I do it at Wormhole[1] in a very similar fashion to "vpnazure"; also with SoftEther.
Why would you rather "punch yourself and ssh port"? Do you mean that your main problem with vpnazure and the like is the need of an agent/client software installed? I am not sure I understood your concern, but I would be very interested in hearing more about it. Feel free to email me to the address on my profile if you prefer, although a reply here works for me.
IMHO the best way to make it transparent for any application is to have a virtual interface. It offers an expected environment for any new or legacy app (instead of proxying stuff explicitly).
That's seems like an awesome service, thank you for the work!
> main problem with vpnazure and the like is the need of an agent/client software installed
Yes, and at the same time vpnazure creates a vpn set up (I think it's server/client set up, not bridge), while for my simple usage I only need a single TCP connection through which I'd work with SSH. And from this point, I could spawn a ssh tunnel and forward the needed traffic through it, alleviating the need of vpn. Maybe it is a really basic use case, but for work/home environment I find it to be the thing I actually need, and not the full blown vpn.
Another problem with vpnazure I had is that I'd have no way of seeing where the traffic flows inside the vpn interface. Thinking about it now, probably could be seen in traceroute. But at the time, I thought about looking into tcpdump of vpnserver or setting up a firewall. And that was too complicated for my hobby set up. The point of my concern was that I wanted to see whether any traffic is leaking onto third party servers managed by SoftEther or otherwise. Of course I'd want the traffic to flow across the internet, but I'd expect it to take the path it would take if one of the nodes was a natural server.
Also, all the traffic is managed by vpnserver (softether's one), which makes it a little opaque in terms of where the packets go out of that process.
Of course a client would be inevitable for any hole punching SaaS, but preferebly I'd like if it'd only run during the connection establishment period of time.
I think what you're looking for is https://ngrok.com/ - it's quite popular among developers.
> Another problem with vpnazure I had is that I'd have no way of seeing where the traffic flows inside the vpn interface. Thinking about it now, probably could be seen in traceroute. But at the time, I thought about looking into tcpdump of vpnserver or setting up a firewall. And that was too complicated for my hobby set up. The point of my concern was that I wanted to see whether any traffic is leaking onto third party servers managed by SoftEther or otherwise. Of course I'd want the traffic to flow across the internet, but I'd expect it to take the path it would take if one of the nodes was a natural server.
> Also, all the traffic is managed by vpnserver (softether's one), which makes it a little opaque in terms of where the packets go out of that process.
I see what you mean and I understand your concerns.
If you'd like to see the path from your connection to the VPN servers you can always do a traceroute to its public IP. However for concerns regarding what they do at the server level, if a 3rd party manages the VPN server, you only have your trust in them and their degree of transparency. Next step would be to go self-hosted, but then you need to trust the hosting provider too.
vpnazure kinda does this, but has the overhead of softether vpn service on top of it... I would rather go with punching myself an ssh port.