On 05/04/18 18:28, gevisz wrote: > 2018-04-05 12:51 GMT+03:00 gevisz <gev...@gmail.com>: >> 2018-04-05 1:02 GMT+03:00 Grant Taylor <gtay...@gentoo.tnetconsulting.net>: >> On 04/04/2018 02:18 PM, gevisz wrote: >>> Assuming that NAT is in play on OR and IR (worst case), then just about >>> /any/ form of VPN initiating from the outside will be fraught with uphill >>> battles. >> As far as I understand, the connection would be initiated from the Host. > A small correction after a call to the friend: the VPN server should > be installed > on the Client and the VPN client should be installed on the Host. > > Becaule of the same reason it is impossible to set up VPN server on the IR. > > Moreover, IR is too simple to use it for setting up any server other then NAT > and, may be, port-forwarding. > Might need a third party vpn server in the cloud that both ends connect to as clients and route between? A stunserver like VoIP uses will help there.
Also try a proxytunnel/stunnel using port 443 and use that to bounce openvpn or a putty (ssh) port tunnel through the networks https proxy. Inefficient but gets ssh, web pages and small downloads through problematic networks nicely. Double wrapping in ssl with end-to-end protection via openvpn takes care of privacy when MITM SSL proxies are used (yes they exist) Note that openvpn can be used peer to peer though client to server is a bit more secure. In my setup, the client is windows and the server is gentoo on a dynamic IP. For really paranoid networks, there are other ways but I have found this handles most cases which are either my android phone, laptop using openvpn on locked down wifi networks or ssh (putty) on windows hosts. BillK
