Pro: 1Gb upload and download speeds on free Internet provided by the HOA. Con: As a self hoster, I have zero control over it. No port forwarding, no DMZ, no bridge mode. It’s Starbucks free WiFi with a wired connection.
Option A: Buy Google Fiber and don’t use free Internet. Option B: Create some elaborate tunnel through a VPS.
My public self hosted activities are fairly low bandwidth (password manager, SSH). I have a vague idea that I could point my domain to a low cost VPS that has a VPN tunnel into my home network for any incoming connection needs. That may require me to fill in port forwards on both systems but whatever. Tailscale is serving most of my remote needs but I still need a few ports. This does not fix the issue of online gaming port forwards (Nintendo Switch online requires a huge forwarded range for best performance) but oh well for now.
UPDATE: I think they’re using this system. https://www.cambiumnetworks.com/markets/multi-family-living/ The personal Wi-Fi overview makes it clear each AP is given it’s own VLAN which sounds a whole lot like the whole building is sharing one IP and there’s no way I’m going to get my own Internet access. They even detail how you can roam the building and maintain your WiFi connection across your neighbor’s and the common areas APs. This is the IPV4 future.
Haven’t had to use port forwarding for gaming in like 30 or so years, so I just looked up Nintendo’s website…
Within the port range, enter the starting port and the ending port to forward. For the Nintendo Switch console, this is port 1024 through 65535
LMAO, no thanks, that’s not happening.
For your question, you could likely route everything through a tunnel and manage the port forwarding on the other end of the tunnel.
Why not also remove the password from my wifi while im at it?
Relax guys. It’s a Nintendo Switch, those things never get hacked.
It’s not self-hosted, but Tailscale funnels are also an option.
What this guy says.
If you wanted to go the vps route, I have a 3GB KVM with racknerd that’s $28/year. Tailscale + tunnels, and bob’s your uncle
You can selfhost it on a vps with headscale
I don’t think headscale supports funnels.
That is true, I didn’t consider that as I don’t use them.
Option A modified: get a router, install OpenWRT, install wireguard, get a VPS, create a tunnel, profit
Or with opnsense as well
Yeah any FOSS OS that can do a router
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
5 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #843 for this sub, first seen 2nd Jul 2024, 12:15] [FAQ] [Full list] [Contact] [Source code]
If the HOA’s router supports UPnP/NAT-PMP/PCP then you might be able to use that to get some ports forwarded.
The setup is very strange. They don’t provide a router. They took the old phone lines going to each unit (which appears to have been done in Cat5 decades ago) and put an RJ-45 end on it. That plugs into a POE powered wireless access point with two more ports on it. Plugging my laptop in, the gateway does not respond to HTTP requests. The tech who installed it said I have to call the home office to change my wireless password. I got them to disable the wireless so I could put my router on the other end but I’m either running on a network that my shady small time ISP has full control over or I’m behind a double NAT. Speeds were 900+ up and down though.
I might see if I can get the AP re-enabled and let the switch connect to it directly if that even fixes the Switch’s NAT issues.
Sorry you have to deal with this. I know it wasn’t in your list of options, but you could attend HOA meetings, bring up the internet issue and see if they’ll change the current setup, or you could get elected to an HOA board and start pulling the strings of change. That’s more of a long-term goal though.
VPS + VPN is the cheapest option I believe for the services. It doesn’t have to be “elaborated”.
You can port-forward public VPS ports to your private addresses/ports. If you don’t want to use
iptablesyou can usefirewalld.The only “but” will be latency. For gaming it won’t perform as you may need.
If there providing IPv6 to you, port forwarding shouldn’t be necessary most of the time for online gaming.
Are they allowing UPnP upstream?
Assuming the Switch supports ipv6, and given how backward Nintendo’s tech tends to be, it wouldn’t surprise me if they didn’t.
Although at least nintendo.com has an AAAA record.
Hi there!
Sorry to necro this, but I’m in a very similar situation (subject to smartaira’s crazy vlan setup in an apartment) and I was wondering if any of the suggestions in this thread worked for your needs?
Tailscale, cloudflared tunnels, nebula
Headscale and zerotier as well
Yes you can do this. Two problems:
It isn’t fast. Watch your MTU.
Youll have to make sure return packets come through the VPS on their way back. You’ll have to set up those packets to masquerade on their way out, otherwise you’d see internal IPs on the internet (they get dropped immediately). You can either masquerade them on the inside so they appear to be coming from your VPS (internally), or if you want the destination computer to see the real Internet IP, you’d need to set up rules on the destinarion computer which routes packets through the VPS otherwise they’d return via the default gateway.
Set up a cheap VPS on DigitalOcean or the like, and run a Tailscale exit node. Put Tailscale on your devices at home (or get a 2nd router that allows you to run Tailscale on it) and join them to the same Tailnet. That’s the easiest way to accomplish this without getting too far into the weeds.
I’m not sure that it would fix all of your issues, but you could put some stuff behind a reverse proxy and use something like duckdns to setup dynamic dns.
A reverse proxy needs you to forward ports 80 and 443, unfortunately.
Not when used with Tailscale. You can put Tailscale on the VPS and on your home server, put Nginx on the VPS and point it to the Tailscale address for the desired service with your desired subdomain.
Voila, Nginx is serving your content through the Tailscale tunnel without edits to your home network. If Tailscale works, then this will work.
Cool, nice.
Maybe nginx does, but cloudflared does not, as far as I know (since it’s an outbound tunnel). I haven’t ever had to open any ports for cloudflared. However, it obviously requires you to use cloudflare.
A little searching seems like Cloudflare
Argotunnels might be a good route to try. And possibly free, though I’m not opposed to paying for a better service. There seems to be a fair amount of step by step documentation on this. I’ll demo this on my lab as I haven’t moved it to the new apartment yet.
why get a low cost vps to route the traffic through when you can just run the app on the vps?
It depends on the app. Yes, I could run my password manager on the VPS since that takes up virtually no space or bandwidth. The odd IP camera needs to be local, the Minecraft server with mods needs local CPU power and RAM (presumably).
Storage size, privacy, security, operating cost…I can think of several reasons. I use a cheap vps to help me route traffic to my ebook server, and I don’t have to pay for extra storage on the vps to hold all my comic books, which can be quite large when scanned in HD.
