Private WAN IP address

Kernels & Hardware, configuring network, installing services

Re: Private WAN IP address

Postby questlinq » 2019-10-15 12:54

do you need it to be transparent (all ports) or just for ssh/web/etc?

If you have a server (VPS) somewhere with a public IP you can set-up a VPN between your home computer and your server (I recommend Wireguard), and then configure a reverse proxy (if web) or an ssh jump host (if ssh) to forward the connection to the VPN address of your home computer.

so [internet client] -> { via VPS public IP } -> [VPS forward to home server VPN IP] -> { via home VPN IP } -> [ home ]

where [computer] and { address/route }


I need it just for ssh, mail ..

Thanks for recommending Wireguard - so, I just need to set-up a VPN client on home server and VPN server on my VPS that has a Public IP address and open port on both ends?
questlinq
 
Posts: 49
Joined: 2017-09-19 08:51

Re: Private WAN IP address

Postby reinob » 2019-10-15 17:38

questlinq wrote:I need it just for ssh, mail ..

Thanks for recommending Wireguard - so, I just need to set-up a VPN client on home server and VPN server on my VPS that has a Public IP address and open port on both ends?


Let's say your home server has IP 100.x.y.z and IP 10.200.0.2 for the wireguard interface.
At your VPS you have some public IP, say 1.1.1.1 and IP 10.200.0.1 for the wireguard interface.

Now you have a laptop somewhere with Linux and the openssh client.
In your ~/.ssh/config you should have something like:
Code: Select all
Host home-direct
        Hostname 100.x.y.z

Host vps
        Hostname my-vps-address-or-resolvable-hostname (e.g. 1.1.1.1)

Host home-via-vps
        Hostname wireguard-ip-of-home-server (e.g. 10.200.0.2)
        ProxyCommand ssh -q -W %h:%p vps


(the first entry is if you want to attempt a direct connection, in case it happens to work in a particular subnet, such as if your client is on the same ISP as your home server..)

I have not tested whether the above is correct (syntax should be OK), as I do have a real (dynamic, but real) IP.

Note that another "elegant" solution would be to install tor on your home server and setup a hidden service for ssh. Then all you need is a client running tor to connect to your hidden address (or use your VPS as a jump host with e.g. "ProxyCommand socat - SOCKS4A:localhost:%h:%p,socksport=9050").

But I'm not 100% sure that tor routing will work OK with your non-public IP address.

Good luck and report if it worked or, more important, if it didn't :)
reinob
 
Posts: 736
Joined: 2014-06-30 11:42

Previous

Return to System configuration

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable