Ask Your Question
0

Best Practice for Running ROS Remotely

asked 2021-06-11 13:45:44 -0500

sean112 gravatar image

Hello all,

I am wondering what is the best practice to run ROS remotely.

I have read through http://wiki.ros.org/ROS/Tutorials/Mul..., which goes through how to setup port forwarding on my local network and access the machine through the public IP address. I have not spent too much time to implement it, not sure why after using netcat -l 1234, the port 1234 is still not open from port checker website.

I am wondering if this is still best practice? Or should I use something like http://www.remote.it, and remote ssh/vnc into the robot. What would be the difference between the two in terms of performance, security and such.

Sincerely, Sean

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
4

answered 2021-06-12 04:58:45 -0500

gvdhoorn gravatar image

updated 2021-06-12 05:34:19 -0500

Without dismissing the effort the author of wiki/ROS/Tutorials/MultipleRemoteMachines put into that tutorial, I don't believe what is described there was ever a best practice (note: it's also not that old: first edits from end of 2018).

The tutorial essentially instructs users to setup port forwarding, which exposes ROS nodes directly on the public internet. This is not a good idea.

STEP 2: Modem/Router Settings even suggests to forward all TCP and UDP ports between 1025 and 65000. Exposing just about all ports of a machine to the public internet.

This is also not a good idea.

It's also unnecessary.

I would strongly recommend to use a VPN or some other form of tunnel between remote networks. This has many benefits, but two main ones:

  1. all traffic will be encrypted (in contrast to plain TCPROS and UDPROS traffic, which is plain text)
  2. only a single port (or a couple at most) needs to be exposed in a firewall

Whether you use a commercial service or something like tinc-vpn (OSS, peer-to-peer VPN) doesn't really matter.

As to performance: anything which needs to be encrypted and decrypted will incur overhead. But that's a non-issue here I believe, as transmitting ROS messages plain text over the public internet is basically an invitation for some rogue entity to take control of your robot(s), and additionally the types of encryption employed by VPN services are typically rather lightweight.

Without getting overly dramatic: only use port-forwarding if you absolutely cannot use something else.


Edit: I've added a strong warning to that tutorial to dissuade people from trying to implement it (diff):

warning

I'm actually going to discuss with some other people whether that page should be removed.

edit flag offensive delete link more

Comments

1
gvdhoorn gravatar image gvdhoorn  ( 2021-06-12 05:34:42 -0500 )edit

We've decided to remove the page (actually: remove the content, but keep the page itself).

gvdhoorn gravatar image gvdhoorn  ( 2021-06-14 07:42:46 -0500 )edit

@sean112 If you go for the vpn option take a look into this repository, it makes it really easy to setup a vpn server. I am using it in a project I am working on. Basically I set up the vpn server in my laptop and I connect the robot as a client to it. With this I am able to access the robot via internet.

rezenders gravatar image rezenders  ( 2021-06-14 13:43:50 -0500 )edit

I have decided to use remote.it for remote ssh/vnc, it seems to be more secure and less work on our end.

sean112 gravatar image sean112  ( 2021-06-14 13:48:45 -0500 )edit

@rezenders Thanks for the suggestion, I will check it out definitely

sean112 gravatar image sean112  ( 2021-06-14 13:50:36 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-06-11 13:45:44 -0500

Seen: 333 times

Last updated: Jun 12