On Thursday, 5 April 2018 11:28:07 BST gevisz wrote: > A small correction after a call to the friend: the VPN server should > be installed > on the Client and the VPN client should be installed on the Host. > > Becaule of the same reason it is impossible to set up VPN server on the IR. > > Moreover, IR is too simple to use it for setting up any server other then > NAT and, may be, port-forwarding.
Your double NAT-ing arrangement hides the host twice over from the Internet. In addition, some of the domestic ISP providers also offer NAT'ed connections for their users. Some block specific ports/protocols for 'security purposes' and require you to upgrade your service contract for unfettered Internet connectivity. Assuming none of the above ISP restrictions apply in your case, you have the option of forwarding connections to the host through the IR. Single NAT e.g. between OR and IR is fine and NAT-T can be configured in most VPN technologies to address this. If you can configure the IR to expose the host via DMZ, or forward specific ports/protocols from OR to the host directly then most VPN technologies should work in principle. OpenVPN/SSTP is straight forward and for a single host (as opposed to a gateway) there's no benefit in trying to implement more complicated kernel based VPNs. For stronger OpenVPN crypto configuration have a look here: https://bettercrypto.org/static/applied-crypto-hardening.pdf but your security options will be limited by what MSWindows offers/allows. Post with particulars when you get that far and we can troubleshoot it further. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
