Hi all, I'm running into some trouble trying to configure a network. I'll try to keep it concise:
Background: 1. I have an OpenBSD Vultr VPS. It serves various odds and ends on external IP address $foo, and runs 6.9 + syspatches. 2. I have a second Linux machine located on a residential network with unstable external IP. I'd like to avoid dynamic DNS services, having to configure port-forwarding, etc. 3. The two machines are linked by a confirmed-working Wireguard tunnel. The VPS has address 10.0.0.1 and the Linux machine has address 10.0.0.2 in the tunnel. Objective: 1. I want to expose a stable, routable IP address for the Linux machine, regardless of the state of the residential network, by proxying through my VPS. 2. This address should be logically distinct from the existing address for the VPS, as there is an overlap in the services each will serve. (e.g. I could plausibly serve one website from the VPS and a separate one from the Linux machine.) What I've tried: 1. I've requested a second IP address $bar for my VPS and added it as an inet alias address in hostname.if. With only this configuration, pinging address $bar (which routes to the VPS) works. 2. Next, I tried adding a pf redirect on the VPS: pass in from any to $bar rdr-to 10.0.0.2 3. I tried pinging and ssh-ing to address $bar after adding this rule and reloading pf rules, but traffic don't seem to be getting to the Linux box. 4. I tried also a binat rule: pass on egress from 10.0.0.2 to any binat-to $bar with the same result. Any obvious problems, and is there an easier way to achieve my objective?
