Let Cloudron (or a specific app) access your home network via VPN

nafets-lesierk

Disclosure: question may be indicative of a complete lack of knowledge; take it for what it's worth ...

General case: can Cloudron as such be set up so (in very far and inappropriate analogy to mounting a remote volume) that a remote IP can be reached via VPN, Cloudron quasi "acting" (ie the underlying OS providing accessible VPN client software) as a VPN client? Making that IP accessible to all apps within ...

Specific use case: I've got a SQL-database crunching smarthome data running on a dedicated-small-footpring-pc behind my fritz.box router at home. I can get a.) access to that DB from the outside via fritz.box'es own tunneling or b.) set up an OpenVPN server at home and make the PC available via that setup.
Now I would like to connect to that DB using a Cloudron Grafana installation, with Cloudron and Grafana on it being hosted in the cloud far away from home.
Is there a way to get that to work - perhaps it boils down to what one can tell Grafana to do!?

Cheers

Kubernetes

You may have a look at https://tailscale.com to solve that requirements.

girish

Depending on your setup, you can consider a SSH reverse tunnel. See https://forum.cloudron.io/topic/10391/understanding-external-storage/6

nafets-lesierk

Thanks @Kubernetes and @girish
1.) Tailscale - OK, sounds neat. Quick (and most likely incomplete) research shows that you need to install on all devices to be connected. That's easy for at home, but don't see how one could do that on Cloudron.
2.) As I would say: "Holla-die-Waldfee"; with a day job and 2 kids - not something I would have time (or competence) to look into - unless of course: there's a DIY manual somewhere ...
3.) Port forwarding. Why not? In principal I could expose the home machine and its DB and whitelist the Cloudron installation as the only one to be able to walk through the door. Neglected my day job and the kids to test that, only to fail given the dslite connection of my provider ...

nafets-lesierk

I know this is really cheesy in this nerdy environment - but, what to do?
ChatGPT says:

Yes, using reverse SSH (Secure Shell) tunneling is another approach that can be considered for accessing an IPv4 device behind a router in a DS-Lite environment. Reverse SSH allows you to establish a secure connection from the IPv4 device to a server with a public IPv4 address, and then you can connect to that server from an IPv6-enabled location.

So, perhaps @girish -> OpenVPN Server on Cloudron, SSH client on my home IPv4 device, initiate a reverse SSH tunnel to the server ... ?

Cheers

girish

@nafets-lesierk I wrote a guide for ssh tunnels now - https://docs.cloudron.io/guides/ssh-tunnel/

My understanding of your setup is that Cloudron is on a public server and your MySQL database is in your house. If that's the case, port forward the mysql server's ssh connection via fritz box. Then just setup a local port forwarding from the public server to mysql port via SSH.