New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Reverse tunneling.
SSH tunnel, PPTP, OpenVPN…
Connect the pi to the VPS using a VPN and port forward from there?
I would like to suggest https://wireguard.com/.
Have you considered GRE tunnel?
@jordynegen11 posted a great tutorial recently about it you can adapt to your case.
+1 for Wireguard! Great performance and security.
Same case with me.
I run webserver or any application from raspi, and any request to the vps can be redirected to the raspi. For example, request to vps.ip:port, go to raspberry pi 10.0.0.2:port
No port forwarding configuration needed. As long as the vps and raspi connected with tinc, they can communicate each other with all ports opened, with the internal ip such 10.0.0.1 etc
Is there a way to forward all ports and traffic into the tunnel?
I think GRE tunnel require my Pi to have a public IP.
Yes, just use a GRE or openvpn tunnel like @virtua_host said
I would go the route that @ErawanArifNugroho suggested and have a try with tinc.
Had a setup similar to this running for some time and it worked great! A plus: as the connection can be instantiated by any of the participants, you would not even need DynDNS or something like that.
Yes
That won't work for obvious reasons.
How would one ssh back into the vps if ALL ports are forwarded?
That's a good question. You would usually use a second IP (or possibly IPv6) for management if you want full 1:1 NAT.
My bad I forgot about the NAT on the PI side.
So +1 for the OpenVPN solution, OpenVPN server on the VPS and OpenVPN client on the PI side should do perfectly the work.
i think wireguard might be the better option .. should give better performance then openvpn
old but gold: https://jordancrawford.kiwi/setting-up-tinc/
probably faster than reverse ssh (which is valid option though) and port forwarding could be handled easily on the VPS then.