Client to Client Communication bypass Firewall?

I have got a Raspberry Pi which is communicating via sockets with my PC. If I’m running this setup at home everything is working fine. But in my university I cant even ping the Raspberry Pi

Would it be possible to rent a server, run OpenVPN on it, allow client to client communication, and use the VPN on the Raspberry Pi and my PC to bypass the university firewall?

Would this work? If yes, are there services that could do that for free like Google Cloud?
Is there an easier way to allow socket communication?

Barney Stinson

Posted 2019-10-25T14:03:48.623

Reputation: 121

Do you have permission to connect your Pi to the university network? Please describe the setup that isn't working. Connecting the Pi to the same network as a PC should allow them to communicate - unless the uni is using IPSec or other port-based authentication, VLANs, etc... in which case your Pi might not be able to access the internet either. – Attie – 2019-10-25T14:13:16.547

i can connect stuff via wlan (eduroam) or lan - i have internet access – Barney Stinson – 2019-10-25T14:41:39.290

You would still need to forward the port which you cannot do based in the configuration of the network your connecting to. – Ramhound – 2019-10-25T14:42:26.933

@BarneyStinson - please describe the network in more detail... Is the PC also on WiFi? Do the PC and Pi get IP addresses in the same range when both connected to the "same" network (i.e: both on WiFi, or both on wired network). What device has internet access (Pi / PC)? – Attie – 2019-10-25T14:50:01.170

Please also make sure that you have permission to connect to the wired network... the physical ability to do so is irrelevant, and doing so could breach the terms of use. – Attie – 2019-10-25T14:50:56.260

@BarneyStinson: It is not fully clear what kind of communication you exactly try to achieve. But tools like ngrok might help you if you want to expose some internel web api to the internet and thus make it also reachable from inside the university network. And based on your description it might be that it is not a firewall at all which is a problem but simply that your RasPi is behind NAT and thus not reachable from the internet, no matter if firewall or not.

– Steffen Ullrich – 2019-10-25T14:58:31.023

im currently at home so i cant answer the range question - the pc is conencted via wifi (has a internet connection)- i only run the pi via lan – Barney Stinson – 2019-10-25T15:00:24.577

@Steffen Ullrich i try to establish a socket connection between a pi & pc inside a network i cant change security settings (for example port forwarding) -- i will give your recommondation a try tomorrow – Barney Stinson – 2019-10-25T15:02:53.147

@BarneyStinson: "a socket connection" is very generic. HTTP/HTTPS are socket connection too but not every socket connections are HTTP/HTTPS. – Steffen Ullrich – 2019-10-25T15:10:01.970

Answers

I've just installed an access point on my Raspberry PI and connected the PC via W-LAN I would have to use W-LAN later anyways so thats the perfect solution

Barney Stinson

Posted 2019-10-25T14:03:48.623

Reputation: 121

Connecting both your devices to a VPN should indeed allow them to communicate with each other and work around whatever firewall/NAT issues you are currently experiencing. If it's a firewall blocking your direct connections, then it's possible that firewall may also block connections to a VPN server in which case you'd need to find another solution. This is something you may want to try and check prior to spending money on any VPN services.

The simplest and cheapest way to get things working may be to shop around for VPN providers that have ready to go servers and software. You'll need a VPN provider that allows for inter-client connectivity rather than one that is focused on just providing privacy for clients.

If you have a connection you do control available, you could try setting up your own server there using some old/cheap hardware. For example, if you have connection at home with a public IP, you may be able to get a router that supports OpenWRT and then install OpenVPN or Strongswan on the router for your devices to connect to. I've setup my home router with OpenWRT+Strongswan so I can access my network remotely and it works great.

If you don't have a network available then you could look into renting a cheap VPS and setup a VPN server on it instead.

kicken

Posted 2019-10-25T14:03:48.623

Reputation: 906

The point is finding if there's a way to do unfiltered outbound connection to the internet.

Do you access web using a proxy or directly ?

If yes, then you can use HTTP or HTTPS ports (80 & 443).

If web is accessed throught a proxy, then you will have to identify which ports are reachable directly... but if network admin enforce the use of a proxy, he probably forbids every outbound connection.

You may try the following common ports: 21 (FTP), 6667 and 6666 (IRC), 143 (IMAP), 993 (IMAPS), ...

Then, it doesn't matter what port number is opened , you may run an OpenVPN service on this port and configured your clients to connect to it. You may also configure your home connection to forward that port on its public IP address to the SSH port of your raspberry pi.

If no direct TCP outbound connections are allowed, there's still ways to escape the firewall: HTTP CONNECT tunneling, DNS or icmp covert channels, etc... but this a topic by itself ;-)

binarym

Posted 2019-10-25T14:03:48.623

Reputation: 320