TLDR: VPN-newbie wants to learn how to set up and use VPN.
What I have:
Currently, many of my selfhosted services are publicly available via my domain name. I am aware that it is safer to keep things closed, and use VPN to access – but I don’t know how that works.
- domain name mapped via Cloudflare > static WAN IP > ISP modem > Ubiquity USG3 gateway > Linux server and Raspberry Pi.
- 80,443 fowarded to Nginx Proxy Manager; everything else closed.
- Linux server running Docker and several containers: NPM, Portainer, Paperless, Gitea, Mattermost, Immich, etc.
- Raspberry Pi running Pi-hole as DNS server for LAN clients.
- Synology NAS as network storage.
What I want:
- access services from WAN via Android phone.
- access services from WAN via laptop.
- maybe still keep some things public?
- noob-friendly solution: needs to be easy to “grok” and easy to maintain when services change.
I wanted to do something similar for a long time but somehow all my atempts failed. I tried the build in into a Fritzbox but my laptop never could connect. Later I tried the wireguard addon in homeassistant but same there.
But does port forwarding work for you, can you access your servers from outside your network?
If not, it’s probably carrier-grade NAT. There are several ways to fix this:
Yes port forwarding with everything else works well, I have no problem with port forwarding, running a lot of services from home.
Dynamic IP is one that changes. I think you meant static IP.
No, I specifically meant dynamic, because most ISPs only give static IPv4 for business plans, and a dynamic IP is fine if you use a dynamic DNS service (the Fritzbox has one).
If you don’t have a static IP then you will automatically have a dynamic one. You don’t need to ask for a dynamic IP as that is the default. And I’m no idiot, I’ve used dynamic DNS services for for over 20 years.