Nextcloud Help, DynamicDNS issues

Hello everyone,

I have a small issue due to the network configuration in the office building.

I have a ubuntu sever with Nextcloud on it and i want to access it from anywhere with Dynamic DNS but the problem is,the main router from the provider(Fortinet router) is not managed by us and i added a cheap TP-Link router so that we can have some level of control over our network for samba server for file sharing.Sometimes there are a lot of guests in this building(tech oriented) and that’s why i wanted our network to be behind our firewall.

Now i hit the wall where the main router,Fortinet, isn’t actually forwarding the dynamicdns towards my network(which is normal). The TP-Link also has build in support for No-Ip or DynDNS but it doesn’t work if it isn’t working as the main router and has an internal IP example: 192.168.x.x, stated clearly in the manual.

I tried with ngrok and localtunnel,they work but they fall out of https when i browsing arround nextcloud.

Worst chase scenario we have to go cloud based but why pay when we have this server laying arround and not doing much.

Is there a way to bypass this issue without having to contact and wait for the admin from the provider which is pretty slow to respond and usually he’s not interested in making stuff work unless there is a real issue.

Thanks

You should be able to run something on the ubuntu server which can update your DDNS provider.

I did that , it reported the correct IP(which is static by the way) but the firewall from the main router isn’t actually forwarding towards my server,i can’t do a port forwarding on the Fortinet router since i don’t have access to it.

Hi, welcome to the community.
Does the TP link get a public v4/v6 address in the office network?

Why am I asking this?
If you do not have externally reachable IP, you are not at the step where issues with DNS are to be fixed, but package routing in general.

If you do get a public IP and your office networking staff/policies allows external systems to access the internal one (on port 80/443) you do not need a TP link router in between, similar tools running there supporting DDNS can be run on ubuntu as well (as @Dexter_Kane already mentioned).

If you do not know if your machine is externally reachable: Either get a small Linode (Level1 affilition link) server up and running and try using netcat or curl on the external IP, or some free solutions.

If you want to make it accessible and the ports are locked down: Setup a VPN tunnel with a public accessible machine, see Self-hosted VPN with wireguard as an example :slight_smile:


Note: Make sure your office policies allow running private services, in case someone else gets on that machine from external and does some funny business.

No it doesn’t get a public ip :slight_smile: the ip provided by the main router ( Fortinet ) is 192.168.1.101.

Well it seems that you already helped a bit with that tool “yougetsignal” indeed the port 443 is closed.

I’m not worried about if they allow or not(very long story behind that).
I need that TP link so that i can have my own internal subnet to play with,basically not to depend on calling someone if things don’t work(like in this situation) or i need to open/forward ports internally for different computers/apps.
On that server i already have a running VPN :slight_smile: with local network visibility turned on.

Since it’s behind the TP-link firewall and a different subnet even that offers another layer of protection against local snooping “eyes/ears”,DoS protections and a few rules added,used all this router could do to improve security.

This machine isn’t the weakest point in the network hehe,it’s kinda the strogest on that regard,firewall policies only allowing local network communication,no external connections only trough VPN allowed to connect to the world wide web,i know even VPN can fall short on protection.The only port available for inbound/outbound traffic would be 443 if i manage to make this work.

I’m novice in the networking and servers in general but i was intrigued by the fact that i found ngrok and localtunnel and they work really well but https isn’t working on those tunnels for some reason after i go past the login page,since that is a big no no i decided to seek help,exhausted my ideeas completely.

Point was to eliminate unnecessary costs(cloud servers) since i already have a server(office pc) laying in the office here and not being used for anything else.

I messaged the admin of this router today about my issue i hope i will get a reponse by the end of the week :roll_eyes: and then probably another week to do a portforward towards my router :sweat_smile:.
Either way any tunneling would work great,more suggestions are welcomed.

For what it’s worth, I solved this problem for devember. In a similar fashion to what has already been described. I use a linode instance to proxy traffic to my home network over a WireGuard VPN. Linode has a static IP, the home network has ddns. It works quite well, and I can securely vpn into my home network whenever I need because my linode instance is peered with my laptop as well.

2 Likes

Seems like the only viable option until they port forward 443 to me.

As a newbie question,if i change the listnening port on apache to another one,random example 6123,in theory could that work ?

Or since with the current VPN provider that i use right now i can use port forwarding maybe i can redirect with Iptables on the incoming wireguard connection on that random port to the internal 443 port. The DDNS reports the correct ip through the wireguard interface.
I will try that anyway but thanks for leading me to this idea. :smiley: