Dear all,

I would like to access to the ssh of my device (Raspberry) that is connected in internet with a 4G dongle modem. The problem is that my ISP gives me a private IP, so I am not able to ping the device.
I read that a VPN should solve the problem and cloud services exist with this purpose.
Can you indicate me a cloud service works fine for my needs? Free would be better...

Thanks

One solution is to use a reverse remote SSH tunnel, where the device is configured to phone home...

https://www.tunnelsup.com/raspberry-...te-ssh-tunnel/

Hi Ferrari, the problem to do this is that I need a server with a static IP that I don't have...

Well, you could use DynDNS (or similar) so that your remote device can always find your server by hostname.

To expand on using dynamic DNS, here's two guides which may be of help to you

https://wiki.archlinux.org/index.php/Dynamic_DNS
https://help.ubuntu.com/community/DynamicDNS

Check out the free options listed.

Maybe I was not clear, the problem is that I don't have any server that can always be running.
For my connection I can only use 1 laptop with Windows and 1 Raspberry with Linux and they both are connected to internet with a private IP, so they can't reach each other...

If you don't have an external server always running, such as a renting VPS, you can run SSH as an onion service. It's not hard but runs slowly so it's only good for small transfers or for logging in and establishing a reverse tunnel to an externally visible machine (which you don't have).

If you go that route, consider contributing in some way to the project, even a small way, so their network does not get overburdened. Also, be sure to keep the onion SSH service separate from any other SSH service you may have on that host. That's not just a principle to follow but also contributes to the value of the Tor network. Both ways invest in the network and increase it's value.

You don't need to have the server always running. The remote R.Pi will keep attempting to connect (via cron job for example) until it can reach your server (when it is online). Then you can access it as described in the page I linked to in my first reply.

That's not true. You will need port forwarding set up on the router connecting your windows machine but that is all. As long as the R.Pi can find the public IP address (using dynamic DNS) then all should be good.

Ferrari,

maybe you don't have clear that when you connect with a GSM dongle, most pos the ISP providers of the world put you behind a NAT to limit the number of public IP they have to use and there is no way to port forwarding, because the "router" is their server and obviously customers can't configure it...

No, it is you that doesn't understand. I have a remote device connected via 3G that I can connect in a similar fashion using PPTP VPN. The remote Mikrotik router has a VPN client and connects to my local server. This allows me to reach it. NAT is in use both ends in fact. The same principle is at play for the reverse remote SSH tunnel. You clearly haven't even taken the time to read the article I linked to. (It does not require knowing the shared public IP for the mobile broadband device at all in order to work.) Routing allows the remote device to reach the internet and establish the tunnel in the first place. It does rely on the server router having port forwarding configured of course. Many people use similar approaches to get connectivity to remote devices via the internet.

@ferrari some of the mobile modems can go through over a half-dozen layers of NAT before getting an external IPv4 address. In such cases, it's not possible to forward ports. The only two options in those cases are reverse tunnel to an externally accessible box somewhere or setting up an onion service. Probably due to failure to invest in their own infrastructure the ISPs lack IPv6 which would solve several problems for them including the number of available external addresses.

Again... I don't have any server to make the VPN. As I asked in the first post of this topic, I would like to know if any service of cloud VPN exists and allows me to do the tunnel...

Topology looks like this...

R.Pi with 4G dongle ----- Internet ----- <Public IP address> Router with port forwarding <LAN> ----- Local server

You don't use a VPN. It's all done using SSH! Read the article please!

@Turbocapitalist. No port forwarding is used with respect to the mobile broadband network. Only at the local router. See the network topology I've posted.

Yes! That is what I'm suggesting

I use a similar approach to get access to a remote network using VPN, but could just have easily implemented it using SSH.