Linux: NAT punchback for VPN/SSH services [closed]

I have remote Linux server behind NAT, without ability to forward ports. All outbound ports are open though. I need to be able to connect to OpenVPN & SSH ports on this server from arbitrary PCs / mobile devices which all have dynamic & unpredictable IP. What is the best approach to achieve that?

If needed, I can use another public Linux server where I control all ports to assist in establishing the connection, but ideally I would want a way to establish direct connection without passing traffic through intermediate proxy.

I am interested in the most standard/robust method. It might be known technique, but it seems I don't know proper keyword to search.


Solution 1:

Implement IPv6 and make the NAT obsolete.

Assign the servers static IPv6, global scope addresses out of your address plan. Allow the expected services through firewalls. Ensure clients have IPv6, native where possible, 6in4 or other transition methods if necessary.