I am trying to test if it is possible to host Presence somewhere and port forward rules through the VPN to a server sitting on another network. My end goal is to be able to get remote access to server software that is sitting on mobile network, i plan to have it hosted on VPS. But if i can prove the concept from my house i can start to design the network map for larger scale.
I made an attempt in forwarding but didn’t work so yea if someone know which rake i stepped on.
large companies set up VPN tunnels between locations to maintain internal networking. what you’ll need is a persistent vpn connection.
if youd care to elaborate on your concept more, i might be able to offer additional details.
with that said, see if something like tailscale would work for what you’re trying to do.
Do you have a outbound NAT rule for the server IP or Network range where the server is located?
Pfsenae usually takes care of this, for the local networks, bit since the server is in a foreign network, you probably have to change NAT to hybrid and manually add the NAT rule.
This is required for outbound cominications. Not sure if in your case it applies.bur if it’s not nated, the communication will be appear to come from the client real public IP.
This brings me to my last point
check your routes at the server. It may be answering to the teal IP, but if it has internet access, that answer will go back to the client from the server internet access, not via the tunnel. Creating an asymmetric route. This can creak ssh and reset pfsenae connection after a couple seconds or minutes.
You can use OpenVPN, if one location have static WAN IP address you setup OpenVPN server on this side and The other side OpenVPN client configuration.
You can also do it with a DNS service if you have no static IP but it’s a bit more work but still doable
It’s pretty simple.
All you need to do is set up a site to site IPsec VPN between the two sites. This will require a device capable of leveraging IPsec on both ends. It doesn’t have to be pfsense, but it sure could be. I’d recommend a route-based tunnel, but a policy-based tunnel will work too.
The tunnel will be up all the time, and depending on your configuration, as many of your devices can communicate across the tunnel as you like.
It’s unlikely you’ll need to do anything with NAT, as ports are only blocked across the tunnel if you configure that. You’ll generally only need NAT across a tunnel if you have overlapping IP address space.
Just google IPsec tunnel pfsense and you’ll find plenty of guides.
additionally, you could just ssh tunnel between the pfsense server and the internal endpoint. make sure the ssh rules are restricted. if you don’t have to worry about a dynamic IP.
well a deployed setup is a 4G router connected to a single windows machine running some software that needs 6 TCP ports for remote access. I currently intend to use openVPN to bridge the server to the VPS.
Then route the traffic from the VPS public ip, down the VPN to the server using firewall rules. I have tried reverse SSH tunnels but they keep dropping out, never stable. But if i could give each server a static IP on the VPN and non conflict router IP then i can build networks to access each server via VPN while also give public port forwarding access to each server.
i have been testing ssh tunnels and they keep closing the connection when inactive overnight. Can’t keep it open 24/7, im trying to work out how to do this over tunneling. I can get a tunnel to work but just won’t stay open indefinitely.
so the pc connected to the 4g router is what reqires remote access? the router won’t have a static IP, which is what I’m assuming you are trying to work around.
i think a direct vpn connection into a virtulized network should do the trick. r/networking may be able to offer additional help. networking is something I’m still learning. i know enough of the basics to work with and learn something that’s already set up. but building takes me time and research.
Autossh works quite nice for persistent ssh connections. I use a reverse ssh tunnel to forward ports behind a cgnat router. You can also use wireguard to map peer to peer connections as well.
What are you trying to accomplish exactly? Using a VPS to expose some servers that aren’t directly routable?
Or are you trying to map multiple isolated networks into a larger mesh network? < There are already SD wan solutions like Zerotier or tailscale that already exist.
Autossh is a Linux client tool, I have windows servers I am connecting. Been using kitty ssh client based of putty which works well. Unless I use a virtual machine with Ubuntu server. Just need to find the time to sort some POC setups.
