2018-04-05 16:14 GMT+03:00 Bill Kenworthy <bi...@iinet.net.au>: > On 05/04/18 18:28, gevisz wrote: >> 2018-04-05 12:51 GMT+03:00 gevisz <gev...@gmail.com>: >>> 2018-04-05 1:02 GMT+03:00 Grant Taylor <gtay...@gentoo.tnetconsulting.net>: >>> On 04/04/2018 02:18 PM, gevisz wrote: >>>> Assuming that NAT is in play on OR and IR (worst case), then just about >>>> /any/ form of VPN initiating from the outside will be fraught with uphill >>>> battles. >>> As far as I understand, the connection would be initiated from the Host. >> A small correction after a call to the friend: the VPN server should >> be installed on the Client and the VPN client should be installed on the >> Host. >> >> Becaule of the same reason it is impossible to set up VPN server on the IR. >> >> Moreover, IR is too simple to use it for setting up any server other then NAT >> and, may be, port-forwarding. >> > Might need a third party vpn server in the cloud that both ends connect > to as clients and route between? A stunserver like VoIP uses will help > there. > > Also try a proxytunnel/stunnel using port 443 and use that to bounce > openvpn or a putty (ssh) port tunnel through the networks https proxy. > Inefficient but gets ssh, web pages and small downloads through > problematic networks nicely. Double wrapping in ssl with end-to-end > protection via openvpn takes care of privacy when MITM SSL proxies are > used (yes they exist) Note that openvpn can be used peer to peer > though client to server is a bit more secure.
Thank you for the information. > In my setup, the client is windows and the server is gentoo on a dynamic IP. It is strange because just today I have learned that VPN server should be set on the host with static IP visible the in Internet. Otherwise a VPN-client has no way to connect to the VPN-server.