Integrating Raritan Console Servers

The third generation serial console servers we use at work are made by Raritan. Like the previous generation, primary connectivity to these is provided via in-band IP on a management network with out-of-band still being provided by POTS lines. As I’ve covered in the past these POTS lines often fail to work when needed and when they do work they are slow and only allow a single session at a time.

The Raritan consoles have a couple other options: attaching a cellular modem via USB and a second (LAN2) Ethernet connection. I am not interested in maintaining static IPs, port forwarding, and ACLs so the USB cellular modem is out, leaving us with the LAN2 connection. In testing I found I can configure a unique (within the Tailnet) subnet on the OrangePi “LAN” interface and the Raritan “LAN2” interface. I then advertise that subnet out (turning that OrangePi into a subnet router in Tailscale speak). By default the subnet router does SNAT, so I don’t even need to set a default gateway for the LAN2 interface on the Raritan.

With IP OOB access to the Raritan itself sorted out, I wanted to see how well I could integrate it into the interactive scripts. The Raritans allow you to configure direct access to each serial port by mapping telnet or ssh to unique ports exactly how Ser2Net works on the Pis. Despite Tailscale encrypting connections anyway, I elected to stick to SSH. I was able to setup SSH keys to handle auth transparently from the user’s perspective, so you connect to the Raritan attached devices exactly the same as you do for devices attached to a 2/4/8 port USB to Serial adaptor on a Pi.

I made a video where I first connect to a Nokia 7750 in Minneapolis, and then a Cisco Nexus 93180 in Butte, MT. Note: Both end devices require authentication, but I logged in prior to recording the video.