Create SSH Reverse Tunnel in rapid way, reliable and programmaticaly

This is a smart script for making one, two or more reverse ssh tunnel, always open and reliable. I make this script because my RaspberryPI at home is behind an internet connection that not offer to me a public IP. This script (in php language) making tunnels direct to a public server and expose a local port to a remote port. In this way you can connect to a remote server to the remote port…. and you can connect to the local raspberry in the local port.

Install something and understand schema

This script want php-cli, and sshpass

foo@bar:~ $ sudo apt-get install -y sshpass php

This is the scenario. I have two raspberryPI at home. Both exposes apache on port 80 with different services. My router not offer a public IP and I can’t do a simple port forwarding and/or a ddns (dynamicDNS). How can I access to my raspberry with my mobile phone? I have a small public server… a VPS, a virtual private server with a public IP and with a possibility to create a user on linux. This is the schema.

 


My script gtunnel run into my first RaspberryPI (into 192.168.0.1). gtunnel connect to remote server and say to him

I connected with you… please keep this connection always up. You have to LISTEN to the port (example) 47081 and 47080. When somebody connect to you on these port, redirect to me always… ok?

And after

The stuff arrived on port 47080 is for me (192.168.0.1) for port 80. The stuff arrived on port 47081 is for my neighbour 192.168.0.3, port 80

 

Modify and insert your data

Obviosly you have to put into script some important things

  • remote ip server (public ip)
  • user on remote server (for login ssh)
  • password for the user
  • all tunnels in a php array

Open the script you can see

$ip_server="";
$user = "";
$password = "";
$tunnels=array(
	array("192.168.0.1",80,47081),
	array("192.168.0.3",80,47080),
);

Modify it with your data.

Create user on remote server and connect

In the remote server you have to create the user. I suggest a user like this

adduser tunnelssh

After this, from you RaspberryPI, connect at least once manually for approve certificate ecc.

ssh remoteuser@1.1.1.1

Usage for create tunnels

The first usage start create all tunnels and launch in background some process for keep it up. The main process NOT REMAIN in background…

foo@bar:~$ ./gtunnel start
Test all tunnels. If only one is not active... reload all...
Tunnel on 47081 down. It's crashed?
Kill all tunnels for a complete reload
Starting tunnel from 192.168.0.1:80 and expose on xx.xx.xx.xx:47081...
exec] /home/pi/gtunnel start_single 192.168.0.1 80 47081
Starting tunnel from 192.168.0.3:80 and expose on xx.xx.xx.xx:47080...
exec] /home/pi/gtunnel start_single 192.168.0.3 80 47080
Tunnels reloaded...

foo@bar:~$

If you re-launch this start, the script check tunnels. If these tunnels are up, do nothing. If one tunnel is down, reload all.

foo@bar:~$ ./gtunnel start
Test all tunnels. If only one is not active... reload all...
Tunnel on 47081 is up!
Tunnel on 47080 is up!
All tunnels are active. Do nothing...

foo@bar:~$

Usage for kill all tunnels

The second usage is for kill al tunnels. Is useful for debug or other things. With one command you can kill ALL TUNNELS, ALL ssh process etc.

pi@zm:~$ ./gtunnel kill
Kill all tunnels
pi@zm:~$

Put gtunnel into crontab

The best use of this script is use in crontab. I have execute it every 5 minutes.

pi@zm:~$ crontab -e

#add this line
* * * * * /home/pi/gtunnel start

The source code

See the my github page at https://github.com/gioexperience/gtunnel

 

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *

Fork me on GitHub