Is it possible to configure a reverse VPN tunnel?
Basically, my goal is to have a 100% portable and independent server. I'm building it using a Raspberry Pi powered by solar panels and batteries, and it is to be connected to the internet using a 4g hotspot. It only needs to have 2 functions, an SSH service, and a VPN service.
Here is my problem.
I initially started this project thinking that my biggest issue will be IP roaming. I set myself up a Dynamic DNS domain and wrote a cron that updated it every 60 seconds. I then port forwarded my hotspot to the Pi (the hotspot is basically a router, and the pi has a wifi dongle).
However, I was unable to connect to the hotspot router using it's public IP. It is then that I realized that all 4G LTE devices receive IP's on a subnet to a much larger NAT. This is apparently a new practice with 4G. 3G devices used to receive a reachable public IP.
Basically I need a way to reach a VPN server that doesn't have a unique IP.
Is it possible for a VPN server to establish connections with clients, kinda like a reverse SSH tunnel?
Like it could either continuously poll a set of IP addresses (or a dynamic DNS domain) until one of them accepts a connection, or maybe poll another server that would contain a list of IP's currently "wanting" a connection (and those IP's would essentially poll that server to ask for a VPN connection).
I know it's retarded and breaks the client server model, but I'm kind of desperate here. Is it possible?
Solution 1:
As you can see, connecting back to your system isn't so simple. The essence of your problem is that even you can do the DNS registration (which makes eligible for the servers to find eachother), the actual ip connection between your machines is further impossible.
There are multiple solutions for your problem.
The simplest were if you have some type of central server (with a public, fixed IP), and the VPN server run on that. On your rasperry pi, just as on your other clients, only a VPN client runned. This server worked as an intermediate gateway between your rasperrys and other devices.
Raspberry -> Central GW machine <- Your any other system
It solved both of the problem of the DNS registering and the problem the IP contact.
From the viewpoint of the network, nobody connected to your rasperry. Only your raspberry connected out to your central GW.
OpenVPN is a very beatiful solution for that.
There are more tricky solutions as well. For example, you could somehow say to your rasperry to connect out to your clients and do the vpn over that. But it didn't work if your clients were also behind a NAT, which is quite common currently, especially in mobile networks.
Or you could use tor as well to find intermediate servers behind you. Yes, tor isn't really a cracker tool, it can be used for regular tasks as well. But it isn't really reliable and quite slow.
Solution 2:
I also experienced some issues connecting to my Raspberry Pi while connected to open hot spot (in my case it was Optimum WiFi) (SSH into my Raspberry Pi 2@Optimum WiFi - Raspberry Pi Stack Exchange).
So, I'd like to share my way of getting into my Raspberry Pi 2 using this ssh reverse tunnel:
pi@raspberrypi ~ $ crontab -l | tail -1
@hourly ssh -S alexus -O check XXX > /dev/null 2>&1 ; if [ $? != 0 ] ; then ssh -M -S alexus -fN -R2222:localhost:22 -p 443 XXX ; fi
pi@raspberrypi ~ $
this solution requires yet another host up and running, through which you can ssh in to your raspberry. even if this solution won't work for you it might work for others)
in near future, i'm plan to explore openvpn option as well.