remote linux box, cell connection, how to check wifi connectivity

Discussion in 'Tomato Firmware' started by Madumi, Jul 9, 2018.

  1. Madumi

    Madumi Serious Server Member

    I'm thinking a bit theoretically here, my linux knowledge is rudimentary, could anyone give me some hints:

    If I have a remote linux box, connected through cellular data, what would be the best way to SSH into the box, initiate a local wifi connection (without losing the cellular connection), and check the local wifi connection?

    I'm looking for a way to check local wifi connectivity without relying on the router/gateway/network.

    Any input would be greatly appreciated,
  2. eibgrad

    eibgrad Network Guru Member

    I'm not sure I understand the question. If the remote system is typically connected over wifi to its local network, and you're able to reach it remotely via SSH, OpenVPN, whatever, then by definition, it has to be connected locally via wifi!

    I know this can't possibly be what you're trying to describe, but that's what it sounds like from this side of the forum (at least to me). There's just a bit too much ambiguity in your description to fully understand the issue.
  3. koitsu

    koitsu Network Guru Member

    FWIW, I read this post a couple times trying to wrap my brain around it, and concluded the same thing @eibgrad did. Not a bad question, I just don't quite understand what the goal or issue is, combined with said topology (or how the topology fits into the problem).
  4. Madumi

    Madumi Serious Server Member

    Sorry for the ambiguity... I'll try again:

    Let's say I have a remote linux box (I don't yet, I'm brainstorming possibilities eg. raspberry pi).

    I want to be able to deliver said box to a location where there is a captive portal... and test the wifi connection over a number of days.

    Given that it is a captive portal, I'm not going to be able to initiate the wifi connection.. And even if someone else did for me, I'm likely to be kicked off & require another log-in later.

    My initial thought was that I could set up a fall-back connection over cellular data. I'm aware I'll have some issues with DDNS over cellular networks, but let's assume I'm able to SSH into the remote linux box through the cellular network.

    I the best way then to test the wifi connection to set up iptables to require that it use the wifi adapter for the distinct IP ranges I would use for testing the wifi connection? Is that a good way of going about this kind of scenario, or is there a better way to A) deliver a box to a remote location where I am not present and B) be able to log in to wifi through a captive portal (I won't be able to ask them to remove the captive portal for these tests)?

    Hopefully that's a bit clearer... Thanks for replies!
  5. Monk E. Boy

    Monk E. Boy Network Guru Member

    That's actually what I was thinking you were asking. So basically an interface for you to administer the system over but not one for clients to route data through.

    I wonder if you could have this portal system establish a two-way VPN tunnel to an intermediate site, then your system would connect to that intermediate site and, through it, connect to the portal system? I know of some VPN systems back in the day would work this way, each site connected to a central location and any site to site communication routes through central. The routing tables got hairy with more than a few connected systems but it worked.

    I would imagine you'd want three interfaces on the captive portal. Ethernet, for the captive portal to run over. WiFi, for you to remotely run scans and tests on the WiFi network. And Cellular, for you to establish a VPN tunnel through.

    Doing this all in one system without virtualization though... the default route would have to be one of the interfaces...
  6. Madumi

    Madumi Serious Server Member

    Thanks for the reply...

    It's not so much to administer a captive portal, just that I'll need to navigate the captive portal in order to sign in to the network & run tests at regular intervals...

    Just wondering if there's a simpler way to do this,

  7. cloneman

    cloneman Addicted to LI Member

    Teamviewer instead of SSH?
  8. eibgrad

    eibgrad Network Guru Member

    As I understand it, the problem isn't so much which tool the OP uses (ssh, teamviewer, etc.), but the fact that he needs remote access to a device that doesn't dependably provide connectivity for such purposes because it's based on wifi and passes through a captive portal. And if that's the case, you're forced to rely on something else that *is* reliable (e.g., cellular). At that point, the OP can use whatever is convenient.

    The problem w/ any alternative connectivity is that you can easily find yourself w/ routing issues, since the default gateway of the target device would normally be over the wifi connection. But for those times when forced to use the cellular network, the default gateway needs to be the cellular network. So it gets tricky to manage access under such conditions. Plus, the cellular network doesn't normally provide port forwarding, so you have the added complication of needing the target device to act as the client rather than the server for things like ssh, openvpn, etc. Not unless you use something that supports NAT traversal, like TeamViewer. But now you need to make sure TeamViewer is always bound to the cellular network, not wifi. And your adding yet more software to the very thing you're testing, which is probably not ideal. I'm sure the less invasive the solution, the better.

    I don't know what's the best solution, but it's obviously going to be messy because there are so many details to consider. And we don't have any idea what other as yet unmentioned constraints may exist between the OP and the customer. I suppose you could make the case for using a cellular enabled router that was bound to an ethernet port on the Linux box (I'm assuming that even if the default is wifi, and ethernet port is available). At least that would minimize changes on the Linux box itself, and push the gateway issue off that box as well. IOW, that router establishes the remote access on its WAN side (e.g., OpenVPN client to your OpenVPN server), and its LAN side shares a common local IP network w/ the ethernet port on the Linux box (w/ NO gateway). If it was me, and given only the information provided so far, that's the kind of configuration I would be considering. And also makes it possible to manage multiple machines w/ that same router, and reuse it for other similar situations in the future.

    Years ago I had a similar situation (around 1998, so very early days of internet). The server was an Windows NT machine. It had internet access, and we were building CGI apps (tells you how long ago this was). But we used RAS (which was over dial-up) to access it remotely, which made things easier since it was using NetBIOS, so the different protocols eliminated any routing ambiguity. But w/ everything based on IP these days, now routing becomes a headache to manage for remote access purposes w/ a multihomed server. Using a cellular enabled router as described above would seem to get you closer to this type of configuration.
  9. Monk E. Boy

    Monk E. Boy Network Guru Member

    In terms of a PC you would have the host OS with a cellular network connection as its default route. If you can manage to get a remote connection into that host OS then you're set for remote connectivity. Now on that host you run a virtualized client OS with a WiFi connection to perform your tests. Its default route is WiFi. Requires more hardware to be thrown at the problem but you could probably pull it off in a NUC form factor with an external cellular modem.
    Madumi likes this.
  10. i1135t

    i1135t Network Guru Member

    If I was faced with your scenario, raspberry pi or linux box with openvpn server capabilities come to mind. Set up an openvpn server with DDNS update of your choice with regular update via cron job (in case cell connection gets new IP). Then set up VNC on the pi or linux box for remote access to tunnel into. Now the tricky part would be connecting to the wifi. I'm assuming that the wifi be on its own wan so you may have to delete & create static routes and connect to the wifi with static IP and manual gateway & dns settings. Maybe also up some iptables to force test traffic over wifi and not the cellular network? Would this work? Not sure but it can be something you can test beforehand before you ship to remote location. Sounds like a challenging project! Good luck!
  11. Madumi

    Madumi Serious Server Member

    Thanks all for replies, much appreciated!

    @Monk E. Boy
    I like the idea, as it seems simple to my mind... virtual machine would behave like a client on the (remote) wifi network & that's exactly the scenario I was hoping to test.

    I haven't played around with VM's much before: quick question: If I connected to the VM host through the cellular network, is it easy enough to jump on a command line from the VM host to the VM guest OS?

    I was thinking raspberry pi, although if I'm going to run a VM, then hardware specs probably need to be bigger. thx for the tips on remote connection through cellular.
  12. Monk E. Boy

    Monk E. Boy Network Guru Member

    How difficult it would be depends on the remote access solution you use and the virtualization solution you use.

    To be honest I was thinking about running the remote access solution GUI and then interacting with the client GUI (even if it's just to run a terminal)... unless there's something really special on Linux the host and the client should be treated as two separate systems, so you could introduce a third NIC into the mix, a host-only network (implemented completely in software, a virtual network if you will) that only the host OS and the client OS can see, then use that to connect from the host to the client.

    If it's a hypervisor solution it's best to think of the host and the client as two different systems that just happen to use the same hardware, as the hypervisor lives underneath both host and client. If it's a virtualizer then the host runs the client as a process, at that point you should have a more access to the client process (at the cost of security and performance).

    To be honest I haven't played with Linux virtualization solutions (I've virtualized a lot of Linux servers/clients just haven't actually hosted them on top of Linux) so I'm not going to be much help on specifics. There's a lot of free options available to you though. VMWare ESXi is a robust enterprise class hypervisor with a functional free version available (the features that aren't available shouldn't matter in this case), although managing it remotely in this kind of a setup could be tricky. Maybe it could be on that virtual host-only network, so when you remote into the control system you can connect to the ESXi host too. If you're really comfortable with Linux KVM would probably be an easy way to toe your way into it.
    Madumi likes this.
  13. Madumi

    Madumi Serious Server Member

    thanks again @Monk E. Boy ...
    I'm not set on any particular path... Just trying to make it as easy on myself as possible. Probably I'll anticipate using a remote access solution with GUI & branch out from there. I really appreciate the input, thx!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice