I've tried looking for how to connect my Linux machines over the Internet to sort of create a point to point VPN for a project. Both are located physically in different cities, behind a NAT. For what I'm testing, unfortunately I can't be touching any router, max I can perform is port forwarding.
Is there any way to create such a setup with only 2 port forwarded machines, each behind NAT and have a dynamic IP(obviously xD)?
I want a GRE tunnel because I can then use the interface for my purposes, and from what I can see its pretty straightforward.
Related
I am trying to find a way to communicate two machines (Machine A and Machine B) behind their respective NATs using wireguard. So basically :
I started to make them communicate with an intermediate server located on the internet by creating a UDP hole punching port, so it means Machine A can communicate with the intermediate server and Machine B can also communicate with the intermediate server.
Now, When I'm trying to make communicate Machine A with Machine B by using the hole punching port previously created by the communication between Machine A and the intermediate server, that does not work.
Is that someone who could help me to make it works or share useful documentation?
Thanks in advance
I'm creating a Hyper-V lab network on my machine and wanted them to have internet access as well as communication to each other in the lab. I used Powershell to create a new NAT switch for the ethernet adapter and all works as expected. My lab machines are on the same subnet and can talk to each other and have external internet access.
My question is how can I ensure that my lab machines can't affect my home machines? I can ping other machines in my home network from lab machines which concerns me that my lab could possibly send out DHCP IPs, other settings, or viruses to my home machines.
Sorry new to this and want to learn how to ensure the separation of the two networks? Or is the only real way to separate the two is to only use the NAT switch when I absolutely need internet?
Thanks!
By having a proper router somewhere in front and putting the home network under the same style of NAT setup. That will mean you can not reach the home network from the lab.
That said, you do not ahve to worry about DHCP - DHCP is only local broadcast domain and does not cross routing (unless you use a forwarder which has to be excplicitly set up in the target network).
I come from DD-WRT, but I'm really liking OpenWRT and will probably make the switch on all my routers. Anyway, I'm actually struggling to get a simple Client WiFi setup going. Here's what I'm going for:
Internet --- Foreign AP ---(wifi)--- My OpenWRT Router ---(ethernet switch)------ My OpenWRT LAN
I am able to connect to the Internet via the Foreign AP with my DD-WRT router (identical model and revision). I guess what's confusing me the most about OpenWRT is the eth0 interface, or perhaps a lack of understanding what DD-WRT does with eth0 in Client WiFi mode. As with a Linux desktop/laptop, I assume eth0 is the WAN port on a router, and in Client WiFi mode, is disabled and the routing table is rewritted so eth0 is replaced with wlan0/ath0. Is this correct?
Anyway, my steps on OpenWRT (with luci) are as follows: connect computer to router via ethernet, go to WiFi page and click Scan on wlan0 interface, choose the foreign AP, assign to default WAN firewall group, verify connection/IP Address with foreign AP. At this point I am able to ping 8.8.8.8, but I cannot reach webpages or connect with, say, Spotify.
I took a look at the answer here: Luci (openwrt) wifi bridge client - how to configure? which isn't exactly what I want (this one is for a bridged repeater/client), but it looks like I am doing everything correctly for just the client functionality. I shouldn't have to bridge any interfaces, right?
So all one should have to do is:
Go to interfaces and click Scan on one of the WiFi radios (2.4 or 5GHz)
Select the host WiFi network
And it just works. Why is that not written down anywhere on the Internet? Now it is, I suppose...
I am not able to get this to work with my 5GHz radio (which works for Client mode on DD-WRT), so it may be a kernel (or some other) issue with this particular build of OpenWRT.
I'm using a Cisco client to connect to a VPN but also using Synergy (Symless) to connect to the machine. It works fine initially but will drop out after machine sleep (or sometimes seemingly randomly), then I have to restart the VPN connection. Not the end of the world, but it is irritating.
Are there any config changes I can do to Networks settings, VPN or Synergy to stop this dropping out?
Found this which I hope will fix it.
https://blog.lan-tech.ca/2013/02/21/access-local-and-vpn-network-simultaneously/
"you just need to add the local devices to the windows routing tables so that it knows to access them when the VPN is active.
See the windows “route” command – E.G. route -p add MASK 255.0.0.0 METRIC IF
To help discover what you need to use, disconnect from your VPN, make sure you can connect to your local device, then run a “route print” show the current active routes and find your device. (generally in the IPv4 Route Table)
It will also list the ‘Metric’ to use, and at the top of the listing is the “Interface List” which lists the network interfaces on your system. You’ll need to figure out which one to use. For example, I know my system has a gigabit network adapter and in the list I see a “Intel(R) Gigabit Network Connection” – bingo – that’s it. The first column is the interface id, 49 in my case.
The “-p” option makes your configuration persistent – meaning that it will be there again next time you boot.
SO, as an example, let’s say I want a local network share at 192.168.1.43 to be accessible to my machine while connected to the VPN, so I would add the route like so:
route -p add 192.168.1.43 MASK 255.0.0.0 192.168.1.1 METRIC 15 IF 49
Now if I run route print, I see this new route in the list of persistent routes for IPv4.
I turn my VPN back on, and instead of the device ‘disappearing’ as it normally does, windows can still find it because it is in the persistent route list."
In our network a proxy server is used to give all the clients, which are all Windows XP computers, access to the internet. Now, we want setup a Wireless LAN to allow people to connect their own mobile phones, computers, etc. to the internet. However if we simply connect a wireless access point to our network everyone has to configure the proxy server on their devices.
What can I do, that the WLAN router can act as a gateway to the internet using the proxy server?
You can NAT all the traffic destined to port 80 to a proxy machine. This is a so called forced or intercepting proxy.
For example, if you have a RouterOS router, you would simply add a rule
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=<proxy IP address>
If you proxy other protocols apart from HTTP, you would do the same for them changing the port.
Many proxy solutions can run in intercepting mode (such that you have a machine with two network interfaces that filter all the traffic that is coming through). See this tutorial for setting it up with Squid.
Otherwise, if you already have a proxy server you can use the solution above by placing a router or a server running the routing software between the access point and your network, for example Vyatta or Mikrotik RouterOS (commercial but pretty powerful), some open-source/freeware router/firewall distribution (pfSense, Openwall, m0n0wall, ...) or even a vanilla OpenBSD (with pf firewall) / Linux (with iptables) to achieve the desired effect.
Once you get the straight through routing in place it should be pretty straightforward to setup proxy NAT asnoted above.
You should consider applying this setting on the router that your access-point connects to for it may save you the trouble of setting up a new machine.