Hi guys! IN a bit of a rush, I installed a server on a place where I knew I’d have trouble reaching, as their router is behind CGNAT. I want now to start installing some VMs etc. At the moment all I have is a VM running Windows running Teamviewer for remote access (I know, I know). I have most of my services hosted on a local home server that runs rather well and has plenty of bandwidth. Among these, there’s a PiVPN running on my home server that works rather well. Is there a way I could make that remote CGNAT server connect to my VPN and be reachable/pingable/show webpages locally?

Thanks!

  • Leafimo@feddit.de
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    you could use tailscale for that, it should be able to punch through the CGNAT

    • Funwayguy@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      As someone else who uses Tailscale behind a CGNAT, this indeed works. I use it for accessing my home server from the office for a year now. You can’t quite self host anything public facing but anything on your tailnet can talk to it just fine.

      Theoretically a VPS proxy into the server over the VPN could work for devices not capable of running tailscale but your mileage may vary.

  • TwinTurbo@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Yes, you can connect the device behind CGNAT to your existing VPN as a client. Then, from inside the VPN, you would use the its virtual address to connect to it. You can use a systemd service or similar to have the VPN connect at boot.

    • ibroughtashrubbery@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Oh wow, I’ll have to try this! Can then the virtual IPs be pinged in Wireguard VPNs? (I mean, PiVPN is simplifying Wireguard anyway).

      • TwinTurbo@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Yes. All devices connected to the VPN will have a private IP inside the virtual network. You can use these to communicate as though they were public IPs, except that they can’t be used from outside the VPN.

        • ibroughtashrubbery@lemmy.mlOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          That would be my problem right? In my understanding, if I get some remote device to dial into my home network through a PiVPN running in my home network, i believe the remote devices can access and ping home devices, but no home device other than the PiVPN can ping them back? Right?

  • chiisana@lemmy.chiisana.net
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    Cloudflare tunnels can punch a hole through that. Get a reverse proxy setup for your apps and VMs, then create a cloudflare tunnel and you’re off to the races.

    • Meow.tar.gz@lemmy.goblackcat.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Cloudflare tunnels would be the easiest/cheapest way to go about it. But always be mindful that if you violate their terms and conditions, you could find yourself with a high bandwidth bill.

    • ibroughtashrubbery@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Sorry, but I’m a bit lost with these specifics. I currently have a reverse proxy (nginx) publishing some of my apps running locally on my home server. Where should I put the reverse proxy? On the remote unreachable server, or? And how would the tunnel go?

      • chiisana@lemmy.chiisana.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        On the server that’s behind CGNAT, install Cloudflare tunnel. The tunnel will create an out going connection to Cloudflare, with an open socket; when you try to hit your specified subdomain, Cloudflare will receive your request, send it through the tunnel, and thus allow you to connect to your service.

  • 2xsaiko@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    Do you have IPv6? That usually isn’t behind any kind of NAT and you can just let machines through the firewall.