An essential aspect of networking is the creation of small connections, often only a single port or IP address range and frequently done in a secure manner. These are called tunnels.
For implementing a tunnel between two or more networks for the purpose spanning between them is referred to as a VPN. A popular software tool for this is OpenVPN. As per usual, the man page sums up the functionality elegantly:
openvpn - secure IP tunnel daemon
Since OpenVPN is quite configurable and has a vast array of feature, the focus here will be on a simple example of connecting two hosts. For this example, the addresses of the hosts will be 192.168.1.27 and 192.168.1.28 respectively.
Begin by creating a simple key, for the sake of the example, consider a secret static key to encrypt the tunnel connection.
openvpn --genkey --secret name_of_key
By default this will create a 2048-bit static key. Note that this type of non-TLS key is quite dangerously insecure, but it is useful for running tests on a connection between host addresses before an eventual TLS server is setup.
Go ahead and copy both of the servers using a program such as scp:
scp -i ~/.ssh/id_name /path/to/name_of_key email@example.com:/upload/dir/
To begin, on the 192.168.1.27 host, the start and end of the tunnel can be specified using the --ifconfig flag. The starting IP address of this host can be itself and the tunnel end can be the other host, 192.168.1.28. For the sake of simpilicity, call the device `tun1` for tunnel 1 and set a high-ish verbosity of level 5.
openvpn --dev tun1 --ifconfig 192.168.1.27 192.168.1.28 --verb 5 --secret name_of_key
On the 192.168.1.28 host do the same, swapping the start and end tunnel IP addresses, like so:
openvpn --dev tun1 --ifconfig 192.168.1.28 192.168.1.27 --verb 5 --secret name_of_key
With this complete, the tunnel should be active and accepting connections. Do a quick check using the ip command, and then test it using ping or mtr. Try this out on both hosts; for the 192.168.1.128 host, it would be something like this:
If the other host responds, then the tunnel was setup correctly. Please note that this should not be used as a permanent solution since it is quite insecure.
If this fails, then consider taking a brief look at iptables or other firewall software and determine if perhaps a rule is blocking the device or IP.
At this point, various small networking tests (e.g. of a log reader or web app) could be done before setting up a TLS server and signed key with certificate authority.
That more-or-less demostrates how to quickly setup a tunnel between two hosts using OpenVPN. Quite a lot of features could use an article in of themselves, especially with regards to fine-tuning of the config file.
With this in mind, there is a new technology that will eventually be bundled with the Linux kernel, WireGuard.
Note that as of the writing of this article, WireGuard is still considered bleeding-edge and thus may not yet be production ready. In a few years, however, it will likely become mainstream due to its simple configuration and fast speed when compared to older VPN technology.