Nick: Reminder... just because you *can* doesn't mean you *should*. That is all. --ben From: Krichevsky, Nicholas Jacob via WLUG <wlug@lists.wlug.org> Sent: Sunday, February 3, 2019 11:26 AM To: Worcester Linux Users' Group General Discussion <wlug@lists.wlug.org>; Levasseur, Kenneth <klevasseur@wpi.edu> Cc: Krichevsky, Nicholas Jacob <njkrichevsky@wpi.edu> Subject: [WLUG] Re: Openvpn and Network mapping The goal was to expose the LAN, mostly for fun, but what you're describing is certainly the more practical way of solving the port forwarding problem directly. If I can't solve the routing problem, this might just end up being my fallback. Get Outlook for Android<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fghei36&data=02%7C01%7Cbjhiggins%40wpi.edu%7C148e2f592a664fa8ed8308d689f453bd%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C1%7C636848079819437351&sdata=UHXbLUpEv6IBFT5QWjcNCDFJF6C6kgUsFWbY%2FOC2J4c%3D&reserved=0> ________________________________ From: Levasseur, Kenneth Sent: Sunday, February 3, 2019 8:52:38 AM To: Worcester Linux Users' Group General Discussion Cc: Krichevsky, Nicholas Jacob Subject: Re: Openvpn and Network mapping I hit some keys and it sent the message early. Not sure what happened there. Do you need to route the entire network, or just access the NAS and other hosts? I think you could do something with SSH reverse tunneling, given you have a VPS. On the NAS: ssh -R <desired_port>:localhost:22 user@<vps_address> Then, once you've ssh'd into the VPS from anywhere else: ssh localhost -p <desired_port> Now you're ssh'd into the NAS. The desired port could be anything but it needs to be the same on both ends. This also assumes your VPS has a static IP/dynamic dns, and you may need some way to keep the connection alive if it's going to be up for a long time. ________________________________ From: Levasseur, Kenneth via WLUG <wlug@lists.wlug.org<mailto:wlug@lists.wlug.org>> Sent: Sunday, February 3, 2019 8:48:34 AM To: Worcester Linux Users' Group General Discussion Cc: Krichevsky, Nicholas Jacob; Levasseur, Kenneth Subject: [WLUG] Re: Openvpn and Network mapping Do you need to route the entire network, or just access the NAS and other hosts? I think you could do something with SSH reverse tunneling, given you have a VPS. On the NAS: ssh -R <desired_port>:localhost:22 user@<vps_address> Then, once you've ssh'd into the VPS from anywhere else: ________________________________ From: Krichevsky, Nicholas Jacob via WLUG <wlug@lists.wlug.org<mailto:wlug@lists.wlug.org>> Sent: Sunday, February 3, 2019 1:42:35 AM To: Worcester Linux Users' Group General Discussion Cc: Krichevsky, Nicholas Jacob Subject: [WLUG] Openvpn and Network mapping So I've found myself in an unfortunate situation where I cannot port forward on my router. My solution to this was to setup an openvpn tunnel on my VPS that would allow me to access my LAN via a NAS that I keep online in my apartment. (In other words, my laptop would connect to my VPS, which would route to my apartment via my NAS, and thus expose the LAN). The big problem is that the network uses 192.168.1.0/24, and given that I cannot edit any router settings, I cannot change this. If I were to simply expose this subnet via openvpn, I wouldn't be able to access any other 192.168.1.0/24 address if I were connect to the VPN. My plan was to try and use some iptables magic to map 10.24.0.0/24 to 192.168.1.0. Luckily, this works, thanks to the NETMAP extension (iptables -A PREROUTING -t nat -d 10.24.0.0/24 -j NETMAP --to 192.168.1.0/24, for the curious). However, the only way I can make this work is if I add the NAS as a gateway on all of the machines I want to connect to on my LAN, which is a bit sad (ip route add 192.168.255.0/24 via 192.168.1.69) . Is there some way I can make this a bit more seamless? This isn't my least favorite solution, as I don't need to run the openvpn client on every host, but it isn't much better...