server SSH into VM on dedicated server.

[Nik schaad]

So this is the scenario:

I've got a dedicated server in my room right next to my computer, I've been using it like a normal server for about half a year now but recently I upgraded it's RAM to 16GB's.

I've had to reinstall my entire ubuntu OS several times because I had fucked something up so now I want to split my dedicated server into multiple virtual machines, so they're basically VPS's (they'd each have 1 core and about 3GB's).

It's possible to SSH into it from my PC and my local network in general, but I want to be able to SSH into my VM's at school too. Been searching on google for a week now and I can't seem to find the right answer, I've tried NAT, and bridged network. The VM is currently using Bridged, it uses port 26 for SSH (Which also works correctly). But when I try to host an apache site on it, I can only access it from my local network, even if I forward it's port on port 27 and change apache's default ports to 27, even with a domain for the site, or when I try accessing it like: http://server-ip:27/ it doesn't work. Does anyone know how to set this up? I want to host a VPS for one of my friends as a mutual cloud server so we can exchange large files of above 50GB's.

 

Thanks in advance!

[Zando_]

To SSH in from WAN you need to set up a VPN, then use that (at least that's how I've been doing it). I'm just learning though, so I doubt I can offer much more than that unless you're also using a Unifi router. 

[Nik schaad]

27 minutes ago, Zando Bob said:

To SSH in from WAN you need to set up a VPN, then use that (at least that's how I've been doing it). I'm just learning though, so I doubt I can offer much more than that unless you're also using a Unifi router. 

How would I set that up? Do you have any links to tutorials?

 

[Zando_]

5 minutes ago, Nik schaad said:

How would I set that up? Do you have any links to tutorials?

What model router do you have? I can probably find some. I did it on a Unifi Dream Machine Pro. 

[Nik schaad]

5 minutes ago, Zando Bob said:

What model router do you have? I can probably find some. I did it on a Unifi Dream Machine Pro. 

KPN Box 12

[Zando_]

6 minutes ago, Nik schaad said:

KPN Box 12

Ah, I can't find much for that in english, and its an OEM router so I'm not finding any guides on it. You can use ubuntu itself (or spin up a VM of ubuntu so you can have snapshots to fallback on if you mess up) as a VPN server using OpenVPN (may need to port forward from your router, but most routers should support that), here's a basic setup tutorial: https://linuxconfig.org/basic-ubuntu-20-04-openvpn-client-server-connection-setup.

 

I'll probably poke around with it myself when I get home if I have the time, as I have an Ubuntu 20.04 box running rn. If you're gonna boot up a VM, I'd use Ubuntu Server as it's less resource intensive (I use it for freeRADIUS and it can get by easily with 1 core and 1GB RAM) and you only need the command line to configure all this stuff. I always use a bridged network adapter in the VM settings (I use VirtualBox) and set it as a reserved IP from the router once it's running. 

[Nik schaad]

6 minutes ago, Zando Bob said:

Ah, I can't find much for that in english, and its an OEM router so I'm not finding any guides on it. You can use ubuntu itself (or spin up a VM of ubuntu so you can have snapshots to fallback on if you mess up) as a VPN server using OpenVPN (may need to port forward from your router, but most routers should support that), here's a basic setup tutorial: https://linuxconfig.org/basic-ubuntu-20-04-openvpn-client-server-connection-setup.

 

I'll probably poke around with it myself when I get home if I have the time, as I have an Ubuntu 20.04 box running rn. If you're gonna boot up a VM, I'd use Ubuntu Server as it's less resource intensive (I use it for freeRADIUS and it can get by easily with 1 core and 1GB RAM) and you only need the command line to configure all this stuff. I always use a bridged network adapter in the VM settings (I use VirtualBox) and set it as a reserved IP from the router once it's running. 

Do I install openVPN on the dedicated server or on the VM

 

[Zando_]

Just now, Nik schaad said:

Do I install openVPN on the dedicated server or on the VM

I'd use a VM as the openVPN server, so you can take snapshots before any major changes (making it easy to revert if you bork something). 

[Numline1]

This is a bit more complex, but should be doable with a little fiddling. However, there's several variables you might want to consider.

 

1) Do you have a public IP? If so, I'd go with a WireGuard VPN. You might set this up in a VM or on a separate computer (like rPi) and then forward your desired port used by WireGuard (by default 51820) all the way up from your modem/router to your host to your VM (although your VMs seem to have a dedicated LAN IP, so that's a bit easier). The process after that would be to either have that VM grant access to your entire LAN subnet or just have other VMs and devices connect to it, which will create a virtual LAN on a subnet like for example `10.10.10.0/24`. The first option (setting up a forwarding of your LAN traffic) has some advantages though, namely you won't have to connect each device to the VM and if you're planning to access IoT devices which can't deal with VPNs at all, you'd be able to.

 

2) If you don't have a public IP and want to go full self-hosted (or rather self-managed), you might want to add a public facing server (eg. DigitalOcean $5 VM) that would act as a "hub" for your virtual network. All your devices would connect to this "hub" and essentially create a LAN subnet (like mentioned above, it could be something like `10.10.10.0/24`), meaning you'd just connect to this hub from your school and would be able to access your Apache on something like `10.10.10.35:27`.

 

Both of these options, however, require certain networking knowledge, as well as some tinkering. It might be easier for you to set up some plug&play solution (this would be stuff like TeamViewer, which I consider to be yikes and avoid it). There's also stuff like OpenVPN cloud etc., but all these options might cost you a few dollars.

 

If you're still looking to self-host and self-manage this, you might want to have a look at articles like this - https://davidshomelab.com/access-your-home-network-from-anywhere-with-wireguard-vpn/

 

There's some others you might want to check out, just search for "WireGuard VPN home LAN" or something similar.

 

As to why I advocate for WireGuard rather than OpenVPN, it's simple. WG is a simpler and more-modern (code-wise) solution with native kernel support on Linux. OpenVPN might be an overkill, but people generally prefer it because it's been around for longer.

[ankitrana85]

Your problem is not that complicated but i think you left few key details out, which previous post highilghts. If you have a public IP then you will need to port forward to your server (machine's IP), which then internally be mapped to VM's port. This way exposes your machine to public (internet), to secure it you can use VPN. In my opinion exposing your network to internet is just an invitation to problems. 

 

If you dont have a Public IP or are behind carrier grade NAT (CGNAT) then this becomes more difficult to do without using other advanced ways. I am also behind CGNAT and currently use tunnels to host internal apps to public. Cloudflare has a an excellent free tunnel implementation called Argo Tunnels. You can give it a go if you have a domain parked with them.