Re: Simple way to securely access remote machine that's behind a NAT?

[Michael Cheponis <michael.cheponis%gmail.com@localhost>]

Thanks everybody for help.  I really liked the .onion setup idea, but I ended up using openvpn.  The documentation is very good, and the relevant page for me was: https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

What is fantastic about openvpn is it can be used without knowing much, and it 'does the right thing' and at the same time, allows apparently infinite flexibility for more sophisticated setups.

The simple method described at that URL does require a single secret key be shared between client and server.  I had to add "--cipher AES-256-CBC" on both ends, as the default seemed to complain otherwise.

The additional 4 lines of config to do keep-alive works really well, too (described at that URL).

Thanks again, awesome NetBSD community!

-Mike

On Tue, Sep 25, 2018 at 8:49 AM David Young <dyoung%pobox.com@localhost> wrote:

On Tue, Sep 25, 2018 at 03:04:56PM +0545, Brook Milligan wrote:
> Just curious, could one also use either gre or gif to create a tunnel or does NAT mess that up?

I added UDP encapsulation to gre(4) in NetBSD specifically to pierce NAT
firewalls, however, I don't know if Linux also has a UDP encapsulation
for GRE.

Dave

--
David Young
dyoung%pobox.com@localhost    Urbana, IL    (217) 721-9981