On Wednesday, December 9, 2020 at 8:11:23 AM UTC-8 Sunray wrote: > A question to you experts: is this feasible at all ? What are the minimum > setup steps that must be done locally at the cabin? I guess the key steps > are 1) to find out the local IP addresses of the weather station and the > RPi, and then 2) get the weather station to talk to the RPi and then 3) to > get the virtual desktop of the RPi to become accessible on the internet. > Then I could control Weewx from home. > > Definitely feasible.
(3) is the scary one. You're going to be attacked by bots and script kiddies so often it will be mind-boggling. You'll have to harden anything exposing open ports to Internet and be 'perfect' the first time in doing so. For ssh have key-only logins, no passwords permitted. I don't know how you could do VNC securely, but I'd think you need some kind of VPN gateway set up, 'also' done *perfectly* the first time. You'll see attacks within just a few seconds/minutes from the bots. Really. Re: addressing, if you could statically configure your boxes that would be a huge help. Static is best. If you could use the same addresses on both LANs that might help too (ie, build on your LAN and get it working, then move the gear to the cabin and power it up), although that might create problems with routing. Maybe set it all up statically at home, edit the addresses just before shutting it down to move the gear, and cross your fingers you didn't typo something :-) For dev/test of the VPN software, I'd figure it out with a bunch of VMs and virtual networks in VirtualBox. Draw a picture. Set up the virtual networks like you'd have on both home+cabin LANs. Have just one network as a simulated Internet. Install your VPN software on both endpoints. Test that you can route end to end across the VPN tunnel. You didn't mention what you're using for firewalls on your LAN or cabin so we can't help much there. Obviously you'll need to punch some port/protocol holes in both firewalls to let the VPN traffic through, maybe the ssh traffic too if you don't want to run that through the tunnel too. The gory details are complicated. You might want to ask in reddit in /r/homelab or /r/homenetworking for thoughts. It's definitely doable, but there are a lot of moving parts to get right, and right away. You don't want to be shields-down ever even for a few minutes. -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/4559cf7b-057e-40cd-a1ff-bc68e4fc35b2n%40googlegroups.com.
