I have a Raspberry Pi with a hat to control my sunscreens. Works very well when I use the normal internet connection.
I have added code to detect when I'm on the local network and even using mDNS / Bonjour I detect the Raspberry Pi from iOS and get it's local IP address. But then if I do a request to the Pi using the local IP address I get a (kCFStreamErrorDomainSSL, -9824) error. The cause is obvious: the SSL certificate on the Pi has the FQDN in it and of course that is not the same as 192.168.2.13 or whatever.
But then the big question: how to solve this.
One idea could be to make sure from outside the router resolves to my FQDN, from the inside I should make sure that the FQDN resolves to the local address my Pi is on. But the only way I could imagine how I pull that off is making the Pi a DNS and DHCP server. Although I could do that of course I am starting to think that I make it way too difficult and there should be other solutions.
One maybe easier option might be to bring another server process in the air on the pi and if I detect the Pi using bonjour not go through the http(s) route but use the alternative solution (sockets?)? Any suggestions appreciated.
Related
This may be a silly question but I was googling a lot last days and I've just found related but not a direct answer to this. In order to express it better let me mention a comparison:
If I setup an http server in a computer behind a router , I must set port forwarding and also that computer must have an static internal IP address in order to receive the requests on that port for that particular IP address. For instance, my router does not allow port forwarding so I could not set it up for the HTTP server. However , Bittorent works like a charm behind that same router without any static IP , nothing. How bittorrent can get requests and it can also seed? How other peers will connect to my computer while seeding? I did verify that when Bittorrent is running the port it uses for example 39031, is actually open ( using yougetsignal_dot_com). How the router can be made to open the port without using its admin settings ( we can also use Bitorrent in a public hot spot where is no way to mess with the router). I know the trackers may do some help, but there are a lot of information about a decentralized way with no trackers or basically that the peers are also trackers but not details on how it works.
Finally, why this "trick" (if any) cannot be used with an HTTP server and we must always depend on the router settings ?
BitTorrent does work behind NAT, to a certain extent. It works better if port forwarding is configured, though.
BitTorrent works reasonably well behind NAT for the following reasons:
BitTorrent is peer-to-peer, and either peer can initiate a connection; therefore, communication will succeed if either of two peers is not behind NAT or properly port forwarded;
some BitTorrent clients are able to automatically set up port forwardings using uPNP or PMP;
modern BitTorrent clients use µTP instead of TCP, and some clients are able to perform UDP hole punching.
I have a headless raspberry pi with a wifi dongle and I want to use wifi two ways.
1) To make the rPI a wireless access point when there is no local wifi access point so I can connect to the rPI from my iPhone.
2) When wifi is available use the wifi dongle to do normal connection to the internet.
I think I know how to do each of these individually. It wasn't easy but I now have it connecting to my local wifi at home.
I see references to using hostapd and dnsmasq with wifi to make a local access point but they mostly assume internet connection comes from ethernet.
I'll be studying these in more detail. However I don't even know if the end goal of using the same configuration to fill both needs with one wifi dongle is even possible.
Obviously I can create two sets of config files and a script to swap them as needed but that only works if I have a connection already so I can log in.
If I add a jumper or switch to the rPI GPIO interface I could run the configuration script at startup and let it read the switch.
I might try to make the script look for an existing wifi link and go to access point mode if it doesn't find one it can access.
This would probably be a steep learning curve for me but I could probably figure it out eventually.
What I am trying to figure out now is whether I can avoid these potentially complex solutions by creating a single configuration that does both. Is a single wifi dongle sharable between these functions?
Note: I don't need it to do both at the same time. I just need the decision to be automated so it happens automatically during boot.
It is possible, although tricky to get right. (For example, what happens if you boot up, don't see an existing network for a second due to interference, then wrongly create your own network?)
Take a look at the "iwlist" command. It can scan and tell you what SSIDs (base stations) it sees. Then you can use 'grep' to see if your home network is on the list, and use that as your decision.
How the communication between two pc will be done and how the communication in the network will be done ? How do they bot coneect to the internet??
I m assuming may be one pc has spoofed another pc address.
It depends how the machines' MAC address appear onto mac routing table.
https://superuser.com/questions/17696/what-happens-when-two-pcs-have-the-same-mac-adress
Exactly. What eRIZ said.
Sometimes the machines will refuse to connect due collision OR one computer will connect before the another bouncing the other one of the network.
But yeah, it depends how they are configured.
I need to connect to a VPN Server , I can`t use windows Connections , My Application should work independently !
I tested some Components using RAS Api , they works ! but by using windows connections .
how can i do that without any dependency to windows connections ?
The problem with this question
"VPN" stands for "Virtual Private Network". It's a way to make a private network available to your computer, possibly in a secure way, so your computer can use standard IP protocols as if it were physically connected to the private network.
The operating system needs to know about that network, so of course all VPN implementations use "windows connections". From a different perspective: When you're connected to a VPN you can open a TCP connection to an IP on the private network as if it were on your local network. Since it's the operating system's job to set up your TCP connection and route your TCP/IP packets, of course it needs to know about the VPN! If it doesn't, it'll simply forward all your requests for the given IP to it's default router and fail with a "no route to destination" message (or a "time out", if your router is not kind enough to tell your system it has no idea what the private IP is).
Can it be done?
From a theoretical point of view, of course, you can bypass Windows completely, but then you'll have to "roll your own" everything. You can't use the Windows IP services, you'll have to implement your own TCP. I'm sure there are about a million other little things that need re-implementing.
For a starting point I'd look at the Open VPN: it's Open Source and available for Windows. It uses the UDP protocol as the bases for the VPN implementation, unlike the Windows VPN (that one uses GRE - General Routing Encapsulation, protocol 47). Open VPN itself, of course, uses a "windows connection" to do it's job, because it aims to provide a useful service, but you can use the source code as the bases for your own implementation.
I personally wouldn't even think about doing this, I'm just showing you the way and proving it's possible.
What should be done
I assume you want some kind of secure communication channel to your own service. Look into simple secure connections, tunneling protocols and proxies.
If this needs to be done for one service on one server, I'd look into a simple SSL implementation. Even better, look into using HTTPS.
If you need to access many different services on possibly different servers on the given private network I'd look into proxies.
I'm looking for a tool under windows or mac that allows me to monitor (possibly in a simple way) the traffic going in and out of a computer of my network.
Long story short the residence where I live allows themselves to monitor the internet connection (and doesn't allow us to switch to another provider).
This annoys me on a personal level (I don't like the possibility of people checkin what I do without my knowledge as a general rule regardless of what I do) but also on a professional level (I sometimes work form home).
I'm using/trying out vpn providers (JAP, VyperVPN...) to avoid all this. it works fine with the http connections (if I run iptraces I end up in germany or US or UK ...) but I'm not sure for other applications such as online games, instant messaging softwares that use different ports.
So my question is how can I make sure that my internet traffic is using my vpn connection or not ?
Wireshark would do that for you on Windows and linux (Not sure about Mac). It uses WinPCap library and wraps in a nice UI for you to monitor the packets that you are interested. It allows you to listen to specific or all interfaces , so you can make sure your packets are going via the right interface
if you don't want them monitoring your internet usage, a vpn is a good solution, a vpn will encrypt all of your net traffic between your computer and the vpn gateway -- essentially you'd be surfing the web via a proxy and your landlords wouldnt be able to determine what you are doing.
assuming you are using a real vpn, and not just a browser based proxy solution, then the vpn should encrypt and tunnel all of your network traffic, this includes anything coming out of any port on your computer, not just http traffic.
when you install a vpn on your computer, the vpn creates a fake network device, and all of the vpn traffic gets tunneled to the vpn gateway. you can verify this by looking at your computer's routing tables. there are some vpns which allow for split traffic (split tunneling), e.g. traffic to certain domains gets tunneled through the vpn and others goes in the clear, but this is the rarity, most vpns will tunnel all of your traffic, which seems to be what you are looking for.
just make sure that your vpn uses an encryption protocol, there are some that don't -- this would defeat the whole purpose of your vpn.