+-----------------+
| . local server  |
+-.---------------+
< . >
< . >
< . >
< . >
< . >
+-.-----------------------+
| . serveo/localhost.run  |
+-.-----------------------+
< . >
< . >               +----------------------+
< . >               |   .   raw data       |
< . >               | < . > encrypted data |
< . >               +----------------------+
+-.----------+
| . clients  |
+------------+

hellow,

i wanna host things (nextcloud, bin, syncthing) myself but im under cg nat so i cant do it the regular way. i have to tunnel my way out. the only concern is that, the raw data is readable by the ssh server (ie. serveo/localhost.run), but i dont anyone elses eyes on my data

sorry for my broken english.


edit:


please clarify me.

if i setup a vpn which provides encryption on my local server, can i go like this

+------------------+
|   . local server |
+-< . >------------+
 << . >>
 << . >>
 << . >>
 << . >>
 << . >>
+-< . >----------------------+
| < . > serveo/localhost.run |
+-< . >----------------------+
 << . >>
 << . >>               +-------------------------------------+
 << . >>               |    .   raw data                     |
 << . >>               |  < . > vpn encrypted data           |
 << . >>               | << . >> vpn encrypted data over tls |
 << . >>               +-------------------------------------+
+-< . >-------+
|   . clients |
+-------------+

sorry i dont know how to express this in words


this is what i was trying to say. so the idea, is that okay?

  • schizo@forum.uncomfortable.business
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 month ago

    Another (and to some degree more flexible AND simpler) solution is rathole: still requires you to host it somewhere, but it’s got a little more flexibility.

    Edit: I’m not a fan of VPN tunnels in general, because for most people all you’ve done is made a remote server that, if it’s compromised, will have unfettered and complete access to your internal network via the VPN tunnel.

    There are ways to mitigate that but, for what I suspect is the majority of people asking about how to do this, they’re outside of a reasonable technical ask.

    (Rathole works similar to an argo tunnel, in that it initiates a connection to the VPS, and then passes traffic limited to a specific port or application back and forth, rather than being a nice open tunnel.