2018-04-06 1:45 GMT+03:00 Bill Kenworthy <bi...@iinet.net.au>: > On 05/04/18 22:51, gevisz wrote: >> 2018-04-05 16:14 GMT+03:00 Bill Kenworthy <bi...@iinet.net.au>: >>> On 05/04/18 18:28, gevisz wrote: >>>> 2018-04-05 12:51 GMT+03:00 gevisz <gev...@gmail.com>: >>>>> 2018-04-05 1:02 GMT+03:00 Grant Taylor >>>>> <gtay...@gentoo.tnetconsulting.net>: >>>>> On 04/04/2018 02:18 PM, gevisz wrote: >>>>>> Assuming that NAT is in play on OR and IR (worst case), then just about >>>>>> /any/ form of VPN initiating from the outside will be fraught with uphill >>>>>> battles. >>>>> As far as I understand, the connection would be initiated from the Host. >>>> A small correction after a call to the friend: the VPN server should >>>> be installed on the Client and the VPN client should be installed on the >>>> Host. >>>> >>>> Becaule of the same reason it is impossible to set up VPN server on the IR. >>>> >>>> Moreover, IR is too simple to use it for setting up any server other then >>>> NAT >>>> and, may be, port-forwarding. >>>> >>> Might need a third party vpn server in the cloud that both ends connect >>> to as clients and route between? A stunserver like VoIP uses will help >>> there. >>> >>> Also try a proxytunnel/stunnel using port 443 and use that to bounce >>> openvpn or a putty (ssh) port tunnel through the networks https proxy. >>> Inefficient but gets ssh, web pages and small downloads through >>> problematic networks nicely. Double wrapping in ssl with end-to-end >>> protection via openvpn takes care of privacy when MITM SSL proxies are >>> used (yes they exist) Note that openvpn can be used peer to peer >>> though client to server is a bit more secure. >> Thank you for the information. >> >>> In my setup, the client is windows and the server is gentoo on a dynamic >>> IP. >> It is strange because just today I have learned that VPN server should >> be set on the host with static IP visible the in Internet. Otherwise a >> VPN-client >> has no way to connect to the VPN-server. >> > I am referring to putty as the windows client (my view of the process) - > the vpn client is proxytunnel on windows connecting out to the server > which is an external stunnel on gentoo from your point of view. The > secret is getting the two to talk to each other and thats where it gets > interesting - a method I used in the past is internally have a script > scraping a webpage (external) and when it gets a change it wants, > initiate a connection (IP number change for a permanaent link on a > dynamic IP, or other instruction - actually used a html comment on my > home web server index page). A more common method is to initiate a test > connection every few minutes and close/go back to waiting if there is no > connection. Zebedee which I used for years as a port tunnel (very good > and flexible) has a mode where it can initiate connections when there is > no public visibility. If both ends are behind a secure gateway/NAT - > you need a third machine to coordinate the process.
It is too hard for me to understand, but I have got the idea of letting some script to periodically read the content of a webpage and initiate the connection if the content of the webpage say so. I let my friend to read this. > If its all too hard, can you drop a raspberry pi trojan on the network > which gets away from the restrictions running windows? At the end of > the day, its up to you and the local admins as to how much funny > business they will put up with but its just a technical problem in > moving packets around. > > BillK' > >