How to access personal computer or network without port forwarding

It’s not always easy or possible to setup port forwarding so you can access your home PC or any other device through public IP your internet service assigns you. Problem is also if your ISP rotate IPs so you always need to keep track of it. One option is to try to convince ISP to give you static IP but traffic routing on ISP side can be also behind NAT, which might be complicated to configure and guys from ISP tend to tell you forwarding is not possible.

So what can you do about that? Sometimes nothing. 🙂

But if you incidentally have something like small virtual server (which you can rent for 4 bucks a month), you can use it to access your home network. I have 5+ machines in mine, 3 strong desktop PCs which I turned into servers (around $150 value on server market) that I could easily upgrade with more RAM or storage, 2 Raspberries, few Arduinos  (cheap DIY home automation).

Yes, right, where can I find server for $4/month you might think. It’s not that hard, for example, Kimsufi offers very cheap dedicated servers. Maybe you need to wait a bit to get the right price. They usually add new machines on daily basis. You can also rent virtual dedicated servers from Google or Amazon, which is quite cheep if you only use it for traffic forwarding. On the other side maybe you already work on the web and have your own servers which is then just added bonus of your home servers on demand.

Basic setup are two machines, one with public IP and your home PC.  Most of the times I forward requests to machines in home network like signals between Arduino and that PC or do some background processing which only needs to be triggered.

The idea is to create lite VPN network and to use Haproxy for port forwarding. For VPN purposes we are going to use Tinc, nice little but powerful piece of open source. In my case server with public IP is CentOS 6.3 and private behind the NAT server is Ubuntu server 16.04.

To install Tinc daemon on CentOS use:

yum install tinc

And on ubuntu server use:

apt install tinc

Of course, if you’re not logged in as a root you need to prefix commands with sudo. It worked on my systems with no problem and as you know CentOS 6.3 is quite ancient version. To check if it is installed properly type:

tincd --help

It’s useful to read what options you have available with Tinc daemon and that’s exactly what help parameter provides.

Now, lets give your server with static IP name “cloud” and private one “home”. Also we are going to create network interface for both servers inside tinc startup script, which we can name tinc-up. We also need tinc-down script which will tinc use to shutdown interface when it’s not running.

So first open default tinc config file on each server:

vi /etc/tinc/tinc.conf

and add following:

Name = cloud
AddressFamily = ipv4
Interface = btc0

in “cloud” config and

Name = home
AddressFamily = ipv4
Interface = btc0

in “home” config. Now open/create tinc-up file:

vi /etc/tinc/tinc-up

and add following:

ifconfig $INTERFACE netmask

for “cloud”, and

ifconfig $INTERFACE netmask

for “home”. You also need to open/create tinc-down file on both servers:

vi /etc/tinc/tinc-down

with following content:

ifconfig $INTERFACE down

You might need to add executable permission on those files:

chmod ugo+x tinc-*

The only thing left is to create private and public keys for your servers and to exchange public keys between servers in your VPN, which in this case consists of only two servers. But adding more servers would be easy as repeating above steps. To generate keys do this:

mkdir /etc/tinc/hosts
tincd -c . -K

Finally, edit file in hosts directory to look like this:

Address = [IP address of cloud server]
Subnet =

[public key for the cloud server]

Do the same for both servers, except for the Address directive part which only need to be added on “cloud” server.

Now you only need to copy content of the /etc/tinc/hosts directory between servers:

scp your_user@x.x.x.x:/etc/tinc/hosts/cloud /etc/tinc/hosts
scp /etc/tinc/hosts/home your_user@x.x.x.x:/etc/tinc/hosts

and start tinc daemon on both ends:


If everything is fine you have a kind of VPN up and ready. It’s now quite easy to forward ports from your “cloud” server to any “home” server using Haproxy and some similar software. I’m going to revisit Haproxy setup in some other tutorial. Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *