Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
VPN on dynamic IP, any guides?
I would like to set my Pi up as a VPN server I can connect to from various other devices from the internet.
The Pi is at "home base" attached to a standard home wireless router.
I have looked for tutorials for VPN but they always seem to expect a fixed IP address or some kind of dynamic DNS, which always seem to give me errors with reverse lookups when trying to use them for SSH.
Any ideas for somebody without a fixed IP? Do the dynamic DNS solutions definately work for VPNs?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Original Poster
Rep:
Oddly, I managed now to find a tutorial not expecting a fixed IP address, using openvpn and some setup scripts. Perhaps that's the place to start then I can look into dynamic DNS -- as I mentioned I did do some testing with a free dynamic DNS service and couldn't SSH due to some kind of issue with reverse-lookup on the IP not matching the domain I was attaching to (or something) so I worried abotu this kind of thing with a VPN.
Oddly, I managed now to find a tutorial not expecting a fixed IP address, using openvpn and some setup scripts. Perhaps that's the place to start then I can look into dynamic DNS -- as I mentioned I did do some testing with a free dynamic DNS service and couldn't SSH due to some kind of issue with reverse-lookup on the IP not matching the domain I was attaching to (or something) so I worried abotu this kind of thing with a VPN.
You definitely don't need reverse-dns for ssh to work, whether it's a static or dynamic ip. Or maybe the UseDNS directive was enabled. Try to disable it first (it's /etc/ssh/sshd_config in CentOS)
My DNS works fine.
You should get another connection or use a different VPN. Well, you can use PureVPN or PIA. They both are perfect. But nowadays, I am using PureVPN because their speed is good and works fine without any disconnectivity.
I am just giving you a suggestion so do a deep research first. Or you can read this content on How to Get A VPN. Or simply go to Google and explore the world.
The problem is that they're both commercial, whereas openvpn is free. And it's a very good solution, and it's not really that hard to configure. Of course, you won't be able to configure it by clicking nexts (although some builtin system do offer wizards for openvpn - clear os, some netgear routers, etc.), but still...
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Original Poster
Rep:
Thatbks, I'll take a look at my SSH settings and I am now on a different remote device so things may go better.
As to the choice of VPN OpenVPN seems the only open source, free choice? Not that I am averse to paying for open source software but I'd like to get things working first.
To expand: The idea is to run a VPN on the Pi so that no matter which network I choose to connect from I am likely safe from snooping and MITM for my Blackberry device and laptops and, also, so I can use my home network as if I were at home.
A downside to watch with the dynamic DNS services is that the free ones have to be renewed frequently and the paid ones aren't really cost effective. A few regular DNS registrars offer dynamic services on the side as part of their service. I don't have a list of those however.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Original Poster
Rep:
The short-term plan would be using a free one (I've done it before for web hosting) for "proof of concept" then I may be willing to pay for it. After that, who knows? I've a domain I'm winding down usage of which I could use and I think my hosting company may still do dynamic DNS (recently learned they stopped doing VPSs).
Just to clarify your question - If I may inquire...
Your are wishing to connect to your home network FROM the Internet?
Your Internet connection (standard home wireless router) gets a dynamic IP address from your ISP?
If the above is true I am not sure it is possible to setup what you desire. In order for your device "on the Internet" to connect to your Pi VPN server it first has to find your home IP address. With a dynamically assigned value from your ISP this is problematic.
Perhaps you could tunnel the the Pi to a resource on the Internet and then connect your device on the Internet to that same resource and then back to the Pi. Here is an article https://arstechnica.com/gadgets/2017...rcial-options/ which talks about using a virtual machine hosted on a hosting service to build your own VPN. Not sure if this helps. Perhaps I have misunderstood the question.
Dynamic DNS is definitely what you need to maintain a link between a URL and your home IP address.
I have used a number of home modem/routers that have an in-built dynamic DNS capability that will update on an IP address change, but they only allowed the use of DynDNS as the provider. This used to be free, but is now a paid service.
An alternative would be to use the Pi to maintain your dynamic DNS at the provider of your choice. I have used https://freedns.afraid.org/ for several years.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Original Poster
Rep:
Thanks for the responses, my IP address tends to be fixed for months at a time so a dynamic DNS provider would be great.
however, I still seem to be struggling to actually set up a VPN at all - having followed a guide in what I thought to be a thorough manner and getting crt files onto my laptop I still couldn't connect to the VPN (Network Manager just keeps trying, unsuccessfully, to connect.
I've managed to set a few things up on my Pi in the past but, for some reason, VPN defeats me every time. (I am opening the relevant port on my home router etc. -- I've already got passwordless SSH on a non-standard port working fine)
I've already got passwordless SSH on a non-standard port working fine)
You can use that as a SOCKS5 proxy while you work out the details on the regular VPN. See the -D option in ssh
Code:
man ssh
Your browser supports SOCKS5 and probably so does your mail client. It would just be a matter of connecting with SSH and pointing the desktop (or individual programs) to the proxy.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.