Hi,
I finished to work on my apps for rpi4 and rpi3.
I now need to secure and make reliable this configuration.
I will need to deploy some device remotely so I absolutely need to make the VPN work.
I’ve been struggling with the remote SSH via VPN since few days…
I searched a lot from the forums, from the github issues, from the documentation and I tried pretty much everything I found and I can’t still make it work.
Here is my config from OpenBalena:
- OpenBalena 2.0.3
- OPENBALENA_API_VERSION_TAG=v0.19.5
- OPENBALENA_DB_VERSION_TAG=v2.0.3
- OPENBALENA_MDNS_PUBLISHER_VERSION_TAG=v1.6.2
- OPENBALENA_REGISTRY_VERSION_TAG=v2.11.1
- OPENBALENA_S3_VERSION_TAG=v2.8.5
- OPENBALENA_VPN_VERSION_TAG=v8.10.0
I’m using the BalenaCLI v12.3.3.
For Rpi4 I use the BalenaOS v2.48.0 dev
For Rpi3 I use the BalenaOS v2.47.0 dev
Here is each tasks I do to enable the SSH VPN (I use Mac) :
- balena os configure balena.img --app MyApp
- mount the image with the GUI Mac DiskImageMounter
- open the config.json file and add at the end (one-line) :
"os":{"sshKeys":["ssh-rsa blablablaC8CM= me@MacBook.home"]}(I validated the json structure with https://jsonformatter.curiousconcept.com) - flash the image to the SD card
- booting the device
I can see the device from the command balena devices with “IS ONLINE : true”
balena devices
ID UUID DEVICE NAME DEVICE TYPE APPLICATION NAME STATUS IS ONLINE SUPERVISOR VERSION OS VERSION DASHBOARD URL
36 7c734c9 morning-tree raspberrypi3-64 MyAppNamexxxxxxxxxxxxx Idle true 10.6.27 balenaOS 2.47.0+rev1
When I try :
balena ssh 7c734c9-
balena ssh LongUUID(obtained bybalena device 7c734c9 balena ssh 7c734c9 ServiceName
I have always the message root@[ssh.devices.openbalena.mydomain.com](http://ssh.devices.openbalena.asappli.com/)'s password:
When I do:
-
curl https://api.mydomain/pingI have an “OK” response. -
curl https://vpn.mydomain/pingI have an “200 OK. Service ready” response.
Is the VPN SSH only possible with production version ?
Do I miss something into the SSH add key process ?
Thanks for your help 