[kwlug-disc] Remote access to machine behind CG-NAT

[Khalid Baheyeldin]

Thanks for all the replies ...

I briefly looked into SSH tunneling, which I used decades ago but in a far
simpler scenario (ssh access).
It should work, and with AutoSSH, it should be more robust (restarted if
traffic ceases, or daemon dies).
But my conclusion is that it is only good for one (or a couple) of ports
that one needs to open, and then gets complicated from there (one tunnel
and one Systemd unit file per port), so that is a future limitation.

Maybe I should try SSH tunneling first before delving into more complex
solutions ...

Complexity includes setting up for split tunneling, so that not all traffic
goes through the VPN server.
(e.g. large backups from one's laptop to the server, on the local LAN, now
go to a third server, and back)

John, you confirm that a private VPN will get over the issue, and that is
encouraging.
Any specific reasons you didn't go for WireGuard?

I assume that pfSense is not the only way to run it, and it can be run on a
plain Ubuntu machine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20250518/f2411fef/attachment.htm>