Connecting to a private network using a server with public IP

I have a computer (I’ll call it server) that has a public IP that I can access through ssh from everywhere with an internet connection (tested). This same computer has another ethernet connection that connects to a private (192.168…..) network (I can ssh the server and then ssh another computer on the 192.168…. network). I want to be able to have a computer (I will call it client) connected to the internet that can interact with the second network of the server as if the client was connected to that network (i.e. like if the client had an IP 192.168… on the server secondary network).

Is VPN an option for this problem? I have followed this OpenVPN tutorial without success, I suspect that it might be because the Ubuntu installed on the server is ubuntu-desktop, not the server version. If VPN is an option, is there any tutorial that does not assume ubuntu server but ubuntu-desktop? If VPN is not an option, how should this be done?

Is it possible to send packet to IP address behind NAT if you know public and local IP?

So I’m playing with WebRTC and I’ve found that you can get public IP and local IP of other computer.

Here is my code that show IP https://codepen.io/jcubic/pen/yvMeRg?editors=1010 (the code is used to transfer the files between computers but it also show the IP of other party).

Can I with this information some how send a packet to the other party? Or the route the packet travel is something that is decided by routers and protocols.

Can anyone do something with this information to harm the person behind the NAT?

Secure Android App Public API

I am facing a programming challenge which I do not know how to solve in a most appropriate way.

We are programming an Android App which is using an API we are providing for this purpose.

While the data the api is providing is not secret, we still want to limit the amount of requests a user can make. Per requests a user can get search results for about 10-20 items around their location. We would like to avoid someone to just use the api and get the entire database by sending requests for various locations.

An important feature of the app is that it works without registration.

So here is my challenge: how can i identify individual devices the app is installed on and verify those are real devices? I could have the app send e.g. the IMEI number with each request, but I would not be able to verify on the server side the IMEI is real and not faked.

Is there maybe a download verification token which gets generated when the app has been downloaded from the PlayStore? This way individual installations could be identified and blocked if that token makes malicious requests.

I would just like to achieve that only real app installations are being allowed by the API, and that bots, Dos attacks etc. are being blocked.

I would appreciate any hint to the right direction.

Cheers,

Create a class student with public member variables

Create a class Student with public member variables: Student name, student number, contact number, ID number. The following specifications are required:

 Add init() method of the class that initializes string member variables to empty strings and numeric values to 0.

 Add the method populate() to the class. The method is used to assign values to the member variables of the class.

 Add the method display() to the class. The method is used to display the member variables of the class.

 Create an instance StudentObj of the class Student in a main program.

 The main program should prompt the user to enter values for five students. The attributes should be assigned to the instance of Student using its populate() method, and must be displayed using the display() method of the instance of Student.

Authenticate Static Public Keys

How can a static ECC public key be authenticated when being shared between the client (who has just created the static ECC public key) and the CA (Certification Authority) – who will sign and send the client’s static public key to another node in the network??

Background context: The client and another node will both generate ephemeral ECC keys for a ECDHE key exchange. The ephemeral ECC public keys will be signed with the static ECC keys to prove the authenticity of the ephemeral ECC keys. But when the static ECC keys are generated and sent to the CA, how can their authenticity be proven??

Additional Encryption of SSL certificate and Public key before handshake?

I am currently working on a security-based product (VPN) and we have one critical requirement that I am unable to figure out.

The connection between the User and the VPN server is based on the OTP (One-time Pad) algorithm and I also have SSL on the server.

At the SSL handshake level, the certificate is sent over to client for verification. But we wish to encrypt the certificate as well using OTP before it is sent over the network.

The client is an iOS app. I am also looking for a solution so that the OTP encrypted certificate is first validated at the device level, before it is validated by the SSL handhshake. It is an additional security level that we wish to integrate.

Any idea how can I do this? As far as I know, the SSL handshake is an automated process and cannot be controlled.

I came across this network where public IP = local IP

What I mean by that is when I type ifconfig, what comes up is the same with when I use an online website to get my public IP adress. (such as ipchicken.com)

It is a WPA2-Enterprise MGT network. (it needs both a username and a password to login)

All that comes up on Wireshark are ARP brodcasts by what I’m assuming is the DNS server. I tried running Responder in analyze mode, which warned me that I was outside the subnet and could use ICMP redirecting in the network (showed this message 3 times, and showed different IP adresses each time.) After this, nothing came up at all. I can still do a NetB Scan to see other devices in my subnet (/24 yields nothing, while /16 shows a bunch of machines)

Can you guys help me identify this network? I’d really appreciate your help!