[talk] Pi or other device for remote mgmt?

Charles Sprickman spork at bway.net
Fri Jan 12 21:49:16 EST 2018


Hi all,

With all the ARM fans here, maybe someone has some ideas for this.

As some of you know, I do freelance work for an ISP and they are in NYC and I am not.  I’ve got a box in their office that I use to setup new gear and such, either by serial or ethernet and then at some point an ssh tunnel to my box for web-based configs and the like.  For some on-site work they’ll just dump a windows laptop with TeamViewer (henceforth, “TV”) and that’s my entry point to a network.  Both work well, the TV is sometimes a bit clunky because it can be laggy and it’s windows (blessing for things that need windows tools, curse otherwise).  It also craps out if I break the network, as I can then no longer reach the TV laptop.  Of note, TV is handy in that it “reaches out” to a proxy rather than relying on me punching holes in to reach it.

I’m looking to create a hybrid.  I’d like to take a cellular device like a cradlepoint or mifi and pair that with a tiny *nix box loaded up with tools.  This could solve a bunch of problems:

- Rather than relying on on-site internet access, it relies on the cell network, so if I break something on-site, I still maintain access to my toolbox and may then be able to undo what I’ve done
- It’s not windows
- It has all the tools I need
- It’s not a big laptop, it’s two small devices strapped together
- It could hopefully all be powered via batteries or PoE (handy for wireless PoPs)
- If lost/stolen, it’s not a laptop

Where I’m a bit lost as to what hardware to fetch:

- The Pi or equivalent would need at least two ethernet ports, one for the cell modem, one for the network I’m working on
- wifi would be helpful in cases where I’m looking at some onsite wifi problem
- Able to be powered via one of those phone charger battery packs, would like at least 8 hours runtime on a large (say 12AH) battery
- Able be able to be powered via PoE (passive/WISP-style and/or standards-based)
- Should have a decent case available to protect it
- Hardware should be reliable
- Some kind of LCD panel to show status (like “hey, I have an IP and I’ve nailed up a VPN connection”), or just some LEDs blinking in a pattern
- Additionally, any pointers on a decent 3G/LTE modem/carrier that has ethernet as opposed to wifi?  No ethernet is a deal breaker.

OS/software-related questions:

- How can I set this thing up so that as soon as it power on and sees a network it will “phone home” and setup a tunnel back to a server somewhere?  I don’t trust IPSEC with all the garbage between the device and the server. OpenVPN started on boot to just nail up a connection?
- If something is amiss, a very basic GUI or something to allow a helper to plug in a monitor/kbd and read me back some info (any alternatives to X yet?).
- Are there any *BSD derivatives that bundle a bunch of tools, security and otherwise (for example, Parrot: https://www.parrotsec.org/) - this isn’t necessarily for security work, but things like Parrot tend to bundle a ton of general use tools, and usually some neat wifi tools.

Lastly, maybe someone has already built this and sells it as a penetration testing device.  Sound familiar to anyone?

Thanks,

Charles


More information about the talk mailing list