You just bought a home security system and want to stream your security cameras over the internet but turns out your ISP is assigning you a private IP with blocked NAT (Network Address Translation). You contact your ISP and they tell you to buy a static IP. Okay, that’s an easy solution but it is not convenient for everyone as static IP costs way more in some countries and most ISP’s don’t offer one; especially mobile broadband providers don’t have static Public IP to offer. Here’s what you can do if you have a public static IP with open NAT.
- Get access to your Home security cameras remotely
- Host Web server
- Host File transfer server
- Host Mailing system
- Access your IoT gadgets at your home
- Access your home computers/network attached devices remotely.
- Access your Playstation/Xbox servers with open NAT
- and much more
Note: Before Beginning, this article assumes you have some knowledge of Linux based computers (like how to SSH)
Things you will need:
- A VPS subscription (very cheap VPS are available, see below)
- A Linux based computer at your home. An RPI (Raspberry Pi) will do perfectly.
- Internet connection (Public/Private IP address doesn’t matter)
How to get Public Static IP with Open NAT for only €1 per month?
Short Answer: Get VPS and use SSH tunneling
First of all, you need some external service provider to give you a Public IP. One good service provider I have found is ArubaCloud they provide extremely low cost virtual private server with static public IP at a cost of 1 euro per month. Another good cheap VPS is Deepnet Solutions, they provide NAT VPS (means few ports are open with shared IP address) but it will cost way less than regular VPS.
Visit ArubaCloud, select Cloud VPS small package, add your top-up amount and go to the Cloud Control Panel. Click Create New Server and select Smart as shown below:
Fill out the name, whatever you like.
Select Template: Ubuntu Server 16.04 LTS 64bit
Size: Small. (costs 1 Eur per month and have 20 GB disk space with up to 2TB data transfer per month @1Gbps)
Location: Random (Select by yourself and you have to pay extra charges)
Click on Create Smart Server. It will take some time to create your server. After creation, you will be provided IP address of your server with your selected username and password.
Get SSH client: SSH is the protocol used to control remote computer usually Linux based. Common SSH clients are:
- Putty client
Use any one of the above clients to connect to your remote VPS. After a successful connection, you will be prompted at the root shell as shown below:
Edit the ssh config file, type:
This will open SSH configuration editor in Terminal, add the following lines at the top of the file:
GatewayPorts yes ClientAliveInterval 10
In the above code, Gateway ports will allow SSH server to forward ports to a client. (Remember: Here VPS is your ssh server and the client will be RPI or any Linux based computer you have). ClientAliveInterval will help the server to drop the connection in case the client gets disconnected.
You are all done on the VPS server side. Now let’s create an ssh tunnel at the client side (i.e. your side).
connecting your client (your home server to VPS via ssh). I am assuming you have a Linux based computer on which you have installed Apache Web server and you are behind ISP’s Firewall/Private IP which restricts port 80.
Client (Home Linux Server) Side Configuration:
On your Linux based computer, open Terminal and run the following command:
ssh root@your_vps_IP_address -R 80:localhost:80
Enter the server password when asked. The above command will create an ssh tunnel between a client (i.e. your home server) and VPS server.
In above command: “80:localhost:80”, the 80 written before localhost is the port of the remote server (VPS) that will be forwarded to port 80 on a home server. If you write something like: “81:localhost:80”, the port 81 on VPS will be forwarded to port 80 on a home server.
After a successful connection, you will be prompted on your VPS ssh root session and tunnel is created. If you see any message like “Warning: remote port forwarding failed for listen port 80”, it means port 80 is already in use by the VPS server. Check on VPS if any service is using the desired port, i.e. web server is pre-installed on VPS.
Upon creation of tunnel, you can visit your VPS IP address and it would have forwarded its port 80 onto your home server (localhost) port 80.
Avoid entering the password every time when you create ssh session:
Solution to this problem can be solved by generating SSH keys. See How to Generate SSH keys. Keys are generated at VPS side. Copy the private key to your home server and use it every time to connect to the SSH server.
What happens if my internet connection is lost during SSH session or I reboot my home server?
That’s a common problem, your internet might get limited, ISP assigns new IP address or your home server gets rebooted. For this, we will use a tool known as “autossh“. Install autossh on your home Linux by:
sudo apt-get install autossh
Next, edit the crontab by entering the following command on your client:
Add the following code in crontab:
@reboot sleep 60; autossh -M 0 -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval 30" -o "ServerAliveCountMax 10" root@your_vps_ip -R 80:localhost:80 -R -i ~/.ssh/your_private_ssh_key -f -N
The above steps will create a crontab, that will create an ssh session automatically on server reboot or internet connection dropout. Autossh will monitor the ssh session and -f switch will force it to fallback.
That’s it, you have successfully created SSH tunnel between your home server and VPS server. Now you can use your VPS IP to access your home devices, security cameras etc without the need to pay for heavy charges of static IP.