How to access a private network behind a router? Can't port forward

lte vpn 3g
6,155

Solution 1

Assuming the VPS runs Linux as well, I'd setup some SSH tunnels from A to B with B acting as a gateway. That way, you could tell B to listen on port 8080 which then corresponds to the IP of IP camera one

So from the A box, run ssh with these parameters
ssh -nNT -R 8080:ipcam1:<ipcamport> -R 8081:ipcam2:<ipcamport> <VPS IP>

Hopefully your VPS has a static IP address.
Also hopefully you have full control over your VPS as you will need to modify the SSH daemon to enable GatewayPorts to allow other computers to connect through B to reach A.

In Debian, the GatewayPorts option is specified in /etc/ssh/sshd_config.
Adding GatewayPorts yes at the end of that file should suffice, and then restarting the ssh daemon for the change to take effect.

Solution 2

If there's a system has ssh installed on it, behind the 3G/4G router then you could ssh out from this system to another system that's outside the 3G/4G router and setup a reverse SSH tunnel.

This tunnel would then allow you to access a port@host on the external machine, which would give you access to a port@host behind the 3G/4G router.

$ ssh -f -N -T \
    -R 8080:cam1:<cam's port> \
    -R 8081:cam2:>cam's port> \
   <hostname of external system>

See these questions to allow the ssh server behind the router the ability to access ports beyond its localhost. The feature is called GatewayPorts within sshd_config.

Be sure to read that second link, titled: ssh to private-ip, I cover in extreme detail how to do what you want and how to setup GatewayPorts etc. and how to test the whole setup out.

Share:
6,155

Related videos on Youtube

Mike de H
Author by

Mike de H

Updated on September 18, 2022

Comments

  • Mike de H
    Mike de H over 1 year

    I have a video surveillance system (a bunch of IP cameras, with private IPs) behind a router in a distant location. The only ISP that's available at that location has provided me with a 3G/4G USB dongle (so basically mobile Internet). Apparently this dongle (which connects to the router) does some routing/magic by itself (and is not configurable) so I can't use the router to do port forwarding (not in anyway that helps at least). This means that while the cameras have Internet access (so can push information to me), I can't access them directly over the Internet (so basically, no live feeds).

    I'm thinking of getting around this by putting a low power computer (software doesn't really matter much in this question, but I'll use Linux) in the same subnet as the IP cameras - let's call this computer A; I also have a VPS rented somewhere that is publicly accessible via the Internet - let's call it B.

    I think that this setup should allow me to work around the issue with my live feeds. At least conceptually if I get A to open a tunnel to B then via B I should have access to A's network.

    Presuming the above works (I don't see why not, but .. that's why I'm asking) can you guys recommend a system that can accomplish the above with at little fuss as possible? I mean .. should I set-up a VPN with A as a VPN client and B as a VPN server; then anyone who wants to view the cameras simply connects to the VPN server installed on B?

    I think this should work, but maybe there's an easier way than setting up VPN on every computer from where I want to check the cameras.

    I'm not directly interested in the software (I'm sure that exists and I'll manage to configure it) but rather the networking concepts.

    The ideal situation would be that I'd connect to B on (for example) port 8080 and that traffic will automatically be routed from B through a tunnel to A, at which point A will feed data obtained from camera "1" through that connection; then 8081 from camera "2" and so on.

  • Mike de H
    Mike de H over 10 years
    Hello Lawrence! I was not aware that I could use a ssh tunnel like this but this is, in fact, exactly what I'm looking for. I have full access to the VPS and it has a static IP, so I should be set. Thank you very much for the help!
  • Mike de H
    Mike de H over 10 years
    Thanks slm, That's what I need! Unfortunately I'm to new to upvote; thanks to yours and Lawrence's answer, my problem is fixed.
  • Lawrence
    Lawrence over 10 years
    Happy to have helped :)
  • slm
    slm over 10 years
    @cupu - SSH is the original VPN client. You can do reverse proxies like this and forward proxies to another machine. I use it every day to get into our data centers which have restricted access.
  • slm
    slm over 10 years
    @cupu - No worries, glad you solved your issue, hope to see you around the site asking and answering Q's 8-)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Does a VPN make 3g/4g/cellular connections more secure?
network is not available even when cisco vpn client is connected. wrong route?
USB 3G/4G modem problem
Huawei E3372s + Linux (Rasbian), Incoming connections problem
Which free VPN providers support Ubuntu?
Can I VPN connect to my work using Windows 8?
Cisco VPN Client automatic login
Connect to http server behind vpn with java
Is it possible to setup a VPN on Heroku?
Pre-configured EC2 VPN AMI