ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange
Ask Your Question
0

Using ROS on restricted network

asked 2021-02-07 00:04:42 -0600

tdam2112 gravatar image

updated 2021-02-07 09:08:27 -0600

I'm attempting to connect two computers across a restricted network, we can call them server with IP 192.168.1.75 and robot with IP 192.168.1.67.

The current restrictions in the network I have are as follows:

  • no use of ping
  • can only ssh from server to robot not vice versa
  • only have 1 port allowed through the firewall
  • connections can only be established from robot to server

I'm aware some of the restrictions won't work for ROS so I'm evaluating the changes required. Unfortunately I don't have control over the network so any change can take a few weeks to take effect. Given that consideration, I'm trying to understand which changes I need to make ROS work.

On the server I set things up as follows:
export ROS_MASTER_URI=http://192.168.1.75:44555
export ROS_IP=192.168.1.75
roscore -p 44555

On the robot side I set it up as follows:
export ROS_MASTER_URI=http://192.168.1.75:44555
export ROS_IP=192.168.1.67

When doing rostopic list I get in return the expected:
/rosout
/rosout_agg

Although I'm having trouble launching any nodes, if I run roswtf on robot I get the following:

Loaded plugin tf.tfwtf
No package or stack in the current directory
================================================================================
Static checks summary:

No errors or warnings
================================================================================
Beginning tests of your ROS graph. These may take a while...
analyzing graph...
... done analyzing graph
running graph rules...
connection to [/rosout] timed out
... done running graph rules

Online checks summary:

Found 1 warning(s).
Warnings are things that may be just fine, but are sometimes at fault

WARNING The following node subscriptions are unconnected:
 * /rosout:
   * /rosout


Found 2 error(s).

ERROR Could not contact the following nodes:
 * /rosout

ERROR Errors connecting to the following services:
 * service [/rosout/set_logger_level] appears to be malfunctioning: Unable to communicate with service [/rosout/set_logger_level], address [rosrpc://192.168.1.75:35928]
 * service [/rosout/get_loggers] appears to be malfunctioning: Unable to communicate with service [/rosout/get_loggers], address [rosrpc://192.168.1.75:35928]

From the server side I get the following out of roswtf:

Loaded plugin tf.tfwtf
No package or stack in the current directory
================================================================================
Static checks summary:

No errors or warnings
================================================================================
Beginning tests of your ROS graph. These may take a while...
analyzing graph...
... done analyzing graph
running graph rules...
... done running graph rules

Online checks summary:

Found 1 warning(s).
Warnings are things that may be just fine, but are sometimes at fault

WARNING The following node subscriptions are unconnected:
 * /rosout:
   * /rosout

I tried also running a test with turtle_tf2 doing roslaunch turtle_tf2 turtle_tf2_demo.launch on the robot side, this is the output from it:

Checking log directory for disk usage. This may take a while.
Press Ctrl-C to interrupt
Done checking log file disk usage. Usage is <1GB.

started roslaunch server http://192.168.1.67:46161/

SUMMARY
========

PARAMETERS
 * /rosdistro: melodic
 * /rosversion: 1.14.10
 * /scale_angular: 2.0
 * /scale_linear: 2.0
 * /turtle1_tf2_broadcaster/turtle: turtle1
 * /turtle2_tf2_broadcaster ...
(more)
edit retag flag offensive close merge delete

Comments

Could you please update the title of your question? Right now it's not very descriptive.

gvdhoorn gravatar image gvdhoorn  ( 2021-02-07 02:43:15 -0600 )edit

It looks like you posted a similar/duplicate of your question earlier in #q370898. Why did you delete that one?

gvdhoorn gravatar image gvdhoorn  ( 2021-02-07 05:02:57 -0600 )edit

I went a different route and though the prior question didn’t make sense to implement, I’ll put it back up.

tdam2112 gravatar image tdam2112  ( 2021-02-07 09:24:28 -0600 )edit

1 Answer

Sort by » oldest newest most voted
2

answered 2021-02-07 02:39:35 -0600

gvdhoorn gravatar image

updated 2021-02-07 05:00:38 -0600

I can't enable all ports unfortunately, would enabling some of them allow ROS to work?

no, unfortunately not.

There are various Q&As about this here on ROS Answers. The keywords are "ephemeral ports".

In short: ROS nodes can (and will) use any port from the ephemeral range, both UDP and TCP (depending on how subscribers are configured).

The only "static port" (in the sense that you can control it) is the port at which the XML RPC server listens for connections. That would be what you configure with the ROS_MASTER_URI environment variable.

This is also what makes rostopic list and rostopic info work, as those mostly use the XML RPC server.

roswtf complaining about connections not being there or it unable to connect to nodes running remotely is a result of connections not being allowed.

For networks like the one you describe, overlaying a virtual network (via VPN or some other mechanism) is typically easiest and robust. There are various peer-to-peer VPN solutions which could work (these don't use a central server, but connect hosts directly). One would be tinc (OSS), there are other, commercial options available as well. ROS Discourse has a few announcements you could look for.

connections can only be established from robot to server

I guess this means: they can only be initiated. If you'd really only had one directional connections, nothing would work.

I tried also running a test with turtle_tf2 doing roslaunch turtle_tf2 turtle_tf2_demo.launch on the robot side, this is the output from it:

all of your troubles here have nothing to do with your network configuration, but with OpenGL and/or your X server not working and your workspace setup not being correct.

edit flag offensive delete link more

Comments

I see,
Does the peer to peer VPN solution work if I have multiple robots?

What if I allow access to ephemeral ports on the network would that fix the setup as is?

I did mean Initialized by the server, is this part of the issue at the moment?

tdam2112 gravatar image tdam2112  ( 2021-02-07 09:21:50 -0600 )edit
1

Does the peer to peer VPN solution work if I have multiple robots?

A peer-to-peer VPN is by definition peer-to-peer. So as long as you setup all involved hosts to become part of the peer-to-peer VPN, they should be able to communicate freely.

Note that you will circumvent firewalls in this case, so you may want to discuss this with whoever manages your network.

The big advantage of a VPN is that you can route all traffic over a single TCP or UDP port.

What if I allow access to ephemeral ports on the network would that fix the setup as is?

If that is an option, then that would be easier yes. But that's going to be a lot of ports. If I managed your network, and had a firewall in place, I'd not be willing to open up that many ports.

I did mean Initialized by ...

(more)
gvdhoorn gravatar image gvdhoorn  ( 2021-02-07 10:47:47 -0600 )edit

Question Tools

1 follower

Stats

Asked: 2021-02-07 00:04:42 -0600

Seen: 495 times

Last updated: Feb 07 '21