Skip to main content

Using Husarnet & ROS

Husarnet helps in connecting ROS devices over the Internet.

ROS allows you to run nodes on a single robot or dozens of robots as well, as long as your devices are in the same LAN network. With this guide we will show you how to configure your ROS system to work not only in LAN but also over the internet.

Setting up the environment

Add these lines to .bashrc (or .zshrc if you use zsh) of the user who will use ROS:

source /opt/ros/kinetic/setup.bash

export ROS_IPV6=on
export ROS_MASTER_URI=http://master:11311

Sourcing the /opt/ros/kinetic/setup.bash enables all ROS tools.

ROS_IPV6 makes ROS enable IPv6 mode - Husarnet is a IPv6 network. Setting ROS_MASTER_URI to http://master:11311 ensures ROS will always connect to host called master - which extact machine it is depends on the setting on the Husarnet Dashboard.

You can also set ROS_MASTER_URI to other hostname - just be aware that Husarnet Dashboard ROS integration might not work as intended.

info

Note that after changing master to other device on the Husarnet Dashboard you have to make sure that line starting from 127.0.01 in /etc/hosts file contain host master. Husarnet doesn't change this automatically for now.

Use ROS

Run roscore on the device selected as master in Husarnet Dashboard. Now you can use ROS on all devices connected via Husarnet as if they were one device.

Husarnet+ROS security

Passwords

Always remember that all advanced security measures are useless when you pick weak passwords. Make sure that you have strong passwords for:

  • your Husarnet Dashboard account
  • SSH login to your devices (or you have disabled password SSH login at all)

Especially watch out for the default SSH passwords on your SBC images! They are useful for initial SSH login, but you need to change them as soon as possible.

ROS security model

ROS itself doesn't have any built-in security. If somebody can connect to ROS master, he can control the whole robotic system. Fortunately, Husarnet makes your network secure - just make sure that you don't add untrusted devices to your Husarnet networks.

Firewall

Husarnet provides secure network layer for ROS - but you also need to ensure that no one can connect to your nodes and services from unsecured networks. Fortunetely, this can be set up with a simple command.

First, install husarnet package, if you don't already have it:

apt-get install husarnet

Then create and enable the firewall:

ufw default deny && ufw allow in on hnet0 && ufw enable

That's all! Now all non-Husarnet incoming connections to your system will be denied.

Read also ...