Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


I have an idea, I'm wondering how feasible
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

I have an idea, I'm wondering how feasible

Hi guys. I usually don't start discussions, just like to learn from and occasionally chime in on discussions started by other people. However, I have a topic I feel might be interesting.

So I have an ISP that doesn't give me a public facing IP. Basically, they NAT all their users to their IP and so that means that people from the internet cannot connect to me. I've gotten very used to using VNC to control my computer, and now with this new ISP I can't do so.

So I had an idea. What if I purchase a cheap VPS, set up a VPN server on it which I connect to with my home computer. And then, forward all incoming traffic on all ports (except maybe the http, icmp, and some other common ports) from the VPS server to my computer connected via VPN.

This way, it'll be like I have a public facing IP, the one the VPS provider will give, and now I'll be able to use that IP to connect to any open ports on my home machine. Everything else that a VPN provides will be a bonus (like security, etc).

I was also thinking about purchasing a VPN from a commercial source like pia, or hidemyass, etc. and then setting all outgoing connections on the VPS to route through the commercial VPN, this way it'll add an extra layer of security.

What do you guys think? Is this doable, and can it be done with a low end VPS?

----- TL;DR -----
I want to set up a VPN server on my VPS and forward all incoming connections on all ports to the one client that will be connected to this VPN. Is this possible with a lowendbox? And how low end can I go, if I want to use about 100 GB of bandwidth a month?

«1

Comments

  • ChuckChuck Member

    What kind of ISP doesn't give a public facing IP? Are they going out of business soon?

    Thanked by 1Mark_R
  • rm_rm_ IPv6 Advocate, Veteran
    edited July 2014

    set up a VPN server on my VPS and forward all incoming connections on all ports to the one client that will be connected to this VPN

    Yes this is definitely possible and is one of the nice uses of LEBs, to gain yourself a public IPv4 that your ISP doesn't give you. However I don't see why would you forward all ports. Better and safer is to forward only the specific ports (or port ranges) that you need and use, for example the VNC port.

    Thanked by 3netomx mpkossen RobJud
  • RobJudRobJud Member

    @Chuck said:
    What kind of ISP doesn't give a public facing IP? Are they going out of business soon?

    Actually it's not an ISP. It's a mobile internet hotspot. Long story short, I got grandfathered into an unlimited tethering mobile LTE hotspot and the data speeds are around 25-100 Mbps (depending on where I am), whereas I was getting 6-15 Mbps using my cable. I was also paying more for cable, and believe it or not, the mobile internet was more stable than my cable internet. At my home, I get a minimum of 15 Mbps and a max of 30 with the LTE hotspot.

    @rm_ said:
    Yes this is definitely possible and is one of the nice uses of LEBs, to gain yourself a public IPv4 that your ISP doesn't give you. However I don't see why would you forward all ports. Better and safer is to forward only the specific ports (or port ranges) that you need and use, for example the VNC port.

    Well yea, I was going to end up only forwarding the ports that I need, but I have a firewall and router at home which I have DDWRT on, which I was going to use to sustain the VPN connection. I just wanted to know if forwarding all ports was possible, so this way I can have internet exactly like a normal ISP.

    Thanked by 1Mark_R
  • ChuckChuck Member

    Don't believe in unlimited LTE. You can be throttled down to 3G network.

  • RobJudRobJud Member
    edited July 2014

    @Chuck
    I've already tested and used 100 GB/month on this hotspot and no throttling. Have tested every month since January, so I think I'm good. That's why I quoted that number in my original post. It's a line that was set up for corporate use, not for consumer use, so that's why there's no throttling in there. Look it up, it's a known thing with AT&T corporate grandfathered lines.

    Even so, even the 3G network is the same speed as my cable modem anyway, so no losses.

  • TL;DR If you have a VPS, an SSH tunnel should be enough for VNC connections.

  • RobJudRobJud Member

    @msg7086 said:
    TL;DR If you have a VPS, an SSH tunnel should be enough for VNC connections.

    You're right, you really didn't read the post...

    Thanked by 2netomx lukelarris
  • J1021J1021 Member

    Chuck said: What kind of ISP doesn't give a public facing IP? Are they going out of business soon?

    BT in the UK were trialling CGNAT at one-point, not sure how far they got with it.

    http://www.techweekeurope.co.uk/news/bt-retail-trials-ip-address-sharing-carrier-grade-na-115411

  • wychwych Member

    Shame BT can't just roll out v6.

  • @Robjud - You'll obviously need a box that has sufficient incoming/outgoing bandwidth quota. Some will consider 100GB in and 100GB out as 100GB symmetric, some will consider it 200GB. So you'll need to know how they measure the traffic. Then either a LEB with 100GB or 200GB traffic quota.

    As you are probably not so worried about encryption (or haven't mentioned it), try to use a lightweight tunnelling protocol rather than something with encryption.

    @wych - Some of us have already rolled out IPv6 on DSL/BB connections in the UK. BT is always going to be slow off the mark. In their world Prestel is still hot stuff.

  • wychwych Member

    @MarkTurner said:
    wych - Some of us have already rolled out IPv6 on DSL/BB connections in the UK. BT is always going to be slow off the mark. In their world Prestel is still hot stuff.

    True.

  • @RobJud, I opened a thread a while ago and recieved information that may be useful to you :)

    http://lowendtalk.com/discussion/14250/ssh-port-forwarding-with-multiple-remote-ips#latest

    Thanked by 1RobJud
  • RobJudRobJud Member

    @MarkTurner said:

    Yea, I was thinking 200 GB minimum too. That's not too big of an issue as many LEBs here offer in the TB range. As for encryption, yea i didn't mention it. It totally slipped my mind actually. But I do want to have the option of encryption, I think. It's better that way (we all know why). I'm in the USA (United States of Anti-privacy), so encryption is a must.

    What kind of RAM requirements do you think would be sufficient for the amount of thorough-put that I'm looking for?

    As for ipv6, I was playing around with some ipv6 addresses last night and unfortunately I'm getting the impression that my current ISP (and my old one) don't support that yet.

    @0xdragon said:

    Thanks for that thread, I'll check it out. At quick glance, it looks like exactly the setup I'm looking to create.

    I like how you said you had those raspberry pi's co-located in your cupboard, haha. (i know you didnt say co-located, but it sounds funnier that way).

  • @robjud - I have never tried to do this on a LEB, the last time I setup a VPN server was on a 4GB Opteron and wasn't constrained on RAM. I am sure you can do it in 512MB or maybe 1GB for some headroom.

    Thanked by 1RobJud
  • wojonswojons Member

    If your using linux this is really easy to setup. but i would recommend soft-ether or something and you should be able to to get pretty close to what you want on linux you would easily be able to setup a vpn between both and set the host machine to do some sort of nat that allowed u to forward as much traffic though it in any direction.

    Thanked by 1RobJud
  • Softether can be run on a VPS with as low ad 128mb ram, although I suggest 256mb.

    One core or more is fine, and like 500GB bandwidth. (Make sure the VPS supports tun/tap)

    Thanked by 2netomx RobJud
  • RobJudRobJud Member

    @wojons -
    @Falco33 -

    Thanks for the advice. I'll look into softether for sure. Btw, about tun/tap, I thought most all VPS support tun/tap? Is it a special feature I need to look out for? I'd have to ask the provider, or can I figure it out through the specs of the vps?

  • @RobJud said:
    I like how you said you had those raspberry pi's co-located in your cupboard, haha. (i know you didnt say co-located, but it sounds funnier that way).

    ;) Well if you'd like a shared 5mbit uplink then...

    Anyway, yeah. Your thread reminded me of my previous one, and I think it'll be very similar or exactly the same when it comes to setup.

  • trewqtrewq Administrator, Patron Provider

    @RobJub You may want to try and find a VPN in your country so the geolocation is slightly similar.

  • RobJudRobJud Member

    @trewq - Yea, I'm not really worried too much about the geolocation. Like I said in my original post, it's mostly for my own benefit so that I'd be able to open up any port I'd like without being behind the ISP's NAT.

  • trewqtrewq Administrator, Patron Provider

    @RobJud said:
    trewq - Yea, I'm not really worried too much about the geolocation. Like I said in my original post, it's mostly for my own benefit so that I'd be able to open up any port I'd like without being behind the ISP's NAT.

    You should look into tinc it's very simple and powerful VPN software.

    By any chance are you from Australia?

  • @trewq said:
    By any chance are you from Australia?

    I am not aware of any Australian mobile providers that have had LTE for longer than a year and a bit.

  • trewqtrewq Administrator, Patron Provider

    @0xdragon said:

    Optus had the $2 a day deal with unlimited data. It got changed to 500MB/day and all old accounts got grandfathered.

    Was just a hunch.

  • @trewq said:
    Was just a hunch.

    What!? Goddamn it, I'm sitting here with a crappy 5mbit connection for $80/mth and I could've got LTE for $60/mth?!

  • RobJudRobJud Member

    No, I'm in the USA, but I know 0xDragon is. I saw it on his Keybase ;-)

    I have a grandfathered AT&T corporate plan originally meant to be used on 3G.

  • trewqtrewq Administrator, Patron Provider

    @0xdragon said:
    What!? Goddamn it, I'm sitting here with a crappy 5mbit connection for $80/mth and I could've got LTE for $60/mth?!

    Yep, I only found out about it after it swapped over too.

  • @trewq said:
    Yep, I only found out about it after it swapped over too.

    Freaking Telstra. The prices are really their fault -.-

  • trewqtrewq Administrator, Patron Provider

    @0xdragon said:
    Freaking Telstra. The prices are really their fault -.-

    Change to internode. So much better pricing and IPv6.

    This is way off topic...

  • @trewq said:

    C'est pit.

    Sorry for derailing a little @RobJud! ;)

  • RobJudRobJud Member

    No problemo. It's a welcome digression, it's interesting to hear about other parts of the world.

Sign In or Register to comment.