Yes (and even then it's tricky).
In this case I'd personally prefer a WireGuard or OpenVPN based solution as it looks more transparent in my opinion.
Openvpn or wireguard is not well supported by android/windows (without 3rd party software)
My idea is to use my vpn server present on my private connection (that has public ip) and create a bridge on the connection with the private ip (dslite)
Should work and """easy""" to setup right?
As long as you get by with a couple of port forwardings, yes - if you need more direct exposure, it's getting more difficult.
If you can get a TOR client running at home (as in, your ISP doesn't block it, or such), you could expose an SSH daemon as a hidden service.
That would enable to reach the internal network from outside.
To then cut down on the latency( or to get a full L2 ethernet), you can probably manually UDP-hole-punch your way to a direct UDP connection, which you can then run VPN over.
You'd have to scipt some glue code around this, or pick-up/adapt somebody elses script to your scenario
Can you expose a hidden service with a TOR client, or do you need a server? Can you run a TOR sever without a public IP address? Isn't there a less convoluted solution?
I still don't have any idea how to reach my local network using tor
Most mobile devices are on private 10.x.y.z addresses. Tor-for-android exists, and is in wide useage. So "yes" for the non-public IP. (Of course, your direct peers are limited to ones your device can reach via outgoing connection)
TOR does (to my understanding) not have this "traditional" Client-Server model. The client works better, if it can receive incoming connections, but It can also work with only out-going connections.
You may be thinking of being an exit-node, or not.
SO, basically the process is:
- Install TOR client on OpenWRT
- Configure SSH as hidden service
- Connect via SSH, and be happy, or
(more complicated)
- Note public facing IP of VPN-client(mobile device)
- Note public facing IP of VPN-server(at home)
- Manuall punch outgoing UDP hole towards each-other
- start vpn client -> Full Layer 2 ethernet to Home
Hello i'm again me...
Today i set up my vpn bridge and it does actually work... i can succesfull access my device (behind isp nat with private ip) by connecting to the vpn server where i have a public ip
Only problem... now my device use the remote connection of the vpn and not the isp one (private ip)
How can I make the device accessible from the remote server and at the same time use the isp network ?
can you explain ?
mh i decided to put the 2 network on a big subnet
192.168.2.0/23
The first router dhcp serve 192.168.2.1/24
the second router serve 192.168.3.1/24
this way i can access them...
Does someone know how to have name resolution on the entire network even if there are 2 dhcp server?
This is basically split DNS mode:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#conditional_dns_forwarding
Assuming that 192.168.1.1
is your primary DNS, you need to configure the following:
-
192.168.2.0/24
- domainlan2
-
192.168.3.0/24
- domainlan3
Then you should be able to resolve hosts from lan2
and lan3
domains via 192.168.1.1
.
what if i use unbound as my dns server?
Probably you need to configure multiple sections forward-zone
, one section per subnet.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.