Hi,
We are looking/planning to roll out 100s of raspberry pis across 100s of sites with internet connection. One of the things we need to be able to do is remote access them at anytime. We aren't allowed to use SSH because they have to be on DHCP, not able to setup any NAT rules on the sites firewall to forward incoming requests, only allowed port 443 and the sites don't have static public IPs. So basically we need to make the Pis call home instead. Looked at reverse SSH but doesn't seem feasible in supporting 100s of Pis.
So I thought could use SSL VPN client on the Pi to connect to a UTM. I've tested the concept and it works ok, i.e. the Pi connects to the UTM over the internet but haven't tried SSH to it through the SSL VPN admittedly.
The traffic to and from the Pi will be minimal, perhaps 1mb every 12 - 24 hours with some bursts of up to 20mb maybe once a month.
SSL VPN seems to tick all the boxes, we can call home, go over 443 from the sites and it doesn't matter about DHCP or dynamic public IP as our UTM will be the server but it all seems to easy and my concerns are
1) Would managing 100s, possibly over 1000 pis be challenging from a SSL VPN point of view?
2) Is SSL VPN the right way to go in terms of growth, im aware that IPsec is more efficient but limited to allowed outgoing ports at the sites. I know the UTM hardware has suggested concurrent limits but with the amount of traffic we'd be passing surely that would increase?
3) Am I missing something? Like I said it seems to easy.
Thank you in advance to whoever reads and replies its much appreciated.
This thread was automatically locked due to age.
