Hacker News new | past | comments | ask | show | jobs | submit login

I tunnel everything through ssh (both local and remote port forwarding) and in some cases for the exact use-case you have mentioned (web server running on a raspberry pi that is behind a NAT). It works for me.

I've never set up a VPN and I'm not too knowledgable about them. Should I set one up? I don't know. Toyed with the idea a few weeks ago up until I read this post on StackOverflow (http://serverfault.com/questions/653211/ssh-tunneling-is-fas...) - TLDR (VPNs are slow)




> TLDR (VPNs are slow)

I don't think that's correct. There are multiple kinds of VPNs and multiple things that slow them down. Specifically:

- OpenVPN and other tun/tap handlers send more wrappers and suffer from slow userland networking

- SSH tunneling sends the least amount of unnecessary encapsulation / wrappers

- IPSec, wireguard and other services that do actual traffic processing in the kernel are likely to be faster than the rest, but still has some encapsulation overhead

On a slow link (sending things over internet) the packet overhead matters the most. On a local network, you should be able to saturate 100mbps even with openvpn without a lot of issues.

Out of those SSH is not a "real vpn". There's no persistence and you only get a point-to-point tunnel which needs to be started always from side behind the NAT. Also, you can't connect full networks, or make mDNS work with remote endpoints this way.

> Should I set one up?

If you need just a tunnel that you can set up on demand - probably not. If you need something more - you should definitely try a VPN instead.


OpenSSH has support for VPNs so you can connect two networks, although they do mention that for permanent VPNs you should use something else.


Right, they did add this recently! I haven't played with it yet unfortunately.


You could use your own OpenVPN Access Server (https://openvpn.net/index.php/access-server/download-openvpn...).

Configuring an access server isn't extremely difficult (https://openvpn.net/index.php/access-server/docs/quick-start...)


This.

For anyone wondering about specifics, this is at least how I do it.

* Portforward ssh access through your router to any ssh:able machine behind it.

* Connect with (in my case) putty, under settings -> ssh -> tunnels, set up a dynamic forward with a local port.

* Set up your browser to use a socks5 proxy on localhost:[yourchosenport]

* Browse to whatever local address or name your raspberry has behind that NAT.

* BONUS: circumvents any web firewall you're currently behind since you're browsing from home.


Re: BONUS

This won't work if the firewall is blocking SSH traffic. Now, if it's just port 22 being blocked, then you setup your sshd to run on something like port 80. At an internship where I had a lot of downtime, I had to setup my sshd to run on 443 since work was blocking pretty much anything that wasn't web traffic. Luckily my domain wasn't on the company URL blacklist.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: