this post was submitted on 28 Nov 2023
1 points (100.0% liked)

Homelab

371 readers
9 users here now

Rules

founded 1 year ago
MODERATORS
 

I have several machines that need direct in/out traffic through router port forwarding.
I have things setup already right now, using my domain name , pointing at my current static IP issued by the ISP.

But I will be transferring to another ISP and they don't offer static IPs. What's worst is the IPs issued are not only dynamic, but also private (so dynamic dns solution can't help)

So I need a way to maintain my exact setup (and port forwards) on the new ISP and I'm willing to pay for VPN like service if I have to. But I heard routing traffic through VPNs will slow down traffic which is my concern. I'm assuming VPN traffic is slow because of it having to hop around lots of proxy servers? If there was a VPN that just gives you static IP w/o proxy hopping, that would be best. I don't need the privacy, i just need the static IP and speed.

Looking forward to some helpful suggestions.

top 28 comments
sorted by: hot top controversial new old
[–] cruzaderNO@alien.top 2 points 11 months ago (2 children)

Tailscale and a cheap VPS running the exit node tends to be a common route.

Lets you expose services out without opening anything localy and gets you full control out from the VPS without ISP meddeling.

There are other alternatives but tailscale has the best free tier with upto 100 devices, exit node+router, solid access control and mfa.

[–] remivato69@alien.top 1 points 11 months ago (2 children)

hmmm i see.. i've head bout tailscale.. but how's the speed? will all traffic from home have to go thru the VPS (slowing down connection, and consuming costly VPS bandwidth)?

[–] cruzaderNO@alien.top 1 points 11 months ago

Tailscale negotiates a direct VPN to the VPS and all traffic going through the VPN goes through the VPS.
As for bandwidth its not really that expensive unless you need like 30-50tb per month type numbers.

If its specific machines you can install tailscale on those also and they make a direct connection.

I got on my phone,laptop,tablet etc so wherever i am it will use tailscale as middleman to find open ports and establish a vpn to home network.

[–] jkirkcaldy@alien.top 1 points 11 months ago (1 children)

You can get a a VPS with unlimited bandwidth, I use IONOS at work, it’s a 500mb connection on their end (1gig at work) we have multiple people streaming video/downloading files without issue.

[–] remivato69@alien.top 1 points 11 months ago

wow, ok, tnx for the leads.

[–] doob7602@alien.top 1 points 11 months ago (1 children)

Instead of the "cheap VPS" part, you might find you can use one of the free instances you can get in Oracle Cloud's free offering.

[–] hadrabap@alien.top 1 points 11 months ago

...and WireGuard it together. I also did this before I got static IPs...

Well, I used it as a VPN to go home, but the principle is the same.

[–] Parkave_dave@alien.top 1 points 11 months ago (1 children)

What about using DDNS vs an IP?

[–] remivato69@alien.top 1 points 11 months ago

hi there,
i'm unable to do that. I really need a static IP, also needed to maintain sessions, IP whitelists, and such.

[–] kY2iB3yH0mN8wI2h@alien.top 1 points 11 months ago (1 children)

There are VPNS that offer public IPs, some more enterprise grade VPNs can offer static IPs as well. But its not cheap.

Another way if traffic is mostly HTTP(S) based you can use cloudflare, seems to be the norm here.

Why are you moving to an ISP that does not support your needs? are you moving?

[–] remivato69@alien.top 1 points 11 months ago (1 children)

The current ISP's service have been terrible.... frequent down times, that usually take 5-24 hours to resolve. It's unbearable. We were thinking of getting starlink too.

Yes all traffic i need to forward are http based... so that cloudflare thing, did u mean the cloudflared tunnel thing they have? if so, i think I will need to create different tunnels for each port I want to open right?

the other issue that I have is i need a fixed IP in order to access remote databases we use in development. It's a security thing (our remote database server whitelists connecting IP)

[–] parkrrrr@alien.top 1 points 11 months ago (1 children)

I knew when you described being behind CGNAT that you were talking about Starlink. Starlink isn't necessarily a solution to your problems. I have it, and it's recently been pretty slow where I am, and their support is famously difficult to work with. If you have a terrestrial option, it's probably worth taking a good look at whether you really want Starlink. A few hours of reading in r/starlink may be able to help.

For your other issue, it seems like the best answer is for your employer to provide a VPN (a real VPN, hosted by the employer, not some janky BorgVPN thing whose only purpose is paying YouTubers to lie about what people use their service for.) That has the additional advantage of greatly simplifying the whitelist, which is good for security.

[–] remivato69@alien.top 1 points 11 months ago

hi
thanks for the insights

unfortunately employer wont be setting up VPNs anytime soon :(

[–] dingleberryfingers@alien.top 1 points 11 months ago (1 children)
[–] remivato69@alien.top 1 points 11 months ago (1 children)

And are you talking bout their service called Cloudflared? Because if so, will I need to create a cloudflare tunnel for each port i want to open?

[–] PineappleLower1062@alien.top 1 points 11 months ago (2 children)

No, you should be able to create one tunnel and pass all your traffic through it I haven't played with ports tho, only sub domains (i have a reverse proxy behind it)

[–] dingleberryfingers@alien.top 1 points 11 months ago

Yeah this is his I do public facing stuff.

[–] remivato69@alien.top 1 points 11 months ago

well that's cool. But I do have to install cloudflared onto each of my server/machines right? And what about machines i need to connect to that doesn't have a regular OS (like a smart vacuum cleaner's GUI)?

[–] RoganDawes@alien.top 1 points 11 months ago (1 children)

Free Hurricane Electric IPv6 tunnel.

[–] remivato69@alien.top 1 points 11 months ago (1 children)

Free Hurricane Electric IPv6 tunnel

I've never heard of this one but tnx for the lead!

[–] parkrrrr@alien.top 1 points 11 months ago (1 children)

You might not even need it, depending on where you are in the world. Starlink assigns IPv6 addresses differently than they assign IPv4 addresses, so you could potentially use dynamic DNS as long as you stick to IPv6 for all of your services. Still a violation of the Starlink TOS, of course, but who hasn't engaged in a little light TOS violation from time to time?

[–] remivato69@alien.top 1 points 11 months ago

haha yehbut i did try starlink before, and incoming traffic isn't getting thru. I will try again if necessary. Right now I want to use local ISP as it is cheaper, faster, more stable than starlink

[–] meldrik@lemmy.wtf 1 points 11 months ago

The easiest would be to use Cloudflare Tunnels. It is also free.

[–] qwertyvonkb@alien.top 1 points 11 months ago

All the 5,000,000,000 posts about this wasnt enough?

[–] dev_all_the_ops@alien.top 1 points 11 months ago (1 children)

What do you mean the addresses are private? Are you double NAT-ed?

As others have mentioned, tailscale or Cloudflare tunnels can solve your problem

[–] remivato69@alien.top 1 points 11 months ago

The IP address they issued me isn't accessible publicly, and port-forwarding isn't possible.

I'll look into these altertnatives, thanks

[–] therealtimwarren@alien.top 1 points 11 months ago (1 children)
[–] remivato69@alien.top 1 points 11 months ago

Total Views40%Upvote Rate-25Community Karma2Total Shares

haven't heard of L2TP service, but thanks, ill look it up