“easy” failover home network access..
What wasn’t cool, was that its provided wifi blocks outbound TCP except to a couple of well known protocols (http, https, pop3, pop3s, imap, imaps, smtp), and well, my wife and I were nerds and we were working on something on one of our home Linux boxes and we needed to ssh into it, over our wireguard VPN.
So I did what any reasonable person would do… got a friend to give me a temporary account on their box which runs proxied sshd on the same port as https, and then used that setup a reverse tunnel and SSH into our home network.
.. where I then setup an OpenVPN server using a shared port with our home server’s https connection, which is forwarded through the NAT router, and connected to that to finish off what we were doing.
I then wanted to solve another problem – we have failover 4G, for the rare times when the main NBN connection is down. Except, my NBN provider gives me a real IP, and my 4G provider uses CGNAT, so I can’t use the existing home VPN server when the main NBN link is down – not that this has ever come about, but “be prepared”, as the boy scounts say.
I didn’t want an always on connection from my VPS server in California to my home network, so I setup sshd on a second port on my VPS server, and used autossh to establish a tunnel from the VPN server on my home network on that port.. and then used ufw on the VPS to block my main ISP, so it can only connect if the connection fails over to the 4G link.
So for home access – normally I can use OpenVPN or Wireguard (I have both now) directly to my home static IP, or if the NBN is down, the home will tunnel out and expose OpenVPN via my VPS. The functionality is good, it can be explained easily, but the behind the scenes implementation is a little complex, though I think pretty cool.