Pro: 1Gb upload and download speeds on free Internet provided by the HOA. Con: As a self hoster, I have zero control over it. No port forwarding, no DMZ, no bridge mode. It’s Starbucks free WiFi with a wired connection.
Option A: Buy Google Fiber and don’t use free Internet. Option B: Create some elaborate tunnel through a VPS.
My public self hosted activities are fairly low bandwidth (password manager, SSH). I have a vague idea that I could point my domain to a low cost VPS that has a VPN tunnel into my home network for any incoming connection needs. That may require me to fill in port forwards on both systems but whatever. Tailscale is serving most of my remote needs but I still need a few ports. This does not fix the issue of online gaming port forwards (Nintendo Switch online requires a huge forwarded range for best performance) but oh well for now.
UPDATE: I think they’re using this system. https://www.cambiumnetworks.com/markets/multi-family-living/ The personal Wi-Fi overview makes it clear each AP is given it’s own VLAN which sounds a whole lot like the whole building is sharing one IP and there’s no way I’m going to get my own Internet access. They even detail how you can roam the building and maintain your WiFi connection across your neighbor’s and the common areas APs. This is the IPV4 future.
Haven’t had to use port forwarding for gaming in like 30 or so years, so I just looked up Nintendo’s website…
Within the port range, enter the starting port and the ending port to forward. For the Nintendo Switch console, this is port 1024 through 65535
LMAO, no thanks, that’s not happening.
For your question, you could likely route everything through a tunnel and manage the port forwarding on the other end of the tunnel.
Why not also remove the password from my wifi while im at it?
Relax guys. It’s a Nintendo Switch, those things never get hacked.
It’s not self-hosted, but Tailscale funnels are also an option.
What this guy says.
If you wanted to go the vps route, I have a 3GB KVM with racknerd that’s $28/year. Tailscale + tunnels, and bob’s your uncle
You can selfhost it on a vps with headscale
I don’t think headscale supports funnels.
That is true, I didn’t consider that as I don’t use them.
Option A modified: get a router, install OpenWRT, install wireguard, get a VPS, create a tunnel, profit
Or with opnsense as well
Yeah any FOSS OS that can do a router
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
5 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #843 for this sub, first seen 2nd Jul 2024, 12:15] [FAQ] [Full list] [Contact] [Source code]
If the HOA’s router supports UPnP/NAT-PMP/PCP then you might be able to use that to get some ports forwarded.
VPS + VPN is the cheapest option I believe for the services. It doesn’t have to be “elaborated”.
You can port-forward public VPS ports to your private addresses/ports. If you don’t want to use
iptables
you can usefirewalld
.The only “but” will be latency. For gaming it won’t perform as you may need.
If there providing IPv6 to you, port forwarding shouldn’t be necessary most of the time for online gaming.
Are they allowing UPnP upstream?
Set up a cheap VPS on DigitalOcean or the like, and run a Tailscale exit node. Put Tailscale on your devices at home (or get a 2nd router that allows you to run Tailscale on it) and join them to the same Tailnet. That’s the easiest way to accomplish this without getting too far into the weeds.
Yes you can do this. Two problems:
It isn’t fast. Watch your MTU.
Youll have to make sure return packets come through the VPS on their way back. You’ll have to set up those packets to masquerade on their way out, otherwise you’d see internal IPs on the internet (they get dropped immediately). You can either masquerade them on the inside so they appear to be coming from your VPS (internally), or if you want the destination computer to see the real Internet IP, you’d need to set up rules on the destinarion computer which routes packets through the VPS otherwise they’d return via the default gateway.
Tailscale, cloudflared tunnels, nebula
Headscale and zerotier as well
why get a low cost vps to route the traffic through when you can just run the app on the vps?
It depends on the app. Yes, I could run my password manager on the VPS since that takes up virtually no space or bandwidth. The odd IP camera needs to be local, the Minecraft server with mods needs local CPU power and RAM (presumably).
Storage size, privacy, security, operating cost…I can think of several reasons. I use a cheap vps to help me route traffic to my ebook server, and I don’t have to pay for extra storage on the vps to hold all my comic books, which can be quite large when scanned in HD.
I’m not sure that it would fix all of your issues, but you could put some stuff behind a reverse proxy and use something like duckdns to setup dynamic dns.
A reverse proxy needs you to forward ports 80 and 443, unfortunately.
Not when used with Tailscale. You can put Tailscale on the VPS and on your home server, put Nginx on the VPS and point it to the Tailscale address for the desired service with your desired subdomain.
Voila, Nginx is serving your content through the Tailscale tunnel without edits to your home network. If Tailscale works, then this will work.
Cool, nice.
Maybe nginx does, but cloudflared does not, as far as I know (since it’s an outbound tunnel). I haven’t ever had to open any ports for cloudflared. However, it obviously requires you to use cloudflare.
A little searching seems like Cloudflare
Argotunnels might be a good route to try. And possibly free, though I’m not opposed to paying for a better service. There seems to be a fair amount of step by step documentation on this. I’ll demo this on my lab as I haven’t moved it to the new apartment yet.