E
E
ettaluni2021-01-25 15:39:03
VPN
ettaluni, 2021-01-25 15:39:03

VPN behind nine gates, the way to the thirtieth state?

Good day! Wow, I'm already exhausted with the creation of a VPN channel for working from home. It is impossible to bypass the provider's nata.
There is a network:
VPS - Public IP through a virtual router, forwards ports all to all. I don't think the problem is with him.
Comp1 - Public IP through a Dashman router (Dlink port forwarding 1 to 1)
Comp2 - Gray Ip behind the provider's nat (Yota whistle), all in a Zyxel router for distributing the Internet.
Tried setting up OpenVPN and Wireguard with no success. Then I realized that they can’t through NAT, I set up Tinc VPN and it doesn’t work again.
I suspect that the problem is in comp1, which, although it sends packets to the port, the answer does not come from the router's firewall. I repeat the Dashman router there, you can’t see the statistics of the packets. I must have not opened the port. But I can’t open it because the sending port from Comp1 is dynamic, and the router can only have a specific number.
I also suspect that when the VPS server receives a packet through port forwarding, it stupidly does not send it because it cannot find the end node, in the logs the server responds to packets on port (openVPN for example 1194) with ICMP packets with number 9 (or port), I think it's something like a ping. That's what happens. Server: "I can't find the node number (192.168.x.x), my network is 10.x.x.x, so I won't send anything."
Actually the question is:

  • Is it possible to somehow make the sending port static from the client machine?
  • What command to prescribe so that the server sends packets from a public address and not from a private one, assuming that the packets contain private addresses and not a chain of addresses.


PS: I always thought that when sending a packet from a client machine, all intermediate nodes are written into the packet, and when a response packet is formed, it simply goes back along the reverse chain, and even if the port is dynamic, it will be specified in the packet!
600ec0a99b36e311618759.png

Answer the question

In order to leave comments, you need to log in

3 answer(s)
D
Drno, 2021-01-25
@Drno

OpenVPN bypasses NAT very well.
Anywhere where there is PublicIP - raises OpenVPN. on a non-standard port. For example , 10000 or 30000. Then we
connect to it by clients. : route add 10.41.0.0 mask 255.255.0.0 10.27.0.1

K
ky0, 2021-01-25
@ky0

Tried setting up OpenVPN and Wireguard with no success. Then I realized that they cannot through NAT

Maybe, understand more. VPN and routing between networks behind clients - classics, information in bulk.

V
ValdikSS, 2021-01-26
@ValdikSS

If you have a server behind a NAT (no routable/whitelisted/real IP from your ISP), you don't want to buy a dedicated IP or a VPS with a dedicated IP, and you need to get your VPN to work in those areas. conditions, you can try ZeroTier or Tailscale.
It’s easier and more reliable to buy an IP address and configure at least IPsec IKEv2, at least OpenVPN, at least WireGuard.
Although, you have a VPS in the picture. In this case, the question itself is not clear. What is not working for you and what are you trying to do?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question