this post was submitted on 11 Nov 2023
57 points (91.3% liked)

Selfhosted

40211 readers
1489 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm connected via a 4G modem. Got this setup about 3 years ago. In the beginning it was enough to look for the public IP (what's my IP). The modem showed some sort of private ip in the ui. I'm running stuff at home (Homeassistant, Gitea,) and bought a domain and pointed it to my home IP via Cloudflare. After some time I've noticed my modem shows the public IP also internally. For about 2 years now it ran flawlessly, the IP changed from time to time, but not really more than once in several weeks. For about a week all stopped working and the modem shows IP 100.xxxx and outside 85.something I guess I'm behind NAT now. Normal port forwarding on the modem is useless now. Is it possible to open the ports via UPNP? I've tried via miniupnp from my Ubuntu server, but it just throws an error.

upnpc -a ifconfig enp1s0| grep "inet addr" | cut -d : -f 2 | cut -d " " -f 1 22 22 TCP

Can I use this to somehow open the ports via UPNP on my modem and bypass the blocking? I can't even OpenVPN to my modem anymore.

EDIT: i also run AdguardHome, that I use as Private DNS on my Android phone

UPDATE: everything except Adguard Home used as Private DND on my Android works! I've used this: https://github.com/mochman/Bypass_CGNAT/wiki/Oracle-Cloud-(Automatic-Installer-Script) - free Oracle VPS + automated well described script. Even HTTPS works fine!

you are viewing a single comment's thread
view the rest of the comments
[–] Dave@lemmy.nz 19 points 1 year ago (1 children)

You're already using cloudflare, so check out cloudflare tunnels. You install their software on your server which makes an outbound connection, bypassing the need for open ports or a public IP. Note this only does http traffic.

Another option is tail scale, which won't make your site public but will let you access it remotely on devices you have their software/app on.

[–] farcaller@fstab.sh 1 points 1 year ago (3 children)

I’m actually not sure you can easily get tailscale up and running om such as a setup as it uses the same cgnat ip range.

[–] Dave@lemmy.nz 7 points 1 year ago (1 children)

This page says (at the very bottom):

Tailscale can route its packets peer-to-peer over IPv4 or IPv6, with and without NAT, multi-layer NAT, or CGNAT in the path.

[–] farcaller@fstab.sh 2 points 1 year ago (1 children)

Yeah, you’re absolutely correct. I misread that thinking OP would have the CG NAT endpoint and taikscsle on the same physical device, which, I still think, would be a problem: you'd have two interfaces for 100.64.0.0/10. But if CG NAT terminates on the modem and you run taikscale on devices connected to it them there's surely no issue at all.

[–] c10l@lemmy.world 2 points 1 year ago (1 children)

I run it on my router which has the CG-NAT IP address.

Whilst you’re right that it could clash, it’s very unlikely (a 1 in 4194302 chance), I imagine Tailscale would detect the clash and change IPs though I could be wrong as it never happened to me (and probably never will - though in all fairness it will eventually happen to someone).

[–] farcaller@fstab.sh 2 points 1 year ago

I went looking into how that works, and, apparently, tailscale adds individual node routes (in table 52). So yeah, you have very low chances of getting into trouble even if you have an interface with 100.64/10.

[–] c10l@lemmy.world 6 points 1 year ago

Been using Tailscale behind CG-NAT for years. It works wonderfully and very rarely needs to route through the DERP infrastructure - it’s almost always a P2P connection.

[–] Greg@lemmy.ca 2 points 1 year ago (1 children)

I haven't had any issues running Tailscale and cloudflared on the same machines

[–] farcaller@fstab.sh 1 points 1 year ago

Sorry, I meant the OPs modem.