Serial port over internet, peer-to-peer and through both firewalls

[voltsandjolts]

Assuming that the firewalls allow outgoing UDP, I would look into using preconfigured OpenVPN network appliances on both ends which automatically connect to a central OpenVPN server so the network endpoints then see each other as local.

Thanks David.
This is what the eWon (https://ewon.biz/) suggested by Jeroem3 does - they provide the central cloud server. I'm looking into this now.


FlexiHub
For the record, the www.flexihub.com solution I mentioned earlier will let you connect to remote devices over the Internet without the need to configure port forwarding on your router (i.e. opening ports for new inbound connections). However, it needs to use destination ports which are blocked on my corporate LAN so I couldn't even login. For a less restrictive corporate LAN it may actually work.

[Jeroen3]

@Aeternam
As Jeroen3 says, you are misunderstanding how ports work.

Sorry but Jeroem3 has it backwards.
@Aeternam got it correct in terms of how ports work and how any reasonable network admin would approach configuring a firewall.

Standard firewalls care don't about outgoing traffic that much. Sometimes they can block a specific outgoing protocol. (based on dstport) Blocking dstport 80 is something I have never seen before. Most of the times a proxy is installed with filtering if blocking web content is the goal. Or even worse, a filtered DNS. It's an especially outdated method since a lot of websites use dstport 443 today.

My reply was based on the common misconception on ISP-forums that people need to port-forward tcp80 to their pc/xbox for "internet" to work.
Not knowing the knowledge of voltsandjolts, we could be sending him to the network guy asking for something similar to blinker fluid. 

@Jeroen3
Ooooo, this might be the jackpot. It even says Firewall Friendly! Now to test if I can get OpenVPN outbound from here....

Indeed. We use it to plug into any random network our mobile analyzer is temporarily mounted. If there is no network, we use cellular. And since cellular used carrier grade NAT, you can't use server concepts on this side of the link.
OpenVPN is rarely blocked since you'll need at least an medium-bearded-IT-guy to be experienced enough that he blocks it. Those are rare.

[David Hess]

Assuming that the firewalls allow outgoing UDP, I would look into using preconfigured OpenVPN network appliances on both ends which automatically connect to a central OpenVPN server so the network endpoints then see each other as local.

Thanks David.
This is what the eWon (https://ewon.biz/) suggested by Jeroem3 does - they provide the central cloud server. I'm looking into this now.

The server part could be setup by you at any fixed location or on a cloud server so you would retain complete control.  Technically oriented people with an interest in having their own VPN endpoint for security often do this instead of buying a subscription to a VPN service so the instructions for using OpenVPN this way are out there.

[voltsandjolts]

Yes, I like the idea but its probably a bit over my head to be honest.
With a virtual private network setup I could then use com0com or something similar to share a comport over that virtual network connection.
I see Amazon do hosted OpenVPN Access Server as a cloud service https://openvpn.net/index.php/access-server/cloudmachines.html but I'm reluctant to dive in.

LogMeIn Hamachi https://www.vpn.net/ makes small virtual networks free and easy (peer to peer too for reduced latency) but, alas, blocked on my corp network.
Also, SSH tunnel between computers on corp networks might be possible with https://openport.io/ but I haven't tried it.

It seems an OpenVPN solution is the best way forward for me and I'll probably go with eWon.

Thanks for your input.

[Jeroen3]

There is also the cost factor. Although it seems cheaper to set up such thing yourself, it isn't.
- You need to buy local hardware.
- You need to rent a VPS
- You need to setup and maintain (eg: firmware updates) the local hardware.
- You need to setup and maintain the vps.
- You need to be able to fix downtime 24/7, and have knowledge to do this.

[Kalvin]

- Raspberry Pi
- Serial-to-USB-converter
- SSH server
- Picocomm or similar application

If you can create an SSH tunnel from your machine to the Raspebrry Pi, your are done: Just SSH into the Raspberry Pi and launch the serial terminal program. If the firewalls block all incoming traffic, you would need a proxy-server (Possibly another Raspberry Pi or similar gadget connected to the public Internet). Anyway, it is doable.

https://toic.org/blog/2009/reverse-ssh-port-forwarding/