Month: November 2016

We were dealing with command line from the start. In fact Raspberry Pi also has desktop environment. It can be started one-off by command “startx”, or it can be launched on boot, which can be set on raspi-config:

• sudo raspi-config

Select Option 3 Boot Option, go to Desktop/CLI and choose Desktop. Exit raspi-config and reboot, now we can see it boots into desktop environment.

Virtual Network Computing (VNC) is the remote login to desktop. The latest disk image has RealVNC preinstalled, but it’s not turned on by default. This is also set on raspi-config. Go to Advance Option, select VNC and choose yes to allow remote desktop. Then reboot the device.

On the PC side, RealVNC client is available at https://www.realvnc.com/download/vnc/. After installation of VNC Viewer, we can connect to Raspberry Pi with its IP address, username and password.

Now we can access command line and desktop remotely, which is a lot more flexible than sitting on a monitor. For even more flexibility, we can  setup access over the internet next.

You might find all the settings before work only on LAN. We cannot access our LAN from internet because our router has NAT and firewall. To go over this limit, we can use port forwarding/port mapping. Port forwarding is to bind a port to a host and all packets arrives at that port is redirected to that host. This is set in the router.

First, login to your router and select port forwarding, this is normal in advance option near firewall.

Then, add some new rules in. You’ll need to specific incoming port, destination private address and destination port. You may also specific source IP address to prevent malicious attack.

For security, open minimal ports to the internet. For public servers, such as web server and mail server, we may use its standard port. For other servers, never use its standard port. Never ever open port 22 for SSH or port 5900 for VNC from the internet, use some others (I used 2200, but don’t try it because it’s closed now) and map it to port 22.

Now if you try to access your public IP address from the internet (you may use cellular connection to test, remember to use correct port number as well), you should be able to connect as you were in your LAN. If you don’t know your public IP, you may look at WAN address in your router. Note that if your WAN address is also a private address, you cannot configure to connect from the internet.

You’ll also need to check whether your public IP is static or dynamic. You may check with your ISP or reboot your router to see if WAN IP changed. If it’s static, that’s it we’re done, remember to update port forward when new service comes online. If your IP address is dynamic, it’s recommended to set up DDNS on router as well. There are many free DDNS service provider, such as https://www.noip.com. After you register and select a domain name, login to your account on your router and you can gain access from the internet using the domain name. This also applies to static WAN IP if you don’t want to use your IP address.

Now we have anywhere access from the internet. We can start to launch some services to the internet.