My issue is that many of my remote desktop apps require knowing the IP adress of the other PC. I’m looking for a VPN that auto-discovers other devices on the same network. That way I could just “ssh” into the same IP every time, because it would be IP inside of a virtual network. Ideally I am looking a solution that does not require internet connection.
Thanks.
Edit: I should probably specify my usecase. I have a portable desktop and use VNC from a laptop to connect to it. To do that I need the IP of the desktop but that’s different on a different network. This can be solved by using hostname.local as the “IP”. (hostname is the “ubuntu” in “bob@ubuntu$:~/Documents”) The solution is quite simple, I just haven’t known about it.
I don’t think you need a VPN here since you’re using an already secure protocol. Sounds like you’re mostly wanting a static IP address. You can configure the local router to hand out static IPs. Local DNS works too.
Static IPs are not a thing in most countries. You need an overlay network or dynamic DNS like NoIP.
Static IPs handed out by your local router are not dependent on having a static IP from your ISP. You do not need one to have the other. You can always have static IPs on your local network.
DNS hostnames
I don’t want to be mean but searching “DNS hostnames” just gives generic AI generated “DNS explained” articles. This answer is helpful only if you already know that mDNS exists.
mDNS solves this. It may actually work out of the box. Try ssh’ing into your-device-name.local. If that fails, check your devices’ names and if they have Avahi/Bonjour/mDNS enabled.
Something like Tailscale will set up a VPN with hostnames and IP addresses for you (and you can host your own entry server if you don’t want to use the cloud stuff). That’ll work across networks. It’ll also add overhead and it’s probably overkill for your use case, though.
Thanks, it does indeed work. I guess I’ll add a wireguard tunnel so that I won’t have to bother with the “do you trust the fingerprint?” every time I’m on a different network or when the IP changes.
If you use the .local syntax, and the device name stays the same, I think the domain name based fingerprint should prevent the “do you trust this fingerprint” problem.
If you want to avoid the question all together, you could set up an SSH certificate authority (quick guide here, less dense guides are available on the internet). By signing the servers’ host keys, you can prevent the trust on first use prompt entirely, even for servers you may not have logged into before.
Actually I want to use the wireguard tunnel regardless because right now I am tunneling VNC through SSH, which is laggy because it’s TCP. But thanks either way.
You can configure wireguard to achieve this solution.
You can always enable mDNS/DNS-SD (aka zeroconf) protocol as well
couldnt you use device / hostname instead?