OpenVPN connect to server not accessible from internet

My ISP sucks at IPv4, so they are NAT'ting one public IPv4 to multiple customers (they call that DSLite). The problem is: I can't open ports for incoming connections. My public IP can't even be pinged or portscanned.

I still want to access my LAN on the go via IPv4 using OpenVPN. My ISP's support just says it isn't possible. I don't (want to) believe that.

Is there any way I can use OpenVPN to establish a connection between e.g. my mobile phone and my home-server?

EDIT

I already have a OpenVPN Server running on an outside machine that I can connect to from inside the LAN, but bandwidth and speed aren't optimum.

Is it possible to use the outside server as a "router", so that other clients can access the (client) home-server's network? (Sorry, I'm not familiar with packet routing (iptables) and the exact way OpenVPN's internals work.)

NoMad

Posted 2013-12-19T18:53:02.393

Reputation: 502

Answers

If you initiate vpn connection from the DSL Lite machine (let's call it DSLite) to the outside machine running openvpn server (let's call it OpenVPN server), and after that you connect from a 3rd machine Ilet's call it laptop) to the OpenVPN server, then you will be able to access DSLite from the laptop through the OpenVPN server.

DSLite will obtain IP Address (Let's say 10.8.0.2) from OpenVPN Server.

Also, the laptop will get IP Address (Let's say 10.8.0.3) from OpenVPN server.

However, you need to uncomment out the client-to-client directive in server.conf if you would like connecting clients to be able to reach each other over the VPN. As by default, clients will only be able to reach the server.

Check http://openvpn.net/index.php/open-source/documentation/howto.html under "Including multiple machines on the client side when using a routed VPN (dev tun)".

aseaudi

Posted 2013-12-19T18:53:02.393

Reputation: 461

No, you can't do this that way.

You might be able to do this with a remote access tool that is designed to work from inside a private NAT-ed subnet, like GoToMyPC or similar. So look into those.

You can't use a standard VPN server like OpenVPN, because you need end-to-end connectivity using either public IPs, or port-forwarding. Since the ISP controls the latter and has already told you "no", that's your answer.

FYI, welcome to ServerFault. please read the "help" link to understand why you're getting votes-to-move and votes-to-close. This site is specifically not for things in a home environment.

mfinni

Posted 2013-12-19T18:53:02.393

Reputation: 526

Thanks, I resorted to ServerFault because the problem isn't in my LAN, so I thought there is some NAT-breaking-wizardry that can be done. I'll edit my post, perhaps there is some other solution... – NoMad – 2013-12-19T21:01:48.277

Sure there is. I explained that in my answer, that there are software packages that will use other methods to maintain a connection from inside a NAT-ed subnet. You won't easily be doing this with OpenVPN. – mfinni – 2013-12-19T21:30:55.317