/srv/irclogs.ubuntu.com/2023/02/19/#ubuntu-server.txt

=== chris14_ is now known as chris14
wingarmacCan I bridge two home networks togheter ? I've two addresse on different sites that should be part of the same home network.03:18
wingarmacI thought I could use a fixed public ip and ubuntu server to apply this, but I do not know where to start.03:19
wingarmacI do no few about servers and WAN IP networking03:20
wingarmacIf you ask what for, I should say anything that could be done on a home network.03:21
wingarmacit's the same as this https://superuser.com/questions/1192609/connecting-two-routers-with-separate-internet-connectionswan03:26
wingarmacHow can I achieve this?03:26
wingarmacOn one site I've a fixed public IP.03:27
wingarmacI've difficulties to bridge the WAN IP with my server though. This isn't clear to me, and the provider who is another one in my case do not provide any support except for professionals. https://www.edpnet.be/en/support/installation-and-usage/internet/manage-proximus-hardware/how-can-i-install-and-configure-my-b-box3-modem.html03:30
wingarmacWich I'm not03:30
tomreynwingarmac: you want to connect two separate networks which are in different physical locations and are only connectable through the internet. your goal is to be able to reach, from your desktop, systems on the remote network, as if the were on yours. and vice versa.03:59
tomreynif that's an adequate description, what you want is probably a site-to-site vpn. i would recommend using wireguard.04:00
tomreynwingarmac: i see you're getting help in #networking instead, good. but please don't cross-post in the future, or let us know when you do.04:09
wingarmactomreyn Sorry I didn't, I was waiting for any answer. And they just did first. 04:53
wingarmacI will add that the request is also posted on th other channel04:54
wingarmaccould you guide me trough the vpn setup maybe ? i also messed up with the bridge to my nat router.04:56
wingarmacI'm onubuntu server 22.04 lts04:56
wingarmachttps://termbin.com/1tvtp04:58
wingarmacI've folowed these steps but with another ISP on the same router to bridge it with my server: https://www.edpnet.be/en/support/installation-and-usage/internet/manage-proximus-hardware/how-can-i-install-and-configure-my-b-box3-modem.html04:59
tomreyncan't help you set up the vpn, no05:02
wingarmacand for this bridge with the router? cat /etc/netplan/network.yaml | nc termbin.com 9999 https://termbin.com/lt4h05:03
tomreynthis router is a SO/HO one, not a proper device. you will probably not be able to set up wireguard on it, probably no vpn at all (but you can still do it on a system on the lan with port forwarding)05:04
wingarmacLike this: https://www.edpnet.be/en/support/installation-and-usage/internet/manage-proximus-hardware/how-do-i-set-up-a-port-forwarding-on-my-b-box-3.html05:05
wingarmacThat's already important to me. All procedures I found do not match with that router05:06
wingarmactomreyn you mentioned : but you can still do it on a system on the lan with port forwarding - Does it mean distant computers may still be part of this VPN right ?05:07
tomreynthey can be the vpn servers / gateways for each of the two sites, yes.05:09
tomreynbut if port forwarding is a new concept to you then i'm afraid that setting up a site-to-site vpn will likely make your head explode05:10
wingarmachaha05:10
* mybalzitch ducks05:11
wingarmacI'll think I'll be glad to try and see for myself what I'm able to. I'll probably understand much more with my mistakes where I found a solution for (with help or not) as with the explanations I found on the net.05:12
arraybolt3I'm going to go out on a limb and suggest SSH tunneling here.05:12
arraybolt3You can make a port on a remote machine available as a port on a local machine by SSH'ing into the remote machine with the right settings.05:12
arraybolt3So something like "ssh myuser@remote.system -L 7897:localhost:7897" makes port 7897 on remote.system become accessible by connecting to 127.0.0.1:7897.05:13
wingarmaclike suggested on https://www.ssh.com/academy/ssh/tunneling-example : ssh -R 8080:localhost:80 public.example.com ?05:13
arraybolt3Yeah that's fairly similar.05:14
arraybolt3Only using -L makes a remote port available on the local system, and -R makes a local port available on the remote system, IIUC.05:14
arraybolt3Also SSH has the ability to make VPNs, I believe - it's documented in the man page for SSH.05:15
arraybolt3"ssh contains support for Virtual Private Network (VPN) tunnelling using the tun(4) network pseudo-device, allowing two networks to be joined securely."05:16
wingarmacWhat I'm intend to: https://forum.virtualmin.com/t/from-webmin-port-to-ssl-443-on-wan-domain-name/119065/3305:16
wingarmacThanks, that sounds like a good path to follow to me. Will this work with Open VPN or Wireguard ? I05:17
wingarmacOr is it like a build-in option to set up ?05:19
arraybolt3wingarmac: I've never done it before, however the manpage is showing everything being done with "ssh", "ifconfig", and "route", so I think it's a kind of built-in thing.05:19
wingarmacOkay, I see. I'll have to test it.05:20
wingarmacThanks !05:20
wingarmacI did as root : ssh -R 8080:localhost:80 server.mydomain.com and it prompted for a password. I gave my root password in but it wasn't accepted. Any clue why?05:26
arraybolt3wingarmac: It wants the password for root on server.mydomain.com.05:27
arraybolt3You may want to specify a user before server.mydomain.com, since frequently on Ubuntu there is no root password.05:28
wingarmacdo I need to log to the user account and do sudo instead or do I need to create an ssh account. I do not understand ?05:29
arraybolt3wingarmac: When you ssh into a machine, you log into the remote machine as some user.05:31
arraybolt3wingarmac: So just like how you would log into your local machine with a username and password, you log into the remote machine to.05:31
wingarmacI'm on ubuntu server 22.04 lts I use the same pass for my user and root account05:31
arraybolt3wingarmac: When you log into the remote machine, it wants a password for the user you're logging into the remote machine as.05:31
arraybolt3So if the remote machine has a user "user" with password "pass", and you ssh into user@server.mydomain.com, it will want the password "pass".05:32
arraybolt3wingarmac: It wants the *remote* password, not the local one.05:32
wingarmacso far I understand, but how should I mention the user like it should in this command? ssh -R 8080:localhost:80 server.mydomainname.org ?05:32
wingarmacor how to create a remote user ?05:33
wingarmacor give remote access to some users with a group ?05:33
arraybolt3wingarmac: ssh -R 8080:localhost:80 myuser@server.mydomainname.org05:33
arraybolt3(You put a <username>@ before the domain.)05:34
wingarmacyes ! you did it ! it worked. so know my server should be linked with his hisname.mydomain.org05:37
wingarmacCan I do this with the second PC, my desktop to? Should I enter this command into the server (DMZ) or on the client on the same NAT as the server.05:38
arraybolt3Ish - using the -R switch will let you access a port on the remote machine as if it were a port on the local machine.05:39
arraybolt3So like right now if your remote server connects to port 80, it will be the same as if it connected to port 8080 on the local machine.05:40
arraybolt3*if your remote server connects to 127.0.0.1:8005:40
arraybolt3(If I'm understanding the -R switch right - I could have that backwards, this always sends my brain for a bit of a loop)05:40
arraybolt3If you want a full-on VPN, you'd have to do more involved setup.05:41
arraybolt3`man ssh` is your friend - that will show you the documentation for the ssh command, which may be considerably more helpful than a tired stranger with only a vague grasp on how some of this works :P05:41
wingarmacI did on the server side: ssh -R 8080:$(LOCALIPSERVER):80 wingarmac@serv.mydomain.org05:41
arraybolt3So now if you access 127.0.0.1:8080 on the client side, it should access port 80 on the remote side.05:43
wingarmacI'm testing how far Webmin works without the VPN on my domain name with your suggestion. Afterwards, if it's needd I'll check for VPN. Can I replace LOCALIPSERVER with LOCALIPDESKTOP and desktop.mydomain.org ? Do I need to do it05:43
wingarmacon the server side or desktop side?05:44
arraybolt3As long as you can get what's forwarding to what straight, you ought to be able to get it to work either way.05:44
wingarmachttps://computername.mydomaine.org registered into my A records should be accessible behind a NAT router.05:45
wingarmacIt's the case of my server already. Now see if it can find my desktop so to ..05:45
wingarmacI've a client on the neighbours nat connected to try the url of my computer from a distant one. She has another provider at top of that.05:46
wingarmacI've Warning: remote port forwarding failed for listen port 8080 - I've been on the net and did set into the router: 06:04
wingarmacSSHTCP EXT_port 220IN_port 22LOCAL_DESKTOP_IPAny06:04
wingarmacOTHERTCP EXT_port 80800IN_port 80LOCAL_DESKTOP_IPAny06:05
wingarmacAny cleu why I still get this ?06:05
wingarmacto have the distant computer opening as source localhost:port by using computername.mydomain.com (server and desktop behind an isp nat router)07:18
wingarmacit's to access a self hosted application trough a web browser on a specific port, without having to enter it, the name of the computer should sufise.07:18
wingarmacssh -L 10666:server.mydomain.org:80 07:18
wingarmacssh -L 10999:desktop.mydomain.org:80 07:18
wingarmacWill this work ?07:18
wingarmacReference: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding07:18
alkisgwingarmac: you have two PCs, server and desktop, and both of them are behind NAT?07:19
wingarmacyes07:20
wingarmacssh -R 8080:localserverIP:80 wingarmac@serv.mydomain.org07:21
alkisgwingarmac: and you've done SSH port forwarding, so you can ssh from the desktop to the server?07:21
alkisgDid you open port 22 in the router of the server pc?07:23
wingarmacwhen I try ssh -t serv.mydomain.org ssh ubcynt.mydomain.org it remains stuck07:24
wingarmacthe server is DMZ, and the prot 22 and 8080 to 80 are open for the desktop LAN IP07:24
wingarmacthat's for the router07:25
alkisgYou've mentioned 4 domains so far, while 2 are needed07:25
alkisgWhat is ubcynt.mydomain.org?07:26
wingarmacI do not understand what you mean? I've pc1 and pc2 and would like to be able to access them with url pc1.mydomain and pc2.mydomain07:27
alkisgI mean you mentioned server.mydomain.org, desktop.mydomain.org, serv.mydomain.org, ubsynt.mydomain.org and computername.mydomain.org07:28
alkisgFirst, does ssh server.mydomain.org work?07:28
wingarmacit where exemples. I didn't mean to confuse you. I try to avoid to mention my real domain by the way.07:29
wingarmacit's not ment for public use.07:29
wingarmacI need the public network because I've computers on different sites07:29
arraybolt3For the sake of example, make up a random domain name for each of the servers and then stick with that name for each server, that way we can keep which one is which straight.07:29
wingarmacalways behind a NAt07:29
alkisgSure you don't need to reveal your domain, but keep the subdomain examples stable, otherwise we're getting confused07:29
wingarmacI do my best.07:30
alkisgSo, server is the remote one that has the service, desktop is a local one, and pc1 / pc2 are going to use desktop to reach server?07:30
wingarmacservice is on each self hosted07:31
wingarmacthe server is the pinpoint for the domain I could evantualy use a proxy. I do not yet know.07:32
wingarmacI try to make sence of the ssh options I've so far07:32
alkisgTry to write a paragraph where you explain the problem from the start07:32
wingarmacThat's what I'm intend to: https://forum.virtualmin.com/t/from-webmin-port-to-ssl-443-on-wan-domain-name/119065/33 For now I try to find the easies fastest and cheapest way to set this up.07:33
wingarmacI do this for free, so i do rather not have to rent other srevices07:33
wingarmacSo i go on to the advice of arraybolt3 and try to understand how it works and how it could be usefull to me by the way07:35
* alkisg didn't understand the problem and leaves this up to arraybolt3 :D07:36
* arraybolt3 was just about to go afk :D07:43
Guest4Hello09:59
Guest4Testing09:59
alkisgGuest4: test was successful10:02
test4Testing again10:03
NatSocSiDsuccessful again10:13
Alexey__http://45.84.227.55:8080/temp/02.%20Mr.%20Credo%20-%20Cosa%20Nostra.mp317:39
oerheksAlexey__, stop spamming ubuntu channels, thanks17:42

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!