this post was submitted on 06 Jul 2024
28 points (100.0% liked)

Linux

48190 readers
1266 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

My issue is that many of my remote desktop apps require knowing the IP adress of the other PC. I'm looking for a VPN that auto-discovers other devices on the same network. That way I could just "ssh" into the same IP every time, because it would be IP inside of a virtual network. Ideally I am looking a solution that does not require internet connection.

Thanks.

Edit: I should probably specify my usecase. I have a portable desktop and use VNC from a laptop to connect to it. To do that I need the IP of the desktop but that's different on a different network. This can be solved by using hostname.local as the "IP". (hostname is the "ubuntu" in "bob@ubuntu$:~/Documents") The solution is quite simple, I just haven't known about it.

top 26 comments
sorted by: hot top controversial new old
[–] [email protected] 15 points 4 months ago (1 children)

I don’t think you need a VPN here since you’re using an already secure protocol. Sounds like you’re mostly wanting a static IP address. You can configure the local router to hand out static IPs. Local DNS works too.

[–] [email protected] 0 points 4 months ago (1 children)

Static IPs are not a thing in most countries. You need an overlay network or dynamic DNS like NoIP.

[–] [email protected] 8 points 4 months ago (1 children)

Static IPs handed out by your local router are not dependent on having a static IP from your ISP. You do not need one to have the other. You can always have static IPs on your local network.

[–] [email protected] 2 points 4 months ago

Ah okay but is that useful in many cases? Only when you are home.

[–] [email protected] 8 points 4 months ago (1 children)
[–] [email protected] 1 points 4 months ago (1 children)

I don't want to be mean but searching "DNS hostnames" just gives generic AI generated "DNS explained" articles. This answer is helpful only if you already know that mDNS exists.

[–] [email protected] 3 points 4 months ago

Sorry was busy but wanted to make the comment at least earlier. I think .local is specific to mDNS, but using just the hostname (ie; mypcname) should work as well.

[–] [email protected] 8 points 4 months ago (1 children)

mDNS solves this. It may actually work out of the box. Try ssh'ing into your-device-name.local. If that fails, check your devices' names and if they have Avahi/Bonjour/mDNS enabled.

Something like Tailscale will set up a VPN with hostnames and IP addresses for you (and you can host your own entry server if you don't want to use the cloud stuff). That'll work across networks. It'll also add overhead and it's probably overkill for your use case, though.

[–] [email protected] 4 points 4 months ago (1 children)

Thanks, it does indeed work. I guess I'll add a wireguard tunnel so that I won't have to bother with the "do you trust the fingerprint?" every time I'm on a different network or when the IP changes.

[–] [email protected] 6 points 4 months ago (1 children)

If you use the .local syntax, and the device name stays the same, I think the domain name based fingerprint should prevent the "do you trust this fingerprint" problem.

If you want to avoid the question all together, you could set up an SSH certificate authority (quick guide here, less dense guides are available on the internet). By signing the servers' host keys, you can prevent the trust on first use prompt entirely, even for servers you may not have logged into before.

[–] [email protected] 2 points 4 months ago (1 children)

Actually I want to use the wireguard tunnel regardless because right now I am tunneling VNC through SSH, which is laggy because it's TCP. But thanks either way.

[–] [email protected] 2 points 4 months ago

Ah, in that case I would definitely recommend taking a look at Tailscale!

[–] [email protected] 7 points 4 months ago (1 children)

couldnt you use device / hostname instead?

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago)

Unfortunately the router at my gf's house does not resolve the hostname, so no. Though thanks for the suggestion, I feel kinda stupid for not trying that.

Edit: I'm a noob. Solved by adding ".local" suffix after the hostname.

[–] [email protected] 6 points 4 months ago (1 children)

You can configure wireguard to achieve this solution.

You can always enable mDNS/DNS-SD (aka zeroconf) protocol as well

[–] [email protected] 2 points 4 months ago

Thanks, I did not know about mDNS. I will use this.

[–] [email protected] 5 points 4 months ago

I'm looking for a VPN that auto-discovers other devices on the same network.

What does that mean? What are you actually trying to do?

[–] [email protected] 5 points 4 months ago* (last edited 4 months ago) (1 children)

Ipv6, Nebula, headscale, tailscale

[–] [email protected] 3 points 4 months ago (2 children)

Headscale is a downstream of tailscale, meaning it has a fraction of the features and is maintained by Tailscale employees.

But great for less trust.

[–] [email protected] 6 points 4 months ago (1 children)

Tail scale is currently in the building goodwill phase of the startup, there will come a day when the enshitification starts

[–] [email protected] 4 points 4 months ago

I mean, Github is literally the source of 2 operating systems I run. And most of my apps.

[–] [email protected] 1 points 4 months ago (2 children)

Yeah, but tailscale forces you to use logins from proprietary platforms, which is the reason I don't use it. It doesn't support a simple account creation and login with just an email and password.

[–] [email protected] 3 points 4 months ago

Really?? This is crazy.

Afaik headscale is the selfhosted server. You can likely login however you want.

[–] [email protected] 3 points 4 months ago

AFAIK they allow custom OIDC providers now.

[–] [email protected] 4 points 4 months ago* (last edited 4 months ago)

Bit confused about what you're looking for. If you're just SSH/VNC ing into devices on the same local network, then you can simply use their local IP address, which you can find with a command like ip addr and will rarely change, or their hostname if your network is configured properly. There are several GUIs that can remember connection info for you, so you likely will only need it once. It's also quite easy to scan the local network for SSH servers if you have nmap (nmap -p22 <your ip address range, e.g. 192.168.0.1/24>). If you need to connect to a device on your home network from a different network, any VPN software can achieve that. I'm not aware of any remote desktop solution that doesn't require a network connection, but your network doesn't necessarily need to be connected to the Internet.

Are you looking for a GUI that combines all those things?

[–] [email protected] 3 points 4 months ago

Not sure I understand either but when I need to tinker with devices from another network through the Internet I usually rely on Tailscale or setup my own dedicated VPN using e.g OpenVPN.