, so hopefully this is doable.
I have been looking for an answer to this problem, but I cannot find what I am looking for. I think, perhaps, it is because I lack the knowledge to ask the question in meaningful way.
I have been learning a lot about remote access to devices at home. I know that ISP's change public IP addresses regularly (dynamic IP address). I know that to get around this, one could use a service like "no-ip", etc. Or one could get a static IP address.
What I do not understand is how some of the latest home automation devices are able to be controlled remotely without use of a static IP, or a service like "no-ip". For example, a wifi enabled thermostat, or lighting system.
If the device had a built in server, or client, then I assume that the device could connect to an outside server in a remote location. The user could then also log into that server and send commands to the device. What I don't understand is how commands sent to the device from a cell phone, for example, can reach the home device. Presumably the off site location of the server would have to know the public IP address where the devise is located, and then port-forwarding would have to be set up to allow access to the device.
What am I missing here? Is it possible to create a homemade wifi enabled thermostat, webcam, or other device without using port-forwarding, no-ip, or a static IP?
Well, there are several ways to bypass the inbound connection constraint of NAT protocol. Such as:
A virtual adapter on the device configured to a VPN server that has an inbound port open ready to transfer data. Various open source solutions such as openVPN are considered as great examples for this service over IOT boards like Raspberry Pi, Beagle Bone, etc. These are used as gateways often. Further, they communicate with the microcontrollers over popular IOT protocols such as MQTT, COAP, etc.
Another solution is to create a port forwarding tunnel, since the router won't block the outbound connection. There are various tunneling services that are availble such as localtunnel, ngrok, etc. You could also use a cloud server that has a public IP such as AWS, DigitalOcean, etc. Again as above mentioned point, they can be implemented in the gateways.
Some devices "phone home" to a server so that there are ports open between them and the servers, and the mobile apps just contact the servers. This is the same way your web browser can receive web pages from a web server. If you have a NAT router, the router must open a port from the inside device to the outside server. This is maintained in a NAT table with expiration timers for UDP and session monitoring for TCP.
How can we know our own EXTERNAL IP address on the CLIENT (=our computer); NOT our internal IP address, NOT through an existing web site, NOT through a new website we would fabricate for this question; JUST with pure client OS commands scripting and/or JavaScript? Is that possible? In fact, if someone as a way to do that they should collect 1 million dollars because nobody has EVER come up with an answer to that on ANY website on this planet to my knowledge, A.R.
I think somebody DID ask that already, but using C#
IPHostEntry host;
string localIP = "?";
host = Dns.GetHostEntry(Dns.GetHostName());
foreach (IPAddress ip in host.AddressList)
{
if (ip.AddressFamily == AddressFamily.InterNetwork)
{
localIP = ip.ToString();
}
}
return localIP;
I don't know the OS you're targeting, but you might create an console application and read the value from it
Hope it helps
As Gricha mentioned, it can be requested via external site. There is an open source project that is also hosted.
You can get your external IP info in JSON format by calling this API:
curl http://ip2country.sourceforge.net/ip2c.php?format=JSON
in C#, there must be a similar method to call web API.
The project info is here: http://code.google.com/p/ip-address/
You can't find an external ip address from a simple system call. You can receive it from the router, which is probably router specific, or you need to make a call from an something out side of your lan. Typically this is done through a HTTP request or some other popular internet service.
Also, individual computers on a local network don't have an external ip. The router has one address and forwards packets to the individual device.
You can't do that without going out of your current network.
To know your IP address you need to ask your router about. It's your router that gives you the IP in his network.
To know the IP address that belongs to your router in their network - you need to ask someone in that network about your IP. Because that network gives him an IP.
Finally if you want to know your IP outside your ISP's network - you need to ask someone outside your ISP's network about it.
I'm thinking of a way to find the public IP of router at home, remotely.
For example if I'm in university and I need to connect to a machine in my home network. How can I get the public IP to connect to it?
To get the IP from that machine I can use something like this website - http://api.exip.org/?call=ip
But how can I send it to myself remotely?
One of the ideas is to write some sort of script that will check my email address for incoming messages. So when I need to know the IP, I just send some email to myself with specific text (or subject). When script will find that specific text, it will send the IP to the same email.
Another idea it to write a script that will upload a new file to the server (for example DropBox) every time the public IP is changed.
Or I can combine those two and email new IP every time it changes (not that often, but still it’s a spam).
What other solutions there can be, and how can I implement them (or the one that I have)?
I have Linux/Unix and Windows machines which I can use. I have no problem in writing code in different languages or looking in to any possible approach.
most of home router have dynamic DNS facility , you will find it in your router configuration as DDNS and configuration page you will find list of supported DDNS service ,most popular DDNS service is dyndns.org you have to subscribe there and they will give you tow free subdomain like example.dyndns.org , and after configuring that on your router you can easily from any where ping example.dyndns.org to know your router IP
I would be interested in hearing from anyone that has successfully established a VPN connection through a Sonicwall (TZ-100) device on to a SBS-2008 network as I currently have VPN access (through the Sonicwall Global VPN Client), but I am currently using a local user account from the firewall device.
As I am not establishing the VPN request using my Windows-AD username and password, I am having to enter my windows credentials to access network resources. Launching Outlook does not show my mail (even if I type in my password when promted). If I type in \\MyServerName\SharedFolder into Explorer, then I see the 'offline' sync folders stored on my laptop. On the otherhand, if I type \\192.168.100.10\SharedFolder (lets assume this is the LAN IP4 address for my server), then once I enter my windows credentials, I can see ALL the 'online' folders. Currently, for mail, I am using OWA while connected on the VPN. This current approach is not ideal. I feel there is a DNS, NETBIOS problem with my current set up.
Question, so that I can work from home in a 'normal uninterrupted' manner, do I need to activate 1. Radius by itself?, 2. LDAP by itself? or 3. Radius + LDAP together? Any pointers would be helpful as I would like to approach the Sonicwall support team armed with a little more info and having read some friendly material.
The problem was resolved by changing the DNS address on the Sonicwall device to the server rather than inherritting the external DNS addresses from the ISP. Also the DHCP service was routed to the server for VPN traffic.
There is no need to set up any additional services on the server to get LDAP running on the Sonicwall device. With a little help from the Sonicwall support, my network now works as one would expect.