Today's blog post is contributed by Frank, one of our Airwall Teams users, who contributes a really useful security project that can be extended to a wide range of IoT devices:
Home computer hobbyists have it good these days. There have never been as many easy-to-use tools available for creating electronics projects and connecting them to a network. Accessing these projects outside your home, however, is much more complicated. Many IoT protocols and solutions are designed to be used on a LAN, and who has a VPN concentrator for their home network? Managing “Port forwarding” to allow remote access is also very dangerous and doesn’t always work. Fortunately, these problems are easy to solve with Airwall Teams.
This project was contributed by Tempered user Frank, who built a custom hydroponics controller for his home garden and needed a way to securely connect when out of the house.
In Frank’s own words: “I designed my own pump controller using a particle photon microcontroller and added Blynk software. Blynk allows you to make pretty neat mobile apps to serve as the UI for controllers without any coding. Blynk is a cloud-based solution that is not very expensive, but their server software is open source and available via Github. I wanted to see if I could get all that working (for free) and then lay airwalls on top for remote access. I am pleased to say that this morning I have successfully controlled my pumps over the web from outside my home network.”
Figure 1: Frank's Hydroponics Setup
The Details - Step by Step Instructions to connect to your own IoT devices
The Hydroponics controller
Frank designed his own printed circuit board (PCB) with a 12v stepdown regulator for power, a particle photon microcontroller, Four 5v relays with LEDs to indicate on/off state, 5 pushbutton switches to enter data, an OLED display to show the settings and then 4 external sensor inputs that are intended to be used for water level detectors. When the system starts, the display is used to prompt the user to use the pushbuttons to input the on/off times for each of the relays. The system then turns them on as programmed each day.
Frank recalls “This is a classic DIY IoT solution and lots of people are doing similar things that you can find on YouTube. It took me several weeks to get all this running and debugging the PCB, which was designed without mocking up a breadboard. So there were a few additional wires I had to add, but got it all working.”
Blynk mobile app and server
Once it was working, Frank looked into Blynk with the intention of adding it as part of the solution. If it worked, the controller design would not need the push buttons or OLEDs long term. Getting Blynk integrated turned out to be pretty straightforward. Blynk is a powerful tool and, according to Frank, “Really, really cool.” The server is open source, so Frank decided to use it to avoid any recurring costs and have a more secure, faster system. Frank configured the mobile app to let him configure all the settings for turning on and off the various watering relays. See figure 2 below.
Figure 2: Frank's Blynk app
Now, he needed a server. Frank had an old 2010 Mac Mini sitting around. After researching his options, he decided to install Ubuntu Linux on the Mini and then install the Blynk server there. At this point, he had a fully functional system that allowed him to use his phone to program the watering times for his garden via the Ubuntu server. The drawback was that communications to the Blynk server only worked when the phone was connected to his home LAN. That’s where Teams came in.
Frank realized that Airwall Teams could solve his problem, so he logged into teams.tempered.io and followed the download instructions. He installed the iPhone app from the store, started the agent, and logged into Teams. Then he followed the Linux download instructions and got his Mini registered in teams. Next, he just connected them to provide connectivity into his home network from his phone, without the need to configure his home router. See figure 3.
Figure 3: Frank's Airwall Teams network
According to Frank, his Airwall Teams install was simple: “Installation instructions for Linux are quite good and I had no problem getting registered. So, now I have the laptop, my iPhone, and the Linux server in my airwall network. It took a while to get my controller to respond to the smartphone interface via Airwall agents on my LAN, but I got there pretty quickly. Less than an hour. I then turned my WIFI off on the phone and fantastic, the solution worked. I had to go to the post office and tried my phone from there. Works like a charm.”
Airwall Teams is free for connecting up to 25 devices together, and Tempered’s Host Identity Protocol-based technology utilizes only outbound connections. This means Airwall Teams traverses most home, mobile, or corporate networks without the need for new security rules, “port triggering” or “port forwarding”. So you can safely connect your projects to the internet and access them from anywhere without worrying about giving hackers access to your secrets.
Do you have a cool application for Airwall Teams? Drop us a line at email@example.com. We’d love to feature your story as well.