this post was submitted on 18 Jan 2024
37 points (93.0% liked)

Selfhosted

40313 readers
253 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

TLDR: VPN-newbie wants to learn how to set up and use VPN.

What I have:

Currently, many of my selfhosted services are publicly available via my domain name. I am aware that it is safer to keep things closed, and use VPN to access -- but I don't know how that works.

  • domain name mapped via Cloudflare > static WAN IP > ISP modem > Ubiquity USG3 gateway > Linux server and Raspberry Pi.
  • 80,443 fowarded to Nginx Proxy Manager; everything else closed.
  • Linux server running Docker and several containers: NPM, Portainer, Paperless, Gitea, Mattermost, Immich, etc.
  • Raspberry Pi running Pi-hole as DNS server for LAN clients.
  • Synology NAS as network storage.

What I want:

  • access services from WAN via Android phone.
  • access services from WAN via laptop.
  • maybe still keep some things public?
  • noob-friendly solution: needs to be easy to "grok" and easy to maintain when services change.
you are viewing a single comment's thread
view the rest of the comments
[–] jeena@jemmy.jeena.net 2 points 10 months ago (1 children)

I wanted to do something similar for a long time but somehow all my atempts failed. I tried the build in into a Fritzbox but my laptop never could connect. Later I tried the wireguard addon in homeassistant but same there.

[–] bneu@feddit.de 2 points 10 months ago (2 children)

But does port forwarding work for you, can you access your servers from outside your network?

If not, it's probably carrier-grade NAT. There are several ways to fix this:

  1. Call your ISP and ask them to give you your own dynamic IPv4 address.
  2. Use a service like tailscale (also available in Home Assistant)
[–] jeena@jemmy.jeena.net 2 points 10 months ago (1 children)

Yes port forwarding with everything else works well, I have no problem with port forwarding, running a lot of services from home.

[–] bneu@feddit.de 1 points 10 months ago

Then I don't know, I've set up several Wireguard VPNs on several Fritzboxes and everything works fine.

[–] stown@sedd.it 2 points 10 months ago (1 children)

Dynamic IP is one that changes. I think you meant static IP.

[–] bneu@feddit.de 2 points 10 months ago (1 children)

No, I specifically meant dynamic, because most ISPs only give static IPv4 for business plans, and a dynamic IP is fine if you use a dynamic DNS service (the Fritzbox has one).

[–] stown@sedd.it 1 points 10 months ago (1 children)

If you don't have a static IP then you will automatically have a dynamic one. You don't need to ask for a dynamic IP as that is the default. And I'm no idiot, I've used dynamic DNS services for for over 20 years.

[–] bneu@feddit.de 1 points 10 months ago

There is also Carrier Grade NAT, which basically means that you share an IP with other customers, so if you try to access your network from the outside, you will only end up at your ISP's router, where the network is divided up for a group of customers.