An Illustrative Guide to Eternal Terminal Tunnels
A quick learn-by-example tutorial

25 Jun 2020, by Chinmay and Aadi

Eternal Terminal is a remarkable remote shell utility. ET has the ability to maintain connections across internet outages and changing IP addresses. mosh offers similar features, except that ET can also create persistent tunnels (essentially port forwards).

Table of Contents

1. Setup
2. What’s a tunnel?
3. Forward Tunnel
4. Reverse Tunnel

Setup

Consider a simple case where an HTTP server is running on Aadi’s Raspberry Pi. For example, the command python3 -m http.server begins a simple HTTP server on the port 8000.

Now suppose that Chinmay wants to access this HTTP server from outside Aadi’s network, say from his house. Aadi could open a port forward allowing Chinmay to reach the HTTP server running on the Raspberry Pi.

This has two major problems:

• The server will be publicly accessible as there is no authentication involved – you only need Aadi’s IP to get in!
• The connection is not encrypted and hence susceptible to snooping and denial-of-service attacks.

Using a tunnel instead will achieve the same privately over an encrypted connection.

Tunnel?

The Linux Command Line sums up what an SSH tunnel is quite well (an ET Tunnel is functionally similar):

Part of what happens when you establish a connection with a remote host via SSH is that an encrypted tunnel is created between the local and remote systems. Normally, this tunnel is used to allow commands typed at the local system to be transmitted safely to the remote system and for the results to be transmitted safely back. In addition to this basic function, the SSH protocol allows most types of network traffic to be sent through the encrypted tunnel, creating a sort of virtual private network (VPN) between the local and remote systems.

In addition to all of that, ET is more resilient to fluctuations in the network.

Installation

Instructions for all major platform are provided on eternalterminal.dev. You will need to install it on both machines. By default, the ET server listens on port 2022. If you can log in successfully via ET¹, you should be good to go for creating a tunnel.

Technicalities

• If the Raspberry Pi has the IP address of 192.168.0.100 on Aadi’s local network, then the HTTP server will respond to requests directed at http://192.168.0.100:8000.

• We are using port 8000 in this guide because that is where the HTTP server we want to forward is listening. Use the port of the service you want to forward in place of 8000.

• We are using the domain rpi.volect.com for connecting to Aadi’s server in this guide. Replace it with the IP address (or domain) of your server when using these commands.

Forward and reverse tunnels

The direction of the tunnel is determined by which machine the HTTP server to be tunnelled resides.

Think about the direction from the point-of-view of the ET Server – forward is sending the port away, reverse is pulling it to itself.

Forward Tunnel

Chinmay can run the following command to create a forward tunnel.

et [email protected] -t 1313:8000

Reverse Tunnel

Swapping the -t flag with the -r flag will initiate a reverse tunnel instead.

et [email protected] -r 1313:8000

Now, Aadi can access the HTTP server at http://raspberrypi.local:1313 – as if Chinmay’s server was running on the Raspberry Pi.

This is assuming Aadi’s network is set up such that raspberrypi.local points to the local IP address of the Raspberry Pi. Typing in the actual IP address will work here too.

That’s it!

Eternal Terminal’s tunnels (tongue twister, huh?) are a great feature and we hope you try them out. They have significantly improved our collaboration experience while working on Volect, given our patchy internet connections.

If you have any feedback, feel free to reach out.