Barabba
Posts: 27
Joined: Wed Aug 03, 2016 3:49 pm

RPi tunnel some TCP ports to a public IP, but not VPN. How?

Thu Oct 03, 2019 1:21 pm

Hi mates, I suppose this is a difficult question, but maybe somebody experienced it in past.

I've a RPi running Node-red, I need to access to its SSH and the backend Node red http site, but the RPi is connected to a provider which gives only private IP addresses, means no port-forwarding.

I don't want VPN, a VPN means that all the traffic, all ports, everything will be tunneled to the server with public IP address, I want the RPi uses the local IP for download from internet and I want to access it from the LAN, means no tunnel.
I'm expecting I need a software who creates a second IP address on RPi, and tunnel it to the server, and keep the tunnel active. When the server will request something on second local RPi IP, the RPi will be able to open to its loopback the desidered port, if opened.

Let's make and example:
the server has a LAN IP 192.168.0.2, the software will create a tunnel and give it a second IP 192.168.100.1
the RPi has a LAN IP 192.168.0.200, the software will create a tunnel and give it a second IP 192.168.100.2

Now when the server opens SSH on 192.168.100.2 the RPi receive the packet, and it will open its loopback 192.168.100.2:22, and tunnel it back to 192.168.100.1.

Andyroo

Re: RPi tunnel some TCP ports to a public IP, but not VPN. How?

Thu Oct 03, 2019 1:34 pm

Barabba wrote:
Thu Oct 03, 2019 1:21 pm
... but the RPi is connected to a provider which gives only private IP addresses, means no port-forwarding.
...
Bit baffled by that - do you mean the router does not support port forwarding and everything goes through it?

Barabba
Posts: 27
Joined: Wed Aug 03, 2016 3:49 pm

Re: RPi tunnel some TCP ports to a public IP, but not VPN. How?

Thu Oct 03, 2019 2:25 pm

thanks for reply, I can configure port forwarding on my router but it will not help, I have 10.x.x.x IP address on the WAN, and the provider will not open the port forwarding on its routers for me.
A guy suggested me ngrok, seems I can create a tunnel to its cloud and access my RPi by a DNS string.. looks interesting

epoch1970
Posts: 3799
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: RPi tunnel some TCP ports to a public IP, but not VPN. How?

Thu Oct 03, 2019 2:29 pm

Barabba wrote:
Thu Oct 03, 2019 1:21 pm
I don't want VPN ... I want the RPi uses the local IP for download from internet and I want to access it from the LAN, means no tunnel.
Your premise is wrong.
A so-called "full tunnel VPN" does what you describe as it changes the default route of the client to go through the tunnel. In the old days, only bank or sensitive organisations would do that. By now it is the norm because VPN users are mostly trying to "hide their *ss".

What you want is a "split-tunnel VPN". You'll keep normal full speed access to the Internet, and can access a remote network via the tunnel.
It's nothing more than omitting the default route redirection in a "standard" VPN config.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

plugwash
Forum Moderator
Forum Moderator
Posts: 3463
Joined: Wed Dec 28, 2011 11:45 pm

Re: RPi tunnel some TCP ports to a public IP, but not VPN. How?

Thu Oct 03, 2019 2:55 pm

Barabba wrote:
Thu Oct 03, 2019 1:21 pm
I don't want VPN, a VPN means that all the traffic, all ports, everything will be tunneled to the server with public IP address,
No it doesn't, openvpn at least won't redirect the default gateway unless you tell it to.

What you need to do is.

1. Set up a VPN (without redirecting default gateway) between the Pi and the server.
2. Enable IP forwarding on the server.
3. Put in place DNAT rules on the server
4. Do something to ensure that replies to traffic received over the VPN go back over the VPN. There are two options for this, one is to use a SNAT/MASQUERADE rule on the VPN server, the other is to use policy routing on the Pi. The latter approach is better because it allows the server on the Pi to see the real source IP, but it's potentially harder to set up.

Barabba
Posts: 27
Joined: Wed Aug 03, 2016 3:49 pm

Re: RPi tunnel some TCP ports to a public IP, but not VPN. How?

Thu Oct 03, 2019 3:40 pm

Thank you for reply! I foung ngrok works perfectly as I expected, for anyone who has the same needs I really suggest it, it's fast to install and manage, the free account let do what I need :)

Return to “Networking and servers”