Access my local network from internet without public IP
If you really can't have a VPN client on the external computer (which would be the ideal situation), that should work. When installing the OpenVPN server you'll have an additional interface, and configuring forwarding from the public interface to the private one I see no reason why it shouldn't work.
You'll have to add some additional security via iptables since this way anyone connecting to the VPS server could connect to your inner network. Maybe some tool like knockd should be helpful.
In order to forward interfaces, you could use this as an example.
Related videos on Youtube
09 : 40
04 : 02
15 : 52
01 : 18
01 : 46
02 : 26
Aleix
Updated on September 18, 2022Comments
-
Aleix over 1 year
I want to access the devices on my local network, I'm interested specially in the CCTV camera and the raspberry Pi, that acts as a CCTV server.
Unfortunately, I use a 4G modem at home, so no public IP, and no chance, as I already asked.
My Current network:
How I'm planning to do it:
Is this feasible? and if so, would it work just setting OpenVPN up and configuring port forwarding?
-
barlop over 8 yearswhy no vpn client on the external computer? you'll need it to connect the external computer or mobile phone, to the vpn server.
-
Aleix over 8 yearsBecause I want to be able to check the port 80 of the camera from anywhere, even with phones with no VPN client.
-
barlop over 8 yearsThen you will obviously need a web server and that web server must have an interface not on the VPN. Where is that in your picture?
-
nKn over 8 yearsIt might be running on the VPN interface if he configures interface forwarding, but obviously that needs a bunch of security measures.
-
Aleix over 8 years@barlop the webserver would be run either on the CCTV camera itself (port 8080), or theres also one in the raspberry pi (port 80). All I want is be able to access those from an external device outside the VPN (by forwarding ports).
-
Aleix over 8 years@nKn any input on what security mesures should I setup?
-
nKn over 8 years@Aleix Basically what I specified in my answer below. You should make sure that you grant access to the webserver to only the ones you want to authorize. A combination of
iptablesand a security tool likeknockdis probably a good start. -
barlop over 8 yearsyou could restrict things so that only certain IP addresses can connect to the web server, alternatively, you may have some security options if you are willing to carry an ssh client on usb.
-
Aleix over 8 years@barlop what if I just forward the ports I need (such as 80) to the devices I need and that's it?
-
barlop over 8 years@Aleix well, do you want everybody on earth to be able to see your cctv?
-
Aleix over 8 years@barlop the CCTV is password protected, so yeah, that would be the idea...
-
barlop over 8 yearsTo Aleix , security may be ok, not sure off hand, what @nKn has in mind re security given that your web server is to be open to all(but with password protection which you have covered), been a while since I used a vpn.. Hopefully he can elaborate
-
nKn over 8 yearsI'd not rely uniquely on the password authentication, that's why I suggested a tool like
knockdwhich expects 3 TCP packets at 3 different ports consecutively (a safe-like emulation), and only if that happens, the daemon opens up the port for the IP that made the request. Otherwise it will be kept closed. I know it's a nuisance, but even every security is not enough when exposing services to the internet.
-
-
Aleix over 8 yearsThat is exactly what I want to do, but I don't even know how to start looking for a guide or something. I'll start by configuring OpenVPN Server & Client, but apart from that, I'm totally lost..
-
Aleix over 8 yearsI will mark this as the correct answer if nothing better comes up, as it's the answer that gives me more input about where to start.
