Using Husarnet & ROS
Husarnet helps in connecting ROS devices over the Internet.
ROS allows you to run nodes on a single robot or dozens of robots as well, as long as your devices are in the same LAN network. With this guide we will show you how to configure your ROS system to work not only in LAN but also over the internet.
Setting up the environment
Add these lines to .bashrc (or .zshrc if you use zsh) of the user who will use ROS:
/opt/ros/kinetic/setup.bash enables all ROS tools.
ROS_IPV6 makes ROS enable IPv6 mode - Husarnet is a IPv6 network. Setting
http://master:11311 ensures ROS will always connect to host called
master - which extact machine it is depends on the setting on the Husarnet Dashboard.
You can also set
ROS_MASTER_URI to other hostname - just be aware that Husarnet Dashboard ROS integration might not work as intended.
Note that after changing
master to other device on the Husarnet Dashboard you have to make sure that line starting from
/etc/hosts file contain host
master. Husarnet doesn't change this automatically for now.
roscore on the device selected as master in Husarnet Dashboard. Now you can use ROS on all devices connected via Husarnet as if they were one device.
Always remember that all advanced security measures are useless when you pick weak passwords. Make sure that you have strong passwords for:
- your Husarnet Dashboard account
- SSH login to your devices (or you have disabled password SSH login at all)
Especially watch out for the default SSH passwords on your SBC images! They are useful for initial SSH login, but you need to change them as soon as possible.
ROS security model
ROS itself doesn't have any built-in security. If somebody can connect to ROS master, he can control the whole robotic system. Fortunately, Husarnet makes your network secure - just make sure that you don't add untrusted devices to your Husarnet networks.
Husarnet provides secure network layer for ROS - but you also need to ensure that no one can connect to your nodes and services from unsecured networks. Fortunetely, this can be set up with a simple command.
husarnet package, if you don't already have it:
apt-get install husarnet
Then create and enable the firewall:
ufw default deny && ufw allow in on hnet0 && ufw enable
That's all! Now all non-Husarnet incoming connections to your system will be denied.