Secure Connection of Kiosk PC to THETA and Internet Simultaneously - Client Mode Method

codetricity · January 17, 2019, 1:00am

If your home or office network already uses the IP address 192.168.1.1, it is cumbersome to send the THETA commands from your workstation or laptop. Although it’s possible to set up a separate router for the THETA, you can also use a cheap USB dongle to provide a Wi-Fi hotspot that your THETA V can connect to. In the following example, my workstation is connected to the Internet with Ethernet and using an AT&T U-Verse router with an IP address of 192.168.168.

I am sharing the Wi-Fi dongle with my RICOH THETA V and sending OSC commands from my workstation to the THETA V using client mode Wi-Fi. The Wi-Fi adapter I am using is currently $14.99 on Amazon.

Network Configuration

Kiosk PC is connected with Ethernet to Office Network Switch at 192.168.1.1
Office Network Switch supplies Internet access to office network and Kiosk PC
Kiosk PC has Wi-Fi adapter that supplies Wi-Fi connection only to RICOH THETA V
- Wi-Fi adapter on Kiosk PC is assigned IP address of 10.42.0.1
RICOH THETA V is assigned IP address of 10.42.0.181 by Kiosk PC
Kiosk PC sends commands to RICOH THETA V using client mode digest authentication

Note on Security

This example shows an optional level of security that prevents all devices on the Wi-Fi network from accessing the Internet or any device on the office network. This level may not be needed in most applications. The default level of security uses WPA passwords.

Important Notice on No Warranty

This example is provided by the online community and comes with no warranty. Anyone following this example is responsible for testing the security and stability of the configuration themselves.

Configuration Example

This example shows the basic concepts for secure client mode communication with the RICOH THETA. This example does not identify specific software on Windows or Mac to implement the system. To show the concepts working, I’m using Linux. Windows configuration should be similar.

Enable Wi-Fi

In this setup, the Wi-Fi adapter on the Kiosk PC is only connected to the THETA. The Wi-Fi card is not connected to the Internet. The Kiosk PC gets Internet access through a separate Ethernet adapter.

Turn On Wi-Fi Hotspot

In Wi-Fi settings, click on the hamburger menu to the right of the “On” slider. Select “Turn On Wi-Fi Hotspot…”

Configure THETA V Client Mode

Use RICOH mobile app to configure RICOH THETA V in client mode. This is a one-time configuration. With THETA connected to the official RICOH mobile app.

Press the camera Wi-Fi button until it turns green. It will connect to the Kiosk PC.

Find IP address of camera

Technique 1

$ arp -n

Technique 2

Using zeroconf network discovery.

Example

github.com

codetricity/theta-client-mode/blob/master/find-theta.py

#!/usr/bin/env python3

"""
Example of browsing for a RICOH THETA V in Client Mode.
The WiFi LED of the THETA V should be solid green.
This script is the example Zeroconf script with minor
modifications.
"""


import logging
import socket
import sys
from time import sleep

from zeroconf import ServiceBrowser, ServiceStateChange, Zeroconf


def on_service_state_change(zeroconf, service_type, name, state_change):
    print("Service %s of type %s state changed: %s" % (name, service_type, state_change))

This file has been truncated. show original

Send OSC Commands to RICOH THETA

Must use Digest Authentication.

Example

github.com

codetricity/theta-client-mode/blob/master/client-mode.py

"""
Test for THETA V client mode. Your workstation and the THETA V need to be
connected to the same WiFi router or your workstation needs to have two
network interfaces. You can use one Wi-Fi interface as a shared connection
and use it to assign the THETA an IP address.
This test script uses Python modules requests and pprint.
To install requests and pprint

      $ pip install requests
      $ pip install pprint
Once connected with WiFi, use the API here:
https://developers.theta360.com/en/docs/v2.1/api_reference/getting_started.html
The IP address is hardcoded in these tests. To get the IP address, I
am using a separate program that finds the IP of the THETA with NSD
http://lists.theta360.guide/t/developing-theta-client-mode-applications/2450
"""
import requests
from requests.auth import HTTPDigestAuth
import pprint
import sys

This file has been truncated. show original

Securing Network Between Kiosk PC and THETA V

This prevents any traffic on the Wi-Fi network from going out to the Internet or accessing any device on the office network.

This example uses iptables to delete the FORWARD routes.

In this example, I am using an Android device that I’ve connected to the Kiosk PC with Wi-Fi using the SSID and password that the THETA is using. The Android device was assigned the IP address of 10.42.0.55.

List iptables with line numbers

$ sudo iptables -L --line-numbers

Delete Forwarding

$ sudo iptables -D FORWARD 1
$ sudo iptables -D FORWARD 1
$ sudo iptables -D FORWARD 1

Test That Kiosk PC Can Still Send THETA V Commands

Test That Devices Can’t Access Internet

Device is on Wi-Fi network, but can only talk to Kiosk PC

Tests

The script was tested by taking several hundred pictures and then downloading the pictures.

To help with testing, you can download the last 20 images with

$ client-mode.py downloadTester

You can take 10 images with

$ client-mode.py takePictureTester

Hiding SSID

If your PC kiosk is using Linux, you can hide the SSID broadcast with hostapd.

https://www.quora.com/Is-there-any-way-to-hide-ssid-broadcast-on-AP-mode-wi-fi-hotspot-in-Linux

There doesn’t appear to be a way to do this with Windows 10.