Monday, July 31, 2017

The Yaler Tunnel




In our test of the EE 4G Mobile Broadband service we found that although you get a Static IP address as seen from the Internet it is impossible to reach it.

Why?

Because you need to pass through an intermediary 10.x network inside EE and it will not route to your unique non 10 IP address.


In fact this is made even more irritating because in the setup of the supplied router from EE is an option to provide routing to an internal server like an Apache Web Server which we attempted to configure as shown above.

But since the traceroute failed it was no surprise that the test Webserver we setup at home, that would potentially respond to clients outside our home on the internet, could not be contacted.

If only there was a workaround way to contact our Webserver :-)

So the good news is that yes there is a way called the Yaler Tunnel.  Overall here is how and the gotchas

01  Yaler is a small program that runs continuously on your client computer.
02 In our worked example below we assume that you are running a Webserver serving HTTP and HTTPS pages on the standard ports 80 and 443
03 Yaler makes a connection outbound from your client machine to an Internet Based Yaler Server
04 You register free at Yaler
05  Once registered you receive a unique relay domain in our example a4d4-abcd
06 So then once your client is up and running and correctly configured, you will goto an address of the form <your relay domain>.try.yaler.io  to access your server
07 what happens is obviously your request goes to yaler and they communicate over the already open link made outbound by your running yaler client
08 The yaler client then receives your requests and forwards them onto the local ports on your system

Some Practical Steps then


A Sign Up With Yaler



B Start Yaler Manually on the machine running the Webserver
./yalertunnel server ssl:127.0.0.1:443 ssl:try.yaler.io:443 gsiot-a4d4-abcd
./yalertunnel server 127.0.0.1:443 ssl:try.yaler.io:443 gsiot-a4d4-abcd

Obviously for reasons of Marcus parania my domain is not really a4d4-abcd, come on!


C Finally access the webserver from the Internet
https://gsiot-a4d4-abcd.try.yaler.io/static
http://gsiot-a4d4-abcd.try.yaler.io/static

In our test we started up our webserver, then the tunnel, then performed step C from a smartphone that used its SIM connection only (i.e. not local house Wifi) to get to the Internet.





D Automation

So you can make the yaler client run automatically on startup.  Here is the relevant for Linux Mint

vi /lib/systemd/system/yalertunnel.service


# cat  /lib/systemd/system/yalertunnel.service
[Unit]
Description=yalertunnel on port 443
ConditionPathExists=|/home/mbennett/yalertunnel

[Service]
WorkingDirectory=/home/mbennett/yalertunnel
ExecStart=/home/mbennett/yalertunnel/yalertunnel server 127.0.0.1:443 try.yaler.io:443 gsiot-a4d4-abcd -min-listeners 1
RestartSec=30
Restart=always

[Install]
WantedBy=multi-user.target


Paranoid Note Reminder
In the above example the Relay domain i.e.  gsiot-a4d4-abcd   is a made up domain, because for reasons of security I am not telling you what the real domain is.  If you try this domain you will not get through to us, or hijack our service.



E A minor Flaw
To compete the picture I tried to get my hosted domain to point or jump to 

http://gsiot-a4d4-abcd.try.yaler.io/static

This did not work, however I think this is a limitation of my Domain provider, and it's DNS settings program, it's certainly nothing to do with Yaler.



Links
Remote SSH access to Raspberry Pi 2

Yaler Login