What's the best way to forward all traffic from VPS to a raspberry PI

dnwk

What's the best way to forward all traffic from VPS to a raspberry Pi? Pi sits behind NAT and Port forwarding is not possible.

FHR

Reverse tunneling.

SSH tunnel, PPTP, OpenVPN…

sanvit

Connect the pi to the VPS using a VPN and port forward from there?

cadddr

I would like to suggest https://wireguard.com/.

virtua_cloud

Have you considered GRE tunnel?

@jordynegen11 posted a great tutorial recently about it you can adapt to your case.

agonyzt

+1 for Wireguard! Great performance and security.

ErawanArifNugroho

Same case with me.

1. Setup the vps as tincd server
2. Setup the raspi as tinc client.

I run webserver or any application from raspi, and any request to the vps can be redirected to the raspi. For example, request to vps.ip:port, go to raspberry pi 10.0.0.2:port

No port forwarding configuration needed. As long as the vps and raspi connected with tinc, they can communicate each other with all ports opened, with the internal ip such 10.0.0.1 etc

dnwk

@FHR said:
Reverse tunneling.

SSH tunnel, PPTP, OpenVPN…

Is there a way to forward all ports and traffic into the tunnel?

dnwk

@virtua_host said:
Have you considered GRE tunnel?

@jordynegen11 posted a great tutorial recently about it you can adapt to your case.

I think GRE tunnel require my Pi to have a public IP.

jordynegen11

@dnwk said:

@FHR said:
Reverse tunneling.

SSH tunnel, PPTP, OpenVPN…

Is there a way to forward all ports and traffic into the tunnel?

Yes, just use a GRE or openvpn tunnel like @virtua_host said

Bochi

I would go the route that @ErawanArifNugroho suggested and have a try with tinc.
Had a setup similar to this running for some time and it worked great! A plus: as the connection can be instantiated by any of the participants, you would not even need DynDNS or something like that.

FHR

@dnwk said:

@FHR said:
Reverse tunneling.

SSH tunnel, PPTP, OpenVPN…

Is there a way to forward all ports and traffic into the tunnel?

Yes

@virtua_host said:
Have you considered GRE tunnel?

@jordynegen11 posted a great tutorial recently about it you can adapt to your case.

That won't work for obvious reasons.

NAT and Port forwarding is not possible.

teamacc

@FHR said:

@dnwk said:

@FHR said:
Reverse tunneling.

SSH tunnel, PPTP, OpenVPN…

Is there a way to forward all ports and traffic into the tunnel?

Yes

How would one ssh back into the vps if ALL ports are forwarded?

FHR

@teamacc said:

How would one ssh back into the vps if ALL ports are forwarded?

That's a good question. You would usually use a second IP (or possibly IPv6) for management if you want full 1:1 NAT.

donli

@teamacc said:

How would one ssh back into the vps if ALL ports are forwarded?

virtua_cloud

FHR said: That won't work for obvious reasons.

NAT and Port forwarding is not possible.

My bad I forgot about the NAT on the PI side.

So +1 for the OpenVPN solution, OpenVPN server on the VPS and OpenVPN client on the PI side should do perfectly the work.

Edding

i think wireguard might be the better option .. should give better performance then openvpn

Falzo

old but gold: https://jordancrawford.kiwi/setting-up-tinc/

probably faster than reverse ssh (which is valid option though) and port forwarding could be handled easily on the VPS then.