=== chris14_ is now known as chris14 [03:18] Can I bridge two home networks togheter ? I've two addresse on different sites that should be part of the same home network. [03:19] I thought I could use a fixed public ip and ubuntu server to apply this, but I do not know where to start. [03:20] I do no few about servers and WAN IP networking [03:21] If you ask what for, I should say anything that could be done on a home network. [03:26] it's the same as this https://superuser.com/questions/1192609/connecting-two-routers-with-separate-internet-connectionswan [03:26] How can I achieve this? [03:27] On one site I've a fixed public IP. [03:30] I've difficulties to bridge the WAN IP with my server though. This isn't clear to me, and the provider who is another one in my case do not provide any support except for professionals. https://www.edpnet.be/en/support/installation-and-usage/internet/manage-proximus-hardware/how-can-i-install-and-configure-my-b-box3-modem.html [03:30] Wich I'm not [03:59] wingarmac: you want to connect two separate networks which are in different physical locations and are only connectable through the internet. your goal is to be able to reach, from your desktop, systems on the remote network, as if the were on yours. and vice versa. [04:00] if that's an adequate description, what you want is probably a site-to-site vpn. i would recommend using wireguard. [04:09] wingarmac: i see you're getting help in #networking instead, good. but please don't cross-post in the future, or let us know when you do. [04:53] tomreyn Sorry I didn't, I was waiting for any answer. And they just did first. [04:54] I will add that the request is also posted on th other channel [04:56] could you guide me trough the vpn setup maybe ? i also messed up with the bridge to my nat router. [04:56] I'm onubuntu server 22.04 lts [04:58] https://termbin.com/1tvtp [04:59] I've folowed these steps but with another ISP on the same router to bridge it with my server: https://www.edpnet.be/en/support/installation-and-usage/internet/manage-proximus-hardware/how-can-i-install-and-configure-my-b-box3-modem.html [05:02] can't help you set up the vpn, no [05:03] and for this bridge with the router? cat /etc/netplan/network.yaml | nc termbin.com 9999 https://termbin.com/lt4h [05:04] this router is a SO/HO one, not a proper device. you will probably not be able to set up wireguard on it, probably no vpn at all (but you can still do it on a system on the lan with port forwarding) [05:05] Like this: https://www.edpnet.be/en/support/installation-and-usage/internet/manage-proximus-hardware/how-do-i-set-up-a-port-forwarding-on-my-b-box-3.html [05:06] That's already important to me. All procedures I found do not match with that router [05:07] tomreyn you mentioned : but you can still do it on a system on the lan with port forwarding - Does it mean distant computers may still be part of this VPN right ? [05:09] they can be the vpn servers / gateways for each of the two sites, yes. [05:10] but if port forwarding is a new concept to you then i'm afraid that setting up a site-to-site vpn will likely make your head explode [05:10] haha [05:11] * mybalzitch ducks [05:12] I'll think I'll be glad to try and see for myself what I'm able to. I'll probably understand much more with my mistakes where I found a solution for (with help or not) as with the explanations I found on the net. [05:12] I'm going to go out on a limb and suggest SSH tunneling here. [05:12] You can make a port on a remote machine available as a port on a local machine by SSH'ing into the remote machine with the right settings. [05:13] So something like "ssh myuser@remote.system -L 7897:localhost:7897" makes port 7897 on remote.system become accessible by connecting to 127.0.0.1:7897. [05:13] like suggested on https://www.ssh.com/academy/ssh/tunneling-example : ssh -R 8080:localhost:80 public.example.com ? [05:14] Yeah that's fairly similar. [05:14] Only using -L makes a remote port available on the local system, and -R makes a local port available on the remote system, IIUC. [05:15] Also SSH has the ability to make VPNs, I believe - it's documented in the man page for SSH. [05:16] "ssh contains support for Virtual Private Network (VPN) tunnelling using the tun(4) network pseudo-device, allowing two networks to be joined securely." [05:16] What I'm intend to: https://forum.virtualmin.com/t/from-webmin-port-to-ssl-443-on-wan-domain-name/119065/33 [05:17] Thanks, that sounds like a good path to follow to me. Will this work with Open VPN or Wireguard ? I [05:19] Or is it like a build-in option to set up ? [05:19] wingarmac: I've never done it before, however the manpage is showing everything being done with "ssh", "ifconfig", and "route", so I think it's a kind of built-in thing. [05:20] Okay, I see. I'll have to test it. [05:20] Thanks ! [05:26] I did as root : ssh -R 8080:localhost:80 server.mydomain.com and it prompted for a password. I gave my root password in but it wasn't accepted. Any clue why? [05:27] wingarmac: It wants the password for root on server.mydomain.com. [05:28] You may want to specify a user before server.mydomain.com, since frequently on Ubuntu there is no root password. [05:29] do I need to log to the user account and do sudo instead or do I need to create an ssh account. I do not understand ? [05:31] wingarmac: When you ssh into a machine, you log into the remote machine as some user. [05:31] wingarmac: So just like how you would log into your local machine with a username and password, you log into the remote machine to. [05:31] I'm on ubuntu server 22.04 lts I use the same pass for my user and root account [05:31] wingarmac: When you log into the remote machine, it wants a password for the user you're logging into the remote machine as. [05:32] So if the remote machine has a user "user" with password "pass", and you ssh into user@server.mydomain.com, it will want the password "pass". [05:32] wingarmac: It wants the *remote* password, not the local one. [05:32] so far I understand, but how should I mention the user like it should in this command? ssh -R 8080:localhost:80 server.mydomainname.org ? [05:33] or how to create a remote user ? [05:33] or give remote access to some users with a group ? [05:33] wingarmac: ssh -R 8080:localhost:80 myuser@server.mydomainname.org [05:34] (You put a @ before the domain.) [05:37] yes ! you did it ! it worked. so know my server should be linked with his hisname.mydomain.org [05:38] Can I do this with the second PC, my desktop to? Should I enter this command into the server (DMZ) or on the client on the same NAT as the server. [05:39] Ish - using the -R switch will let you access a port on the remote machine as if it were a port on the local machine. [05:40] So like right now if your remote server connects to port 80, it will be the same as if it connected to port 8080 on the local machine. [05:40] *if your remote server connects to 127.0.0.1:80 [05:40] (If I'm understanding the -R switch right - I could have that backwards, this always sends my brain for a bit of a loop) [05:41] If you want a full-on VPN, you'd have to do more involved setup. [05:41] `man ssh` is your friend - that will show you the documentation for the ssh command, which may be considerably more helpful than a tired stranger with only a vague grasp on how some of this works :P [05:41] I did on the server side: ssh -R 8080:$(LOCALIPSERVER):80 wingarmac@serv.mydomain.org [05:43] So now if you access 127.0.0.1:8080 on the client side, it should access port 80 on the remote side. [05:43] I'm testing how far Webmin works without the VPN on my domain name with your suggestion. Afterwards, if it's needd I'll check for VPN. Can I replace LOCALIPSERVER with LOCALIPDESKTOP and desktop.mydomain.org ? Do I need to do it [05:44] on the server side or desktop side? [05:44] As long as you can get what's forwarding to what straight, you ought to be able to get it to work either way. [05:45] https://computername.mydomaine.org registered into my A records should be accessible behind a NAT router. [05:45] It's the case of my server already. Now see if it can find my desktop so to .. [05:46] I've a client on the neighbours nat connected to try the url of my computer from a distant one. She has another provider at top of that. [06:04] I've Warning: remote port forwarding failed for listen port 8080 - I've been on the net and did set into the router: [06:04] SSH TCP EXT_port 22 0 IN_port 22 LOCAL_DESKTOP_IP Any [06:05] OTHER TCP EXT_port 8080 0 IN_port 80 LOCAL_DESKTOP_IP Any [06:05] Any cleu why I still get this ? [07:18] to have the distant computer opening as source localhost:port by using computername.mydomain.com (server and desktop behind an isp nat router) [07:18] it's to access a self hosted application trough a web browser on a specific port, without having to enter it, the name of the computer should sufise. [07:18] ssh -L 10666:server.mydomain.org:80 [07:18] ssh -L 10999:desktop.mydomain.org:80 [07:18] Will this work ? [07:18] Reference: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding [07:19] wingarmac: you have two PCs, server and desktop, and both of them are behind NAT? [07:20] yes [07:21] ssh -R 8080:localserverIP:80 wingarmac@serv.mydomain.org [07:21] wingarmac: and you've done SSH port forwarding, so you can ssh from the desktop to the server? [07:23] Did you open port 22 in the router of the server pc? [07:24] when I try ssh -t serv.mydomain.org ssh ubcynt.mydomain.org it remains stuck [07:24] the server is DMZ, and the prot 22 and 8080 to 80 are open for the desktop LAN IP [07:25] that's for the router [07:25] You've mentioned 4 domains so far, while 2 are needed [07:26] What is ubcynt.mydomain.org? [07:27] I do not understand what you mean? I've pc1 and pc2 and would like to be able to access them with url pc1.mydomain and pc2.mydomain [07:28] I mean you mentioned server.mydomain.org, desktop.mydomain.org, serv.mydomain.org, ubsynt.mydomain.org and computername.mydomain.org [07:28] First, does ssh server.mydomain.org work? [07:29] it where exemples. I didn't mean to confuse you. I try to avoid to mention my real domain by the way. [07:29] it's not ment for public use. [07:29] I need the public network because I've computers on different sites [07:29] For the sake of example, make up a random domain name for each of the servers and then stick with that name for each server, that way we can keep which one is which straight. [07:29] always behind a NAt [07:29] Sure you don't need to reveal your domain, but keep the subdomain examples stable, otherwise we're getting confused [07:30] I do my best. [07:30] So, server is the remote one that has the service, desktop is a local one, and pc1 / pc2 are going to use desktop to reach server? [07:31] service is on each self hosted [07:32] the server is the pinpoint for the domain I could evantualy use a proxy. I do not yet know. [07:32] I try to make sence of the ssh options I've so far [07:32] Try to write a paragraph where you explain the problem from the start [07:33] That's what I'm intend to: https://forum.virtualmin.com/t/from-webmin-port-to-ssl-443-on-wan-domain-name/119065/33 For now I try to find the easies fastest and cheapest way to set this up. [07:33] I do this for free, so i do rather not have to rent other srevices [07:35] So i go on to the advice of arraybolt3 and try to understand how it works and how it could be usefull to me by the way [07:36] * alkisg didn't understand the problem and leaves this up to arraybolt3 :D [07:43] * arraybolt3 was just about to go afk :D [09:59] Hello [09:59] Testing [10:02] Guest4: test was successful [10:03] Testing again [10:13] successful again [17:39] http://45.84.227.55:8080/temp/02.%20Mr.%20Credo%20-%20Cosa%20Nostra.mp3 [17:42] Alexey__, stop spamming ubuntu channels, thanks