Yep, this is why NAT is evil and bad in every way except for extending the life of IPv4. OpenSSH supports VPN tunneling similar to how OpenVPN works (and I don't just mean standard port forwarding). Here is a link discussing it http://blog.rot13.org/2009/04/simple_network_to_network_vpn_with_openssh_and_tun_device.html Related Man Page: http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1#SSH-BASED +VIRTUAL -----Original Message----- From: Josh Paetzel <josh at tcbug.org> Reply-to: TCLUG Mailing List <tclug-list at mn-linux.org> To: tclug-list at mn-linux.org Subject: Re: [tclug-list] vpn solutions Date: Mon, 14 Feb 2011 10:12:44 -0600 Mailer: KMail/1.13.5 (FreeBSD/8.1-RELEASE; KDE/4.4.5; amd64; ; ) On Friday, February 11, 2011 08:13:58 pm T L wrote: > I think that there is a confusion between a public address and a static > one. Dynamic DNS to the rescue? > > Thomas Nope, that doesn't seem to be the confusion here. His ISP has him behind NAT, so he doesn't have a public IP that can be connected to. Take my situation: firewall external IP address is assigned by my DSL router via DHCP as 192.168.254.2 The DSL router gets a "public" IP of 192.168.254.254 from the DSLAM. Something upstream does NAT. The IP that I see on the other end of my link is 74.38.80.1. Hitting a website like whatismyip.com gives me a random IP in 74.38.80.0/24, but I can't connect back to that IP from a remote host, stuff just dies at whatever is doing NAT. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110214/ccae1bbd/attachment.html>