Introduction

• The Milesight 4G router is being used to connect the Raspberry Pi (BirdNET-Pi) computer to the 4G network and hence the internet.
• The Milesight 4G router behaves in a similar way to a home internet router.
• The Milesight 4G router can also be used to access the Raspberry pi computer from the internet using SSH (Secure Shell).
• These instructions will explain how to configure the Milesight router.

Acknowledgements

Adam Simankowicz, Bencheng Fan, Edmond Lascaris

Milesight Menu Navigation

Bridge

Network > Interface > Bridge Setting

• Initially there was a conflict between the Milesight local network and the WiFi local network sharing the same IP address range.
• The Bridge Setting on the Milesight router was changed:
  • IP Address changed from 192.168.1.1 to 192.168.2.1
  • The Netmask was kept the same.

Bridge Explainer

In networking, a bridge serves as a device or component that connects and filters traffic between different network segments, such as two separate LANs (Local Area Networks) or segments of a LAN. Its primary function is to operate at the data link layer (Layer 2 of the OSI model) to segment and control network traffic.

Here are some of the key functions of a bridge in networking:

• Segmentation: Bridges are used to segment a large network into smaller, manageable segments. This can help improve network performance and reduce network collisions, especially in Ethernet-based LANs.
• Filtering: Bridges filter network traffic based on MAC (Media Access Control) addresses. They inspect the MAC address of incoming frames and make forwarding decisions based on the MAC address table. Frames destined for devices on the same segment are not forwarded to other segments, reducing unnecessary network traffic.
• Collision Domain Isolation: Bridges separate collision domains, which means that devices on one network segment don't interfere with devices on another segment. This can help reduce network collisions and improve overall network performance.
• Traffic Control: Bridges can control and optimize network traffic. They can selectively forward or block traffic based on the source and destination MAC addresses or other criteria. This selective forwarding can be useful for security and traffic management.
• Link Layer Security: Bridges can help provide security at the link layer by filtering out unwanted or unauthorized traffic.
• Network Extender: In some cases, bridges can be used to extend the reach of a network by connecting two physically distant LAN segments. Wireless bridges are a common example of this, where they connect two remote locations wirelessly.
• Network Integration: In the context of wireless networks, a bridge is used to connect wired networks to wireless ones. This allows devices on the wired LAN to communicate with wireless devices and vice versa.
• Traffic Monitoring: Bridges can be used for traffic monitoring and analysis. They can be configured to copy traffic to a monitoring port, allowing network administrators to analyze network packets without disrupting normal network operations.

It's important to note that the term "bridge" is used in different contexts and can refer to devices like network bridges, wireless bridges, or virtual bridges in virtualization environments. The specific function of a bridge may vary based on its type and configuration.

Raspberry Pi Network Configuration Changes

• Click on the WiFi Network on the Raspberry Pi

• Assign the priority number 2
• Disable All users may connect to this network
• Save settings

• Edit the Wired Connection 1 for the Local Ethernet connection to the Milesight router
• Assign a low priority setting of -999. This means that the primary connection will be the WiFi network - when available.
• Enable All users may connect to this network
• Save settings.

External IP Address

Status > Overview

Ping and Traceroute

Maintenance > Tools > Ping

Maintenance > Tools > Tracerouter

DHCP Server

Maintenance > DHCP Server

• In this case, the Raspberry Pi connected to the Milesight router was assigned a local IP address 192.168.2.50 using the Raspberry Pi MAC address assigned to the Ethernet network eth0.

• Use ifconfig on the Raspberry Pi to find the MAC Address for the local ethernet connection eth0.

Port Forwarding

Network > Firewall > Security > Access Service Control

• Open remote ports for:
• HTTP
• HTTPS
• SSH - and assign a unique port number for SSH that is above 2000 (preferably 5 digit port number). Close this port is not using SSH.

Port Mapping

Network > Firewall > Port Mapping

• Assign port mapping on the Milesight router to support SSH access from a remote computer.
• Note - that in this case the SIM card provider prevented SSH access.
• In this example the Destination IP address should be changed to 192.168.2.50

Resolving Network Address Range Conflict

• When the Milesight Router was initially connected to the Raspberry Pi (BirdNET-Pi) the Raspberry Pi was also connected using WiFi to my home router.
• Unfortuately both networks shared the same address range which was 192.168.1.* and the same
• To resolve this conflict the Home address was left as 192.168.1.* (255.255.255.0)
• The Milestream address range was reconfigured to 192.168.2.* (255.255.255.0)

IP Address Conflict

When a computer is connected to two networks, and both of these networks share the same address range, such as both using the IP address range 192.168.1.*, it can lead to what is known as an "IP address conflict." An IP address conflict occurs when two devices on the same network segment (in this case, the computer connected to both networks) have been assigned the same IP address. This situation can result in various networking issues:

• Communication Problems: The computer may experience communication problems because it doesn't know which network to send data to when trying to reach a device with the same IP address on both networks. This can lead to intermittent connectivity issues or complete loss of network connectivity.

• Duplicate IP Detection: Modern network protocols have mechanisms to detect IP address conflicts. When a device detects that another device on the same network has the same IP address, it may trigger an error message or attempt to resolve the conflict by changing its IP address.

• Unpredictable Behavior: The behavior of the computer in such a situation can be unpredictable. It might use one network for certain traffic and the other network for other traffic, leading to inconsistent results.

To resolve IP address conflicts when a computer is connected to multiple networks, you should:

Configure Unique IP Addresses: Ensure that each network assigns unique IP addresses to devices. This usually involves adjusting the DHCP (Dynamic Host Configuration Protocol) settings on one or both of the networks to use different address ranges.

• Static IP Assignment: If you have control over the IP assignments, consider statically assigning IP addresses to devices on one or both networks to avoid conflicts.

• Network Segmentation: In cases where you have multiple networks with overlapping address ranges, consider segmenting your networks using routers or VLANs (Virtual Local Area Networks). This way, you can control the routing between networks and avoid IP conflicts.

• Subnetting: Implement subnetting to divide your networks into smaller subnetworks with distinct address ranges. This can help prevent address conflicts and manage IP address allocation more efficiently.

By ensuring that each device on your networks has a unique IP address within its respective network segment, you can prevent IP address conflicts and maintain stable and predictable network communication.

Subnet Mask

The term you're referring to, "net mask," is more commonly known as the "subnet mask" in networking. The subnet mask is a 32-bit number that is used to divide an IP address into network and host portions. It's a fundamental component of the IP addressing scheme and is used to determine which part of an IP address belongs to the network and which part belongs to the individual host within that network.

In the format you provided, 255.255.255.0, this subnet mask is expressed in dotted-decimal notation, where each of the four octets represents 8 bits. In this example:

• The leftmost three octets (255.255.255) are set to all ones (binary 1s), indicating the network portion of the IP address.
• The rightmost octet (0) is set to all zeros (binary 0s), indicating the host portion of the IP address.
• This subnet mask corresponds to a Class C network and allows for up to 254 host addresses within that network. The first and last addresses (with all zeros and all ones in the host portion) are typically reserved for network address (identifying the network itself) and broadcast address (broadcasting messages to all hosts on the network), respectively, leaving 252 usable host addresses.

Here's a breakdown:

• Network Portion: 255.255.255.0
• Host Portion: 0.0.0.255 (the host portion, which allows 8 bits for hosts)

The subnet mask plays a crucial role in determining network boundaries, routing, and IP address allocation within a network. Different subnet masks can be used to create networks of varying sizes, from small local networks to large global networks, by dividing the available address space accordingly.

TeamViewer - Connect to Remote Raspberry Pi computer that has no GUI Interface

To install TeamViewer on a Raspberry Pi without a GUI interface (headless installation), you can use the TeamViewer Host version. Here are the steps to install TeamViewer on a headless Raspberry Pi:

• Access Your Raspberry Pi: You'll need to have SSH access to your Raspberry Pi. Connect to it using SSH from another computer. Alternatively, you can also configure the Raspberry Pi directly (prior to deployment into the field. This is easier and more secure because you don't need to enable SSH.

• Download TeamViewer Host:
  • Visit the TeamViewer download page for Raspberry Pi using a web browser: TeamViewer Raspberry Pi Download.
  • Look for the TeamViewer Host for Raspberry Pi section.

• • Right-click on the appropriate download link (choose 64-bit version for BirdNET-Pi) based on your Raspberry Pi model (e.g., Raspberry Pi 3 or Raspberry Pi 4) and choose "Copy link address" from the context menu.

https://download.teamviewer.com/download/linux/teamviewer_arm64.deb

• Download TeamViewer: - On your Raspberry Pi, use wget to download TeamViewer.

wget https://download.teamviewer.com/download/linux/teamviewer_arm64.deb

• Install TeamViewer:- Install TeamViewer using dpkg. Replace <downloaded-package.deb> with the actual filename you downloaded. This will install TeamViewer without any GUI components.

sudo dpkg -i teamviewer_arm64.deb
sudo apt-get install -f

• Set Up TeamViewer: Now, you can set up TeamViewer to work with your TeamViewer account by running the following command:

sudo teamviewer setup

Follow the on-screen instructions to set up TeamViewer, including signing in with your TeamViewer account or creating one if you don't have an account yet. You will be asked to sign in to your TeamViewer account. Once signed in, an email will be sent to your email address asking for the addition of the remote computer to be verified.

• Click Add to Trusted Devices

• Start TeamViewer: After setting up TeamViewer, you can start it by running:

sudo teamviewer daemon start

• Access the Raspberry Pi: You can now access and control your headless Raspberry Pi using TeamViewer from another computer.

Remember that you will need to have an active internet connection on both your Raspberry Pi and the computer you use to access it via TeamViewer.

SIM Card options

• Telstra SIM cards block access via SSH
• Optus SIM cards can allow for a static IP address that will then permit access via SSH

VNC option

• Note that even thought you can enable VNC using sudo raspi-config - it will not work via a remote computer.
• VNC requires a GUI interface. This is not available using CLI (Command Line Interface.

Testing 4G Connection - Turning local WiFi Off

To turn off the Wi-Fi on a Raspberry Pi using the command line, you can use the ifconfig or ip commands. Here are the steps for ifconfig:

• Open a terminal window on your Raspberry Pi.
• Check the name of your Wi-Fi interface.
• This is typically named wlan0, but it may vary depending on your configuration. You can use the following command to list all network interfaces.

ifconfig -a

• Look for the entry corresponding to your Wi-Fi interface.
• To turn off the Wi-Fi interface, use the following command, replacing <interface_name> with the name of your Wi-Fi interface (e.g., wlan0).
• This is useful during testing to force the Raspberry Pi to use the 4G Router connection to the internet.

sudo ifconfig wlan0 down

• To turn the Wi-Fi interface back on, use the following command, replacing <interface_name> with the name of your Wi-Fi interface (e.g., wlan0):

sudo ifconfig wlan0 down

Disabling WiFi on Remote Device using rfkill

The rfkill command in Linux is used to manage wireless devices, specifically for blocking or unblocking them. It is a useful tool for controlling radio frequency (RF) devices, including Wi-Fi, Bluetooth, and other wireless interfaces. Here's how to use the rfkill command:

Usage: To view the status of all RF devices, open a terminal and simply type one of the following commands. This command will list all RF devices along with their status (blocked or unblocked).

rfkill list
rfkill list --output-all

Common Options:

• rfkill block <device>: This command is used to block a specific device. Replace <device> with the device number or name (e.g., wlan, bluetooth, etc.).
• rfkill unblock <device>: This command is used to unblock a specific device. Again, replace <device> with the device number or name.
• Example: To block a Wi-Fi device (e.g., wlan0), you can use the following command:

sudo rfkill block wlan

This will disable Wi-Fi on your system. To unblock the same Wi-Fi device and re-enable it, you can use:

sudo rfkill unblock wlan

Why use rfkill: rfkill is particularly useful when you want to:

• Temporarily disable Wi-Fi or other wireless devices to save power when not in use.
• Troubleshoot Wi-Fi or Bluetooth connectivity issues by turning off and on the respective devices.
• Manage wireless radios on systems with hardware Wi-Fi or Bluetooth switches that may not be easily accessible through software.
• Script or automate the management of wireless devices on your Linux system.
• Keep in mind that rfkill requires superuser (root) privileges to block or unblock devices, so you'll need to prefix the commands with sudo if you're not already logged in as the superuser.

Secure Shell (SSH)

SSH, which stands for Secure Shell, is a cryptographic network protocol used to securely access and manage network devices, servers, and computers over an unsecured network. It is a fundamental tool for secure remote communication and administration in the Linux and Unix world. SSH provides encrypted communication channels that are resistant to eavesdropping and other security threats, ensuring that data exchanged between a client and a server remains confidential and secure.

Here's why SSH is widely used in Linux and other Unix-based operating systems:

• Secure Remote Access: SSH allows users to log in to remote systems securely over an insecure network, such as the internet. It's a replacement for older, less secure protocols like Telnet.

• Encrypted Data Transmission: All data transmitted between the client and server is encrypted, making it extremely difficult for malicious actors to intercept or tamper with the data.

• Authentication: SSH supports various methods of authentication, including password-based and key-based authentication, allowing for secure and flexible login options.

• Port Forwarding: SSH enables secure tunneling of other network services and protocols, making it possible to access and manage remote resources securely.

• File Transfer: With the help of tools like SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol), SSH provides secure file transfer between systems.

• Remote Administration: System administrators often use SSH to manage and configure servers and network devices remotely.

Remote Command Execution: SSH allows users to execute commands on remote systems securely. It's commonly used for remote server management and automation.

• Key Management: SSH supports the use of public and private key pairs for authentication, improving security and simplifying login processes.

In summary, SSH is a critical component of Linux and Unix-based systems, providing secure, encrypted communication channels for remote access, administration, and data transfer, all of which are essential in modern computing environments.

Setting up SSH (Secure Shell) using the Terminal on Raspberry Pi

• Assign a different SSH port number to the router.
• The default port number for SSH is port 22.
• In this case the SSH port number was set to 4323 - and both local and remote access was permitted.

• Edit the file /etc/ssh/sshd_config with the command:

sudo nano /etc/ssh/sshd_config

• Add the following line to the file Port 4323 as shown.
• Save and exit nano. (Use the Ctrl+X command)

The file /etc/ssh/sshd_config on a Raspberry Pi (and most Linux systems) is the configuration file for the SSH (Secure Shell) server daemon, which is responsible for managing SSH connections to the Raspberry Pi. This file contains various settings and options that control the behavior of the SSH server. Here are some common configurations and what they do:

• Port: This setting specifies the port number that the SSH server listens on. By default, SSH uses port 22. You can change this port to enhance security, but you'll need to specify the custom port when connecting.
• PermitRootLogin: This setting controls whether the root user is allowed to log in directly using SSH. It's generally recommended to set this to no for security reasons and use a regular user account with sudo privileges.
• PasswordAuthentication: Determines whether password-based authentication is allowed. You can set this to yes to allow password logins or no to enforce key-based authentication.
• AllowUsers or AllowGroups: These settings specify which users or groups are allowed to log in via SSH. You can restrict SSH access to specific users or groups.
• PubkeyAuthentication: This setting controls whether public key authentication is allowed. It should generally be set to yes if you want to use SSH keys for authentication.

To modify the SSH server's behavior, you need to edit this configuration file using a text editor with root privileges (e.g., sudo nano /etc/ssh/sshd_config). After making changes, you should restart the SSH service for the changes to take effect (e.g., sudo systemctl restart ssh).

Remember that incorrect changes to the sshd_config file can potentially lock you out of your Raspberry Pi, so be cautious and make backups before making significant modifications.

• Restart the SSH server with the following command.

sudo systemctl restart sshd

• The command sudo systemctl restart sshd on a Raspberry Pi (or any Linux system that uses systemd) is used to restart the SSH (Secure Shell) server. Here's what each part of the command does:

• • sudo: It's a command that allows you to run other commands with superuser (administrator) privileges. This is often required for system-level operations.
  • systemctl: This is a command used to control the systemd system and service manager, which is responsible for managing various aspects of the Linux system, including services.
  • restart: This subcommand instructs systemctl to restart the specified service.
  • sshd: This is the name of the SSH server service. The "d" in "sshd" stands for "daemon," which is a type of background process that runs continuously.

So, when you run sudo systemctl restart sshd, you are telling the system to restart the SSH server. This can be useful if you've made changes to the SSH configuration and you want those changes to take effect without having to reboot the entire system.

• To access the computer using SSH enter the following command.

ssh -p 4323 pi400ssd@192.168.1.152

The command will establish an SSH (Secure Shell) connection to a remote Raspberry Pi computer located at the IP address 192.168.1.152 on port 4323, using the username pi400ssd.

• ssh: This is the command to start an SSH session.
• -p 4323: This option specifies the port number to connect to. In this case, it's port 4323. By default, SSH uses port 22, but you can specify a different port if the SSH server on the remote Raspberry Pi is configured to listen on a different port.
• pi400ssd: This is the username you are using to log in to the remote Raspberry Pi. You will need to provide the corresponding password or authentication method for this user.
• @192.168.1.152: This is the IP address of the remote Raspberry Pi you want to connect to. You need to replace this with the actual IP address of your Raspberry Pi.

When you run this command, it will prompt you for the password or authentication method for the pi400ssd user, and if successful, it will establish an SSH session to the remote Raspberry Pi, allowing you to run commands on it remotely.

SSH with Public and Private Keys for improved Security

To set up SSH on a Raspberry Pi with public and private key authentication for improved security, you need to perform the following steps:

Generate SSH Key Pair (On Your Local Machine):

• Open a terminal on your local machine (not the Raspberry Pi).
• Use the ssh-keygen command to generate an SSH key pair. The default settings are usually fine, so you can just press Enter to accept them. This will create a private key (usually named id_rsa) and a public key (usually named id_rsa.pub) in the ~/.ssh directory.

Copy the Public Key to the Raspberry Pi:

• Use the ssh-copy-id command to copy your public key to the Raspberry Pi. Replace username with your Raspberry Pi's username and hostname with its IP address or hostname. You'll be prompted to enter your Raspberry Pi's password.

ssh-copy-id username@hostname

Disable Password Authentication:

• On the Raspberry Pi, edit the SSH server configuration file /etc/ssh/sshd_config (use sudo nano /etc/ssh/sshd_config) and set PasswordAuthentication to no. Save and exit the file.

PasswordAuthentication no

Restart the SSH Service:

• Restart the SSH service on your Raspberry Pi for the changes to take effect:

sudo systemctl restart ssh

Test SSH Login:

• Try logging in to your Raspberry Pi from your local machine using SSH. If you set up the keys correctly, you should be able to log in without being prompted for a password:

ssh username@hostname

Optional: Secure the Private Key (Local Machine):

• It's essential to protect your private key. You can use a passphrase to encrypt your private key, adding an extra layer of security.

With public and private key authentication in place, your SSH connections to the Raspberry Pi are more secure, as they rely on the possession of the private key. This eliminates the need to enter a password for each login, making it more convenient and less susceptible to password-based attacks.

ssh-copy-id

The ssh-copy-id command is a convenient tool in Linux that simplifies the process of copying your SSH public key to a remote server, making it easier to set up secure passwordless logins. This command is especially helpful for automating tasks and improving security by using public-key authentication.

Here's how to use ssh-copy-id:

Syntax:

ssh-copy-id [options] [user@]hostname

• [options]: You can specify various options for ssh-copy-id.
• [user@]hostname: The user and hostname of the remote server where you want to copy your SSH public key.

Requirements:

• You must have SSH key pairs (a public key and a private key) set up on your local machine. If you don't have SSH key pairs, you can generate them using the ssh-keygen command.

Copy Your SSH Public Key:

• Run the ssh-copy-id command to copy your public key to the remote server:

ssh-copy-id user@hostname

• Replace user with the username you'll use to log in to the remote server, and hostname with the server's IP address or domain name.

Password Authentication:

• If you're prompted for the password for the remote user, enter it. This password is used for authentication, but it will only be needed this one time.

Key Added:

• Once the command successfully copies your public key to the remote server, it will print a message indicating that the key has been added to the ~/.ssh/authorized_keys file on the remote server.

Passwordless Login:

• You can now log in to the remote server without needing to enter a password. Public-key authentication will be used for secure and passwordless access.

Options:

• -i identity_file: Specifies a different identity file (your SSH private key) to use for authentication.
• -p port: Specifies the SSH port to use on the remote server. The default is port 22.
• -h: Display help information about the ssh-copy-id command and its options.

Using ssh-copy-id saves you from manually copying and pasting your public key to the authorized_keys file on the remote server. It simplifies the process of setting up SSH key-based authentication, enhancing security and convenience when accessing remote systems.