Is it possible to tunnell openvpn server through SSH out from behind cgnat?

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
peret2000
OpenVpn Newbie
Posts: 5
Joined: Fri Mar 20, 2020 6:34 pm

Is it possible to tunnell openvpn server through SSH out from behind cgnat?

Post by peret2000 » Thu Mar 04, 2021 4:42 pm

ngrok can be a solution, but I am concerned regarding privacy and security; without a deep understanding, I guess ngrok is providing an external machine that is accessed by the vpn server as well as the client that wants to connect to that vpn. So, all traffic is going through ngrok machine, and I do not like that (one of the purposes of vpn is keeping communications safe, isn't it?)

I have tried with an equivalent solution that has two requirements: I need an external machine ('bridge' machine) and I have to create a ssh tunnel in the client. Assuming we can do that, I only have to do:
On the VPN server (in a cg-nat network or behind a firewall):

Code: Select all

ssh -N -g -R 1200:localhost:1194 <my_bridge_machine_ip>
On the VPN client:

Code: Select all

ssh -N -L 1200:localhost:1200 <my_bridge_machine_ip>
VPN configuration: it has been configured such that it listens on TCP 1194. The client vpn configuration changes its remote vpn server: localhost, port TCP 1200

This design seems to work; according to the logs, they connect themselves, and even the client receives an IP address from the VPN server (10.3.0.6).
But it cannot connect anywhere, I cannot even ping the vpn server (using its vpn address: 10.3.0.1) ...

To check if there are errors in the VPN configuration, I have tried the direct connection:
My network has dedicated IP, so I do not need this design; I con connect vpn client and server directly.
So, preserving all the same configuration files, but changing the vpn server and port on the client machine (it connects to the internet using a mobile connection, independent of my LAN where the VPN server is connected to), I have repeated the test.
In such case, the connection works perfectly

So, something is wrong or it lacks something I have not considered

If relevant or interesting for somebody, I can send logs
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by TinCanTech » Thu Mar 04, 2021 5:42 pm

I would suggest you start your own thread, or ask a mod to split your post to a new thread.

Then please read this:
viewtopic.php?f=30&t=22603#p68963

For reference, split from previous thread:
viewtopic.php?f=1&t=29072
Top
peret2000
OpenVpn Newbie
Posts: 5
Joined: Fri Mar 20, 2020 6:34 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by peret2000 » Fri Mar 05, 2021 7:19 am

TinCanTech wrote:
Thu Mar 04, 2021 5:42 pm
 I would suggest you start your own thread, or ask a mod to split your post to a new thread.

Then please read this:
viewtopic.php?f=30&t=22603#p68963

For reference, split from previous thread:
viewtopic.php?f=1&t=29072
My intention was to add a different solution to the problem initially raised (tunnel to a VPN server that is behind a CG-NAT network), in case it works (I am sure it can, bu I lack some necessary knowledge). I did not think this thread was devoted to ngrok option.
As I said, it is not my problem, I am not behind a CG-NAT network
But thanks anyway for the info you have pointed at
Top
Post Reply

Return to “Off Topic, Related”