tunneling a web application thru a VPN to localnetwork devices

[nandoando]

Alright this might be a really basic problem but im newb and dumb

I need to connect a pos printer in local network, to a web application hosted on a VPN, ideally i should be opening ports on my router, but thats not possible with my isp (cant change it) since the isp have me in proxy.

The current configuration is simply, a pos printer and a local machine where the web app is used client side, all connected to a router obviously



Researching a little bit more on the matter, i see i have two options,

1) one of those is using an ssh tunnel and a socket v5, with firefox.
this one makes me able to navigate with the same ip of the VPS like a vpn, but i cannot access to nothing in my local network, so the printer wont do

2) hosting a VPN in the VPS so i can connect with my local machine, and printer.

now my questions are.

first of all, is it possible?
second, what should be the ideal to configuration of the vpn server or client, so the vps can access to my local network devices (the pos printer).

i have hosted open vpn servers before, using the road warrior installation script https://github.com/Nyr/openvpn-install is this proper to the application of this i posted?

thanks in advance to any of yall super pros helping

[ordex]

Hi!
Generally a VPN tunnel can help you connecting multiple networks together and it can help you bypassing your router.
This said, if you need help setting this up, you need to explain better who should connect to what.
So far you mentioned that the local machine connects to a webapp running on the remote server. What about the POS printer? Does it need to connect to something? or is the remote server that needs to connect to the POS?

[nandoando]

Hey, Thank you so much for the answer.

Yes, the remote server sents the print order to the POS printer, as you stated.

this would be the whole act.


i was able to set up a ssh tunnel to test if it work, and it did.



Now, this is not the ideal solution since now i have the problem of only being able to connect one printer per port, i dont know if i can have a ip range setted up in the tunnel (Im dumb lol).

Obviously a vpn would be a much more elegant solution to this, and better for the operator of the pos, not having to put up with putty.

and with the tunnel, im having to set the printers as if they were locally within the remote server (127.0.0.1:9100), and this takes out feature of selecting a specific printer ip address limiting what i can do with the printers...

[ordex]

In this case you need the LAN to be routed over the VPN. One device in the LAN should connect to the VPS as "VPN client". It could be the local machine or, even better, the LAN router. Then you need to configure the VPS so that it knows that there is a "LAN behind one of its clients". For this purpose you want to read about --iroute and --route. --iroute should be specified in the client specific config file. Fot the latter read about --client-config-dir.
It's a few pieces to attach together.

The reson why I suggest to have the LAN router to be the VPN client is that the POS will need to know who is the nexthop to be used when talking to the VPS through the VPN. The POS for sure already uses the LAN router as default gateway, therefore everything going out is sent through it. Now, if you use the local machine as VPN entry point, you should add a route on the POS to instruct it to route packets going to the VPN through local machine. I am not sure the POS has such capability.