Hi everyone, New Guy been following Level1Techs on YT For a while, love their news of the week, after all the privacy scares and a few backup drive failures, I switched to Unraid last year during the pandemic loving it, I’ve a great ISP which gives a .5GB connections for under 40$ Unlimited(Truly Unlimited) I’m running everything locally as much as i can from Nextcloud to Vaultwarden on my Unraid Servers, I wanted to access these services externally yet I haven’t been able to setup anything externally the ISP provides its completely locked Router with almost no port forwarding even after repeated requests, I have a domain, i tried to Wireguard into a Linode instance can’t even get those two to ping, DDNS Services can’t seem to find my IP any solutions, I’m at my wits end.
+1 for tailscale. I’ve setup WireGuard manually w/Linode (per Ryan’s tutorial) and it works but then you have to manually manage all the keys which is a big hassle unless you just have a few hosts that never change. Even so, tailscale has a lot of nice value-add features (magic DNS is my favorite). They have a free tier (your first few hosts). Looks like someone wrote some tailscale-to-unraid glue to get your NAS side setup.
I’m assuming you have fiber going to an ONT and then their locked down router?
Have you tried calling and asking to talk to the area’s network engineer?
I had a very similar scenario. I setup a barebones pfsense router to connect to their router. Once I felt like I got the hang of it and felt fairly secure, I called them up and asked if they could take their router out and let me hook directly to the fiber ONT with my router. They were able to do everything on their end over a phone call and it worked beautifully.
I am doing this through a local/municipal ISP, and was able to talk directly to one of their network engineers, so your mileage may vary. I don’t think there is any hope of this working with any of the national brands
What i assume that might be going on here is that your,
isp does not give you a full dual stack ip configuration.
But rather DS lite which means that you get a dedicated public ipv6 adress range,
and a shared ipv4 (CGnat).
In that case you can´t do port forwarding like you used to indeed.
But there are likely other alternative methods to get it to work.
Yup I tried that once with the ISP they flatly refused, hey I know I’m no tech genius but even I could have setup a offense firewall. The ISP blatantly said we do not allow third party Devices connected to our ONT due to security hey I don’t blame them.
I personally view thises as more band-aids to what could be a self hosted solution. thats me though…
Dual stack isnt really needed. CGNAT can be made transparent whats occuring here is his ISP has it in their ToS that he is NOT allowed to host ANYTHING out of his HOME connection. Those are keywords there. Violating or getting caught violating that results in termination of service.
Try again. Wireguard is useful. Here man
Ive written all of these. The reason wireguard wont ping is because their documentation doesnt discuss the necessary IPtables and firewall rules. It also doesnt discuss setting up proper static routes
Disclaimer: I, being PLL or L1T, am/are not responsible for breakage. YMMV. Support on guides offered on a per my own free time basis. I am also not responsible for termination of ISP provided services in case you are circumventing their TOS.
Depends on how you handle it tbch.
You can let it run network wide. Provide static routes or have a router force all through if thats your goal
LOTS of ways to set it up that few people actually see because their docs aint great
if it fails try wg again. self host its worth controlling your endpoint security
I would like to thank PhaseLockedLoop for his immensely helpful guides, you helped me setup Wireguard successfully and now I can share with my family my Jellyfin Server. Also thanks to other forum members with their constructive suggestions.