I want to make my MBL accessible while sitting behind a consumer level NAT-firewall that I won't be able to manually configure. I know most routers do support UPnP, and user basos has provided a very detailed setup script for miniupnpc, but was told this technique is not secure at all. Plus, for security reasons, many routers have this capability disabled. I read briefly about NAT-PMP and seems more secure, but no word about its support by various routers.
On other forums, one advocated the use of OpenVPN, but guides for it require first that the user manually opens a port, which doesn't follow constraints. Is there a reliable and secure way to build a door through a NAT that would only open given proper authentication, effectively making it a tunnel accessible to distant applications given proper authentication? I am NOT talking about dynamic DNS update, this is already taken care of.