I have setup a Reach as a ‘Community CORS’ on our local network/lan with a fixed IP. We are publishing corrections over the internet via an public open port but our IP is behind a firewall. As an extra security setting it would be great if we could password protect the Reach ‘on-board’ console software/fw just in case someone on our LAN comes across the ip and has a go with messing with our settings :-). Is this possible on the device or could we request this as a feature? We changed the password via ssh on the device but the web interface is still open.
That’s cool that you sending out free corrections for your area.
Maybe you could set Reach up on a separate network subnet that is not accessible from the normal LAN.
You could set up a private VLAN for Reach if your router/switch has that capability.
You could install a cheap router between Reach and your LAN.
You could use a PC or single-board-computer to do the same job as the router above (#2).
If I was doing the same thing, this is what I would do to get the job done in 5 minutes:
Plug Reach into a PC or single-board-computer that is always on. The connection is ethernet-over-USB. Reach is at IP address: 192.168.2.15; corrections are set to output by TCP server, port 9000. My computer is on the LAN with IP address 192.168.0.100 I run ssh to my own computer as a quick and dirty way to do port forwarding: ssh -L0.0.0.0:9000:192.168.2.15:9000 my_user_name@127.0.0.1
Then I set my router to forward Internet requests at port 9000 to my PC at 192.168.0.100, port 9000.
Now, only users on the PC have access to the Reach device at 192.168.2.15, and LAN users can access corrections at 192.168.0.100:9000, and WAN (Internet) users can access corrections on my public IP address at port 9000. Everyone is happy Also, I use the PC to go into the Reach interface and disable Wi-Fi.
I can already count on one hand the several better ways of setting this up. This is just sort of an idea to get you started.
If you want to discuss other methods, please bring it up.
Thanks Bide! Very comprehensive reply! Its a bit messy here getting networks setup as we are a large uni and it took a while just to get the static IP I’ll have a chat with our network peeps to see if they will help with the above. Currently the reach is connected direct to our uni lan and pushing out corrections through our FW on a fixed IP/Port. Details here on the correction address, have a go! https://twitter.com/GeoConor/status/1113807275251130372
Emlid team do you think future releases would have an option to ‘password’ protect the interface?
It would be really useful to be able to PW protect the OS. We are hoping to setup some more public ‘openrtk’ sites and locking out ReachView with a PW would be handy.
Also, I use the PC to go into the Reach interface and disable Wi-Fi.