Remotely connect to my LAN
 

Hi there!

What I'd want to do is being able to use my laptop and Android phone to connect to my home LAN when I'm out (at work, using a public hotspot or even the data conection of the smartphone).

More precsely the features I am looking for are:
1) Being able to connect to samba shares
2) Being able to ssh a server on my LAN
3) Being able to open up in the browser the WebServer hosted on one server in my LAN
4) Being able to naviagate privately (Not mandatory, but I would really appreciate it)

These are my requirements for now, maybe in the future I'll need something more...

I've been looking around for some time and I think that waht I am looking for is VPN, BUT...
1) I am really new to linux and things like these in general and I really don't know where to start (I even don't know if this is the right solution)
2) I can't get to connect to my router. I've been trying for a long time and still I can't manage to accomplish it! I think the problem is that my ISP is NATting my IP, but I'm not sure

So my questions are:
1) Is VPN the right solution for this problem?
2) If it is, how can I setup a VPN in such an environment?

The PC on which I would install all the necessary software is a Ubuntu 14.04 server.

Thanks in advance!

So basically you want to connect to your home network from anywhere in the world over the internet.

Yes, it is possible via VPN but it is not something that can be done easily. Another way is to have an static IP provided to you by your ISP which will be a bit costly. I am not talking about public IP here as that will be way to costly.

Another option that you can look for is setting up team viewer, it is free for personal use. You can check more about it on www.teamviewer.com

If you are using teamviewer on any one of your system you will be obviously be able to get into your network once that is done you can browse around the internal network stuff that you have in place.

mY SOLUTION
 

Faced with the same requirements I added a VPN forward to my insternal DEBIAN server and ran VPN server there, with a dynip client so a name would resolve to my external IP address: even when it changed. But, I am a network guy with 20+ years experience and that was easy for me.

Without a VPN you are unlikely to get drive mounts external, But while a bit indirect you can get to everything else. If your mind works that way, it should be fun!

Thanks for the quick replies!

As I am doing thi only for personal entertainment and as a way to learn something new, I definetly want to use only free solutions. If none is possible, then I'll move onto somenthing else: no problem!

Yes, I already know teamviewer and use it a lot, but only for graphic remote control (and from the smartphone is quite difficult): could I use it simply to link my smartphone/pc to my home LAN? Another question: the server is running without GUI (only shell): is that ok for teamviewer?

As for the VPN: I'm an 18 years old boy with nothing similar to 20+ years in the IT field ;) but I really like to experiment with this kind of things expecially to learn from them so I'd be extremely grateful if you could explain this a little bit more.
The thoughest part I see at the moment is overcoming that no-accessible-ip problem: how can I get rid of it?

Thanks again!

Ah that is a good question. Well I haven't tried teamviewer for shell but they do have teamviewer for Linux and if that is there I guess they should have some functionality to connect via shell. That is something you need to test ;-) If I will get time I will test and let you know.

More fun
 

I wonder if teamviewer will run in and share out a VNC desktop session. That way you do not have to be running a Desktop Enviironment on the hardware.

If you can manage your router and add NAT or packet filter rules, or define a DMZ server address, you MAY be able to make this work. In fact, you might want to check your device and see if it has native VPN support (most likley labeled IPSEC if not VPN). If you have this: try forwarding a standard port at the firewall to and internal machine with a service running. (Example: forward 80 on the router to port 80 on a web server.) Now from INSIDE the network browse to whatismyip.com or ask google what your IP address is and record that. That is your external address today. IT might not stay the same every day, but that is the right value TODAY. From OUTSIDE your network attempt to browse to that ip address.
This is a very simplified test.
If you fail, check the web server and see if it detected the incomming request.
Possible outcomes:
1. nothing happened anywhere means your plan may be toast. You might need a different ISP to make this work.
2. It fails, but the traffic left log entries (on the router or on the web server). That means there may be a routing issue or address problem (or traffic block) but if we play with things we can fix it up.
3. It works. This means the plan is sound and you CAN set up a VPN: To reach your web browser, you are already working. (until that address changes)

Any level of success at all means you can work with a free or pay DynDNS setup to dynamicly detect your external address, and update a DNS server to make a name always resolve to YOU. This is generally a free or cheap account, with a free application to run somewhere within your network, and is very easy to set up.

The VPN is more tricky, but if we get this far we will know it may be worth WORKING on a VPN. IF we cannot get this far, then a solution like LogMeIn or Teamviewer may be the best you can do with this ISP.

Either way, playing with it to see should be a hoot.

Good news
 

Thank you, wpeckham:

I've been doing some tests in these last hours and I can confirm that my WAN IP is NATted. This would fall in your (1) case, but there is some good news: it seems that my ISP is going to give me a private address (dynamic or static I don't know) only by asking them. I've submitted the request and I'll soon report their answer and the result of your suggested procedure.

Thanks again!

Good ISP
 

That is wonderful news! IF they give you a static, then the dyndns may not be required. They are likley to provide a name for that address as well. I think you are several steps along on a wonderful adventure!

I tried setting up a VPN on my Raspberry Pi the other week and failed, sadly. So at present I just use SSH to connect to my Pi meaning I can use SFTP to grab files from it and the like and even wake my desktop using Wake on LAN if I so wish.
However, I will be revisiting setting up a VPN when I get home (currently on holiday) and if I find a tutorial that works easily I'll post a link.

Yes, this is definetly great. I've performed some test (HTTP-Server and FTP) and port forwarding is working great. The server will actually arrive tomorrow, so until then I won't be able to setup anyting, but I'll let you know when I will be able to!

Thanks for the great help!

I'm back at it
 

Hey! I forgot everything about this thread for a lot of time, but I remembered it while posting another question on the forum about my server.

As I've already said my main goal is to learn something new, but VPN is something which would be definetly useful!

Long story short:

• I want to be able to remotely connect to computers in my network (SSH, FTP, HTTP and maybe other protocols) <- Now I know VPN is the right way
• The clients would be my Linux portable PC and my Android smartphone <- Which type of VPN should I set up?
• If I surf to www.google.com while connected to the VPN on my smartphone I'd prefer to do it directly, not by routing the connection thorugh my home network <- is it possible to route through the VPN only the requests to my PCs at home and send the request to the Internet directly without using the VPN? This is mainly because of three factors: I don't need private surfing and the connection would be really slower without advantages, moreover my Internet connection is limited to 40 GB per month, so I don't want to use it everytime i connect to the VPN.

The last point is not strictly required: if it can be accomplished then GREAT! Else it's not a huge problem...

Thank you very much!

well on the way...
 

1. Good!

2. There are a few option, but I am thinking an IPSEC should work well. You want the road-warrior configuration, as you cannot predict well the IP address of the client. There are other options, and you may want to research which could be easier for you. I would have a look at OpenVPN documents.

3. Not a problem. In Windows it is in the network/advanced for the VPN: make sure it does NOT use the remote default gateway, This allows the VPN to handle traffic ONLY for the remote network, all other traffic avoids the VPN. I would have to search for the setting in any other system, but it is generally easy to recognize under Linux. I cannot comment about your smartphone VPN settings, there is a LOT of variation in that zone.

try hamachi

https://secure.logmein.com/labs/

it's free for up to 5 computers and requires virtually no configuration other than creating a logmein account, using that to create a network and then installing the client on your machines, and logging them in and joining them to your network... no routing, dns, or port forwarding needed

> What I'd want to do is being able to use my laptop and Android phone to connect to my home LAN when I'm out (at work, using a public hotspot or even the data conection of the smartphone).

your getting paid when am i getting paid ?

(actaully, is not couth to ask others to answer questions for free that you will be paid for. decades ago it was not an uncommon question for answerers to ask if a person was doing it for a job and refuse to answer for free if it was)

Thoguht points...
 

Logmein runs a good service and has interesting projects. For long they had excellent commercial offerings (I had clients who loved them) and free for personal use offerings. The products are still good, but the free went away. I have been told that the commercial prices went up also, but I cannot verify that.

The beta software recommended above IS good, but since the company has a history of taking away formerly free services and replacing them with a subscription service, you must take this into account.

Personally, I prefer not to be at the mercy of their business decisions. While I like the products, I like direct access even better.

It may be a solution that you will want to consider! It does avoid all worry about firewall ports and vpn serices, as it only depends on machines ability to communicate with an internet server to establish a connection.