On Mon, 08 Oct 2012 12:08:22 +0100 Mark Rogers mark@quarella.co.uk allegedly wrote:
OpenVPN seems to be the best FOSS solution for the general case (getting "remote box with Internet connection" to connect to a known VPN server). Limiting that so that Chris can go through it to the web server on the remote box, whilst preventing anyone with physical access to that remote box from getting through to anything else on the VPN, may or may not be easy but it's beyond me. That said so is getting OpenVPN working in anything beyond simple test cases (I'm sure that's me not OpenVPN).
Mark
I had a think about this and then set up a test system to enable someone "on the internet" to connect to another system "on the internet" behind two (or more) NAT routers.
I used a VPS as an intermediary so that the owner of the system behind the NAT addresses could set up a tunnel to the VPS. That would allow anyone else who could connect to the VPS to connect back down the tunnel.
I've documented the setup at http://baldric.net/2012/10/27/using-openvpn-to-bypass-nat-firewalls/
Let me know if that helps (or not). If anything is unclear, or you can't get it to work, let me know and I'll modify the instructions accordingly. I'm hoping the instructions will help others so if I have made any mistakes (or made too many assumptions) it would be good to know.
Cheers
Mick
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------