Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux?

[gevisz <gevisz@gmail.com>]

2018-04-06 1:45 GMT+03:00 Bill Kenworthy <billk@iinet.net.au>:
> On 05/04/18 22:51, gevisz wrote:
>> 2018-04-05 16:14 GMT+03:00 Bill Kenworthy <billk@iinet.net.au>:
>>> On 05/04/18 18:28, gevisz wrote:
>>>> 2018-04-05 12:51 GMT+03:00 gevisz <gevisz@gmail.com>:
>>>>> 2018-04-05 1:02 GMT+03:00 Grant Taylor <gtaylor@gentoo.tnetconsulting.net>:
>>>>> On 04/04/2018 02:18 PM, gevisz wrote:
>>>>>> Assuming that NAT is in play on OR and IR (worst case), then just about
>>>>>> /any/ form of VPN initiating from the outside will be fraught with uphill
>>>>>> battles.
>>>>> As far as I understand, the connection would be initiated from the Host.
>>>> A small correction after a call to the friend: the VPN server should
>>>> be installed on the Client and the VPN client should be installed on the Host.
>>>>
>>>> Becaule of the same reason it is impossible to set up VPN server on the IR.
>>>>
>>>> Moreover, IR is too simple to use it for setting up any server other then NAT
>>>> and, may be, port-forwarding.
>>>>
>>> Might need a third party vpn server in the cloud that both ends connect
>>> to as clients and route between?  A stunserver like VoIP uses will help
>>> there.
>>>
>>> Also try a proxytunnel/stunnel using port 443 and use that to bounce
>>> openvpn or a putty (ssh) port tunnel through the networks https proxy.
>>> Inefficient but gets ssh, web pages and small downloads through
>>> problematic networks nicely.  Double wrapping in ssl with end-to-end
>>> protection via openvpn takes care of privacy when MITM SSL proxies are
>>> used (yes they exist)   Note that openvpn can be used peer to peer
>>> though client to server is a bit more secure.
>> Thank you for the information.
>>
>>>  In my setup, the client is windows and the server is gentoo on a dynamic IP.
>> It is strange because just today I have learned that VPN server should
>> be set on the host with static IP visible the in Internet. Otherwise a
>> VPN-client
>> has no way to connect to the VPN-server.
>>
> I am referring to putty as the windows client (my view of the process) -
> the vpn client is proxytunnel on windows connecting out to the server
> which is an external stunnel on gentoo from your point of view.  The
> secret is getting the two to talk to each other and thats where it gets
> interesting - a method I used in the past is internally have a script
> scraping a webpage (external) and when it gets a change it wants,
> initiate a connection (IP number change for a permanaent link on a
> dynamic IP, or other instruction - actually used a html comment on my
> home web server index page).  A more common method is to initiate a test
> connection every few minutes and close/go back to waiting if there is no
> connection.  Zebedee which I used for years as a port tunnel (very good
> and flexible) has a mode where it can initiate connections when there is
> no public visibility.  If both ends are behind a secure gateway/NAT -
> you need a third machine to coordinate the process.

It is too hard for me to understand, but I have got the idea of letting
some script to periodically read the content of a webpage and initiate
the connection if the content of the webpage say so.

I let my friend to read this.

> If its all too hard, can you drop a raspberry pi trojan on the network
> which gets away from the restrictions running windows?  At the end of
> the day, its up to you and the local admins as to how much funny
> business they will put up with but its just a technical problem in
> moving packets around.
>
> BillK'
>
>