4

I have two linux machines behind NAT routers which I do not control. I want to use a third, publicly accessible server (some cheap vps) to act as a middle-man, where the two endpoints can both connect.

I could easily accomplish this by making the VPS the openvpn server, but then it would have access to all the decrypted traffic between the endpoints. How can I configure it so that the middle-man vps does not have access to the key (I plan to use shared keys for this).

user3243135
  • 105
  • 5
  • The actual problem isn't clear. What kind of communication do the linux machines need to have- host to host? Client to server? Network to network? What's the actual need? – Jonah Benton Sep 05 '16 at 20:47
  • 2
    I can't see how this is (sensibly) achievable given your constraints. If you can't do port forwarding on at least one of the NAT connections, this implies you are trying to subvert the local security policy.Maybe if you explained your constraints and the nature opf the traffic you were trying to route you might get a more helpful response. – symcbean Sep 05 '16 at 21:44

1 Answers1

1

Just use two openvpn-s - one to provide connectivity layer (baypassing NAT) and second one for "encryption".

Besides, it would be nice use for internal TOR-like project.

neutrinus
  • 1,125
  • 7
  • 18