Geek Alert: ngrok remote tunnels make connecting to devices on the boat easy
Prior to being a boating geek, I made my living running mission-critical computing operations for financial services firms. Which is to say I was a professional geek; I have a deep background in networking and still enjoy when I can use networking tools to make things easier. I have a lot of data on the NMEA 2000 network on Have Another Day but no way to access it all remotely. I’m getting ready to leave the boat for a few weeks so I really want to access all that data off the boat. After some digging for a way to make that off boat access possible, I found one with which I’m currently thrilled.
If I were at home with my cable internet connection I could configure port forwarding on my router to make a web server on an NMEA 2000 gateway available via the internet on the public IP of my internet connection. But, on the boat I’m either connected to marina WiFi or via a cellular connection. Neither of these connections typically gives you a public IP — instead you get an address that looks like 192.168.x.x or 10.x.x.x which are RFC 1918 non-routable addresses designed for use on private networks — and without a public IP there’s not a way to make that web server available on the public internet.
My searches lead me to ngrok, a company who does nothing but provide tunnels for the remote access and management of devices. A lot of their customers are internet of things (IoT) companies who are deploying lots of little devices that they need to centrally manage. I was actually referred to them by Blue Guard Innovations who uses it in their BG-Link IoT boat monitor. What you see in the drawing above is a graphical representation of what ngrok accomplishes.
It might be easier to understand what ngrok does with a practical example, but first I want to make sure I’m clear about my relationship with Yacht Devices since I’m going to concentrate on one of their products. Prior to joining Ben Ellison at Panbo, I started Yacht Devices U.S., the U.S. distributor of Yacht Devices Limited’s excellent line of NMEA 2000 sensors, gateways and converters. I believe it’s critical to keep my work covering the marine electronics industry separate from my ownership of Yacht Devices U.S. so I’ve erred on the side of not covering Yacht Devices’ products. But, in this entry I’ll discuss the YDWG-02 NMEA 2000 to WiFi gateway, the built-in web gauges, and how I’m using them. There are other excellent products out there from companies like Maretron, Digital Yacht, and Actisense that do a lot of the same things, though each with their own unique features.
The Yacht Devices NMEA 2000 to WiFi Gateway (YDWG) makes all your NMEA 2000 data available to devices on your network so apps like Aqua Map, iNavX, and Navionics can access NMEA 2000 data. The YDWG also features web gauges allowing nearly any data present on the NMEA 2000 network to be viewed in a web page that’s served up by a web server built into the YDWG. This is a great way for me to drop in and check on the boat. But, without a public IP on my internet connection there’s no obvious way to access these web pages remotely. I needed to find a way to tunnel my connection out and make it available. That’s where ngrok comes in.
Setting up ngrok starts with a download of their executable to your computer. For testing purposes, I ran the Windows version but I think I will probably move it over to a Raspberry Pi that is always on and running. Pis are great for applications like this because at $35.00 per unit they’re very cheap and they use very little power. Their program establishes a connection out from your computer to their servers and then starts listening for connections that destined for the service you’ve started publishing. So, in my case I told ngrok that I wanted the webserver for my YDWG to be available on the internet. Because I’m using a paid plan ($5 / month) I am able to use my own hostname, in my case haveanotherday.ngrok.io, instead of a randomly assigned string (something like 0a35cd1.ngrok.io).
So now when I want to check out what’s happening onboard I can fire up a browser and head to http://haveanotherday.ngrok.io/g.html and check it out. If you want to take a look yourself you can use username and password of ydwg and see in real time what’s happening aboard.
Making it all work is pretty darn straightforward. When you sign up for an account — account options start at free and work their way up to as much as $12 a month depending on which features you need — you’re given an authtoken that needs to placed in the config file. From there you can configure individual tunnels. The free plan is limited to four tunnels, so you can make the web interface of four devices on your boat available.
If you’re looking for less of a DIY solution, FloatHub — which Ben E. has discussed — and other boat monitoring products make a lot of the same data available. FloatHub’s WiFi only monitor does something very similar to what I’m doing but it’s all preconfigured for the user and a few of the components are moved around. They use the internet connection on the boat to make a connection out to a server. They then upload data that’s been collected from the device to the FloatHub server and in turn, make that available to the user via their web application. In the case of what I’m doing that server is running on my boat and I’m using ngrok to make it accessible on the internet.
Up next for me will be making my Digital Yacht iKommunicate available remotely as well. Signal K is designed for this sort of light-weight quick access to data, though the adoption has been spotty.
With both free and low-cost options, ngrok is exactly what I was seeking. I can now easily access devices I previously had to be physically on the boat to control. Now, since I’ll be able to access them remotely, my desire to link all the sensors on my boat to either NMEA 2000 or by IP is even stronger.
Ben – this is a great bit of info. Like you, I’ve been stymied by the private IP’s that are used with marina wifi and my AT&T cellular modem. Would love to get my Maretron N2KView screens available while I’m away from the boat. Will check out ngrok and see if that’s possible.
Ben, Please do post the particulars when you get ngrok working for iKommunicate. This is a short-term goal for me as well.
Hmm… So far I’ve had success getting the iKommunicate web page to load and the test apps on the iKommunicate to load. But, WilhelmSK is thus far unimpressed. I’m not sure what’s wrong but I’ll ask Scott Bender, the developer, if he’s got any ideas.
Ben
The ngroks.io website seems to be down currently 🙁
Justin,
I just checked and everything seems to be fine both with ngrok and the tunnels to my YDWG. But please do check your URL, there’s no trailing S, it’s just ngrok.io.
Thanks Ben, yes the URL I typed was not the one I was trying. It seems to be coming and going for me for access now. Sometimes working, other times timing out.
another low cost (zero) alternative as a suggestion..
Use a router on board that supports “openVPN” (free ) & dynamic DNS service (both are inbuilt to modern routers and free)
OpenVPN clients (free) are available for Windows, IOS and Android – so you can access
the onboard router using a VPN (with a certificate – generated by the router) on any of your devices – “just like being on the onboard LAN”
.. to access remotely – click on the OpenVPN client (which accesses the dynamic DNS to get
current IP) & opens the protected VPN tunnel.
Then just browse using the internal LAN IP address/s as if you were on the boat.
simple, secure, and free.
I believe the solution you describe requires a public IP, something most boat connectivity options lack. A dynamic DNS based solution doesn’t work if there’s public (routable) IP for the DDNS to point to.
If you do have a public IP this will work well. But, your router must support it. The Wave WiFi MBR I’m currently using won’t, though the Ubiquiti EdgeRouter I also use does.
Ben
I wonder if it would possible to make it run directly off of an iKommunicate instead of a Pi or other computer.
Speaking of SignalK, here’s a fresh and serious geek out:
https://www.victronenergy.com/blog/2019/06/13/sailing-with-signal-k/
Is this dependent on having a wifi connection or do you have to leave the cellular modem on while off the boat?
I was using a verizon hotspot with the wifi floathub but afraid of the cost of leaving it on or having it throttled late in the month. SInce I switched to the 3g version of the floathub I have access from any web browser. The cellular cost is included with the enhanced monitoring.
As you point out the floathub is less of a diy solution, but with the cellular connection it is working well and I no longer need to worry about hotspots or longish range wifi.
Yet another low cost (zero) alternative as a suggestion.
Use TOR and make your boat Raspberry Pi act as a hidden TOR service. Either expose HTTP/HTTPS directly or rather if you want layer of even more security just expose SSH (or OpenVPN or something you like) and then tunnel everything through that.
Works from anywhere to anywhere, and the whole concept is just so elegant it makes you smile.
https://nurdletech.com/linux-notes/ssh/hidden-service.html
https://medium.com/@tzhenghao/how-to-ssh-over-tor-onion-service-c6d06194147
https://blog.w1r3.net/2018/02/11/ssh-hidden-service.html
So, this requires an onboard router, correct? The computer is not connected to the marina wifi, it is the router that is connected to the marina wifi. Then the computer and the YDWG are in the routers onboard wireless network. Ie: the computer can’t connect directly to the YDWG and the marina wifi at the same time, unless a second wireless ‘radio’ is added to the computer through, say, a USB dongle. That would allow simultaneous connections to both the marina wifi and the YDWG without a router. Do I understand this correctly?
Steve,
I believe you do understand this correctly. I’m an advocate for establishing an on-boat network to which all on-board devices are connected and then connecting the entire network to your source of connectivity. It avoids complexities like you mention of having to use two network adapters, etc.
Ben S.