Solved RS-232 over Ethernet?

Yeah, thanks, I'm aware and I have a couple of them.
But I already have 2 serial ports in my router running pfSense, I wouldn't like to add extra hardware.
By my understanding, it shouldn't be hard to do...
 
For physical serial port connections over TCP, I use an old Black Box 8-port Terminal Server connected to ILOM management ports on a couple of my old sun netra servers. The Black Box terminal server is a nightmare to configure, but very reliable once it's done. On the VM side, there is vSPC.py for ESXi - with that, you can setup a VM to run the serial port concentrator and then configure VM guests' consoles to be accessible via telnet to a specific port. Again, not easy to setup, but nice to have.

It all depends on what you want to do.
 
Phishfry , I don't need signaling, those ports serve as serial consoles for a couple of BeagleBone Blacks.
Datapanic , thanks! However, I wouldn't like to use extra hardware for many reasons (which are out of scope here).
I have 2 real serial ports in the same physical computer I run FreeBSD on.
 
Thanks, guys!
It looks to be much simpler in my case: comms/ser2net perfectly works.
I configured it to attach one serial port to TCP port 2000 and another to TCP 2001, then I've forwarded those TCP ports from outside world to my server.
 
I don't quite understand the interest of RS232 over Internet.
OpenSSH was buit for that, use OpenSSH.

Otherwize, you can use a BeagleBone black (50 USD), a USB hub (7 ports, 40USD, metal housing) and USB to serial adapters (10 USD each). Then connect using OpenSSH on the BeagleBone and use "cu" to connect over the serial line. This setup is fully configurable and can be upgraded.

It works very well, is very stable and relies on FreeBSD security to isolate connections.
The only drawback is that there is "one point of entry" to your servers.
Do not expose this device over Internet, use it only on your LAN.
So make sure to disconnect after a serial connection AND trust FreeBSD to isolate the cu processes.
 
French Fries said:
I don't quite understand the interest of RS232 over Internet.
OpenSSH was built for that, use OpenSSH.
Click to expand...
Of course, I use SSH in most cases.
However, imagine, that people who use only Windows and know only PuTTY, need to debug a device at remote location behind firewall.
I prefer telling them an IP/hostname and a port number they can access instead of creating login accounts at remote location (and maintain them).
 
I am not sure to understand what you are doing.
  1. use Windows
  2. Forward serial console over Internet using an unsecure protocol.
  3. Tell this project on a public forum.
Without joking, you can forward ports using OpenSSH with rock-solid encryption.
All you need is a computer running SSH configured properly to serve as port-gateway.
forward TCP port 2000 => TCP 22 in the target host.

Look for SSH tuturials, port forwarding is very well explained.

Personaly, I would always prefer a solution based on an authentication server and direct SSH connections, for better control.
Serial connection is secure, but on wire, not OVER the Internet.

You may try OPNfirewall, based on FreeBSD, which includes everything to build a firewall and authenticate users (freeradius plugin).
 
OpenSSH can do that.

Try look for "SSH port redirection" or "SSH tunnel" on Google.
You can run OpenSSH client as a deamon and redirect any TCP source port to any TCP destination port.

Basically, ssh -l is for local port redirection and ssh -R is for remote.

One answer from Google:
http://blog.trackets.com/2014/05/17...-port-forwarding-explained-with-examples.html

You may also use an old technology, called "stunnel":
https://www.stunnel.org

All these are technologies from the year 2000 (around). They have been superceeded by firewall, central authentication, direct SSH connection, using IPv4 redirection or direct IPv6. Go for OPN firewall, it does that very well.

I would not use port forwared today. Attackers use robots which know all vulnerabilities. If your target is vulnerable in some way, you will get hacked, especially is the access gateway is visible.
 
French Fries said:
You can run OpenSSH as a deamon and redirect any TCP source port to any TCP destination port.
Click to expand...
Again, that's exactly what I'm doing!
Please read carefully my previous message. A serial port is not a TCP port, you cannot simply forward it. First you have to "convert" it into a TCP port. Thus you need another piece of software to do that.
 
This is what I mean too.

Serial console is for direct wire access or serial over LAN.
Serial can give access to BIOS, emergency reboot, etc...

OpenSSH is for remote access, it superceeds telnet and serial console.
OpenSSH is meant for remote access.

Quoting your answer, you are doing WAN: "I've forwarded those TCP ports from outside world to my server"
OK, it technicaly works, but is probably highly insecure.

Don't use serial console over IP unless it gives you very special features, like access to BIOS, emergency reboot, etc ... Everything else can be done with OpenSSH.

The first answer was about serial gateway.
A serial gateway is an SSH server with several serial console clients.
It can be build easily using a Beaglebone or bought on eBay.

If you are doing port redirections overs Internet (insecure WAN), you can only redirect to an SSH port OR to a serial gateway (SSH port).
 
French Fries said:
A serial gateway is an SSH server with several serial console clients.
It can be build easily using a Beaglebone or bought on eBay.
Click to expand...
This is funny, because I need that serial port forwarding to debug a device based on BeagleBone!
But I have a small PC with two real RS-232 running FreeBSD to do the port forwarding.
Agree, it's worth to mention that the port forwarding has to be done via SSH. However, in my particular case it doesn't really matter.
 
I am following this thread because I am also gathering ideas on what's the best way of remote BeagleBone Black service & maintenance.

However, I still fail to understand by 100 % the rational of the serial port forwarding, so please let me ask some questions:
  1. For normal usage we got the BBB's connected via ethernet into the LAN on the remote site, don't we?

  2. We need access to the serial console in debugging situtations, for example in case the device fails to boot, correct?

  3. Is your goal to install another FreeBSD server on the remote site and have serial cable connections of all your BBB's to this server?

  4. If the answer to 3 is YES, then how does net/ser2net help in case you want to connect more than 2 BBB's to a server which got only two RS232 ports?

  5. If the answer to 3 is NO, then please may I ask for some more explanations on what is by which physical means connected to where, and where do you run net/ser2net?
 
1. With normal usage there is no problem, regular network access.
2. Yes, correct, need access to the debug console.
3. Yes, in my case I have installed a box running pfSense to provide VPN since it's behind a firewall I have no control on.
That box has 2 physical RS-232 which are connected to BBBs' serial ports (debug consoles).
4. ser2net can be configured to redirect any number of serial ports. So I run ser2net in the pfSense box.
 
aragats said:
...
4. ser2net can be configured to redirect any number of serial ports. So I run ser2net in the pfSense box.
Click to expand...

I don't doubt the capability of the software, my curiosity is how the software can help to serially connect, for example 10, BBS's to 2 RS232 ports. Would we connect 2 BBB's to the RS232 connectors and the other 8 via USB (using FTDI to USB converters)? Or is there some sort of a multiplexer involved which can be controlled by some external signals.
 
Just a few remarks:
  • There are discussion on OPNSense forum and noone is able to recompile pfSense for at least 5 years. We don't know exactly what toolchain is being used for compilation. So I would not recommend using pfSense, especially behind a firewall if your client is an important company. Try OPNsense, which is a European project. If you are american, you can stick to pfSense, no problem.
  • FreeBSD alone with limited software is aways preferable to ANY firewall.
  • The BBB has serial capes so you can use a normal RSR-232 DB9 connector. But this restrict the number of GPIOs. Also, I could connect only under root. i am enquiring about that and found no solution to connect under unpriviledge user.
  • All you need is a USB hub and any number of USB to tti converters. This is better than a multiplexer.
  • Connect a BBB to the multiplexer / USB hub. it should be possible to attach a serial connection to a tty session. I have a BBB running with several USB to RS232 adapters and this works like a charm (but I am using cu, not tty session).
  • Also think about users who might leave a session without closing it. I would like to enforce leaving a session if no activity on serial.
If you are interested, maybe we can do some research together. I have to run cu each time I connect and would like a more reliable solution with very limited hardware. I would prefer to use TTYs, log session. Can we switch TTYs during OpenSSH session and run OpenSSH in jails (if compatible).

You would end-up with something like:
SSh -> BBB -> tty sessions -> serial multiplexer -> serial connections
 
You must log in or register to reply here.
Back
Top