Over the past few months, I have been experimenting with my new Orange Pi 5, transforming it into my very own self-hosted cloud solution. Currently, I am hosting various services like Nextcloud, Plex, and a password manager, among others.
To access these services, I have been using Cloudflare tunnel, which has been working exceptionally well (although I am aware that I may be violating the Plex service’s terms of service). However, there is one aspect that has been bothering me the most: Cloudflare tunnel imposes a limit of 1 MB/s. While it’s not terrible, transferring larger files remotely has proven to be quite time-consuming.
I have been thinking about using Tailscale tunnel as an alternative, but I came across some information suggesting that there may be bandwidth limitations as well, although no specifics were mentioned.
So… What do you use for tunneling? Is there an alternative solution that provides unrestricted tunneling for media (such as Plex), offers higher bandwidth limits, and ideally comes at no cost? I know, I have modest requirements
Furthermore having public IP is not on the list of options here, primarily because in my country having public IP is ridiculously expensive, secondly the contract of the internet provider is written on the owner of the apartment and lastly it’s not great from a security standpoint having public ports.
Tailscale is great. The VPN connections aren’t streamed through any tailscale servers, so you’re not using any bandwidth but your own internet connection’s bandwidth. There is also zerotier and Twingate which offer free tiers as well.
Side note: Tailscale has a tailnet ip subnet that gets assigned per device its running on. So you don’t need a public IP. I just assign DNS to that tailnet IP and only access my services when on tailscale.
I have been using mix of cloudflare tunnels, tailscale, ssh reverse tunnels and a selfhosted wireguard vpn also have used the selfhosted wg vpn just for remote access to services hosted at home.
Basically just tested different solutions and currently using most of the ones i listed.
@moquito64 interesting, that it’s not using Tailscale server to make that connection. I always thought if I don’t have public IP I always need some server to help connect the device with my homeserver.
The Tailscale would be great solution, but I would need to be connected to the VPN at all time
basically just using cf tunnels on couple things to expose them then got tailscale connecting couple servers (physical and vps) to each other and then wireguard for remote access currently but had it connecting servers at one point
Apparently I’m ignorant of other countries’s internet infrastructure, but what do you mean by the fact that you don’t have a public IP? Certainly when you browse, there’s some address available for web servers to send information back to you. From a technical perspective, there must be some address.
Is it that your IP is dynamic, rather than static?
Is it that your ISP is NATing, so that everyone on the ISP shows the same IP but its ‘intranet’ routing sends data back to you?
@DeepReef11 I think the Tailscale client is open source…
@Cappe Oh I see… So to connect to the server you either have CF on some services or wireguard (VPN)
This does not solve exactly my problem but it could help to have nonserver VPN if I needed to transfer something bigger…
@Elessar nah you good… I don’t know about other countries’ internet infrastructure either
Yeah there is some public IP address, but it is dynamic and you cannot contact it from outside (ISP will block such a request). I don’t know how exactly is this implemented (probably some magic with NAT and maybe there are more people on same IP. I’m not sure how exactly this works). If you want your home network accessible from world you have to pay ISP for static IP address and only then this address is accessible from outside and you can route and access home services. But ofc this fee is quite expensive.
if you have a vps or can rent one you can connect it to your server hosting the services using a vpn and use the vps as a proxy (i have done this on couple services and it works pretty well) if you dont want to use cf tunnels or some other solution
The technical implementation here is rather important, as it will inform your solution / workaround. I’m assuming you’ve already tried just keeping some ports open and connecting via dynamic dns (like duckdns.org)?
Tailscale is ‘simplified’ Wireguard (Tailscale · GitHub), and my ELI5 summary (as someone who is barely competent in Networking) is that it offers a central automated equivalent of a pastebin to do all the security key exchanges. Out of that requirement, they ended up building a lot more… especially their attempts to quietly execute NAT traversal that’s beyond me but was documented below. I think their bandwidth limitations might be dependent on what protocol is necessary to bust through whatever firewalls are keeping you locked up.
This is probably the case.
Where I live many ISPs do this because they don’t have enough public IPs for everyone. Some of them allow you to pay a small extra (~$4 USD) to get your own public IP but others don’t. Unfortunately many towns and small cities have a single ISP that is owned by the municipality and in that case you are out of luck.
if you have a vps or can rent one you can connect it to your server hosting the services using a vpn and use the vps as a proxy (i have done this on couple services and it works pretty well) if you dont want to use cf tunnels or some other solution
I was thinking about this too, but I’m worried about cost of this solution (as a student I don’t want to spend much). But in the future, I will probably use this solution.
The technical implementation here is rather important, as it will inform your solution / workaround. I’m assuming you’ve already tried just keeping some ports open and connecting via dynamic dns (like duckdns.org)?
Well I tried getting my public IP address and requesting it. But that request never made it to my network/router. It just shows ISP page, that the request is blocked. It’s probably same thing as @lMartin3 mentioned.
This is probably the case.
Where I live many ISPs do this because they don’t have enough public IPs for everyone. Some of them allow you to pay a small extra (~$4 USD) to get your own public IP but others don’t. Unfortunately many towns and small cities have a single ISP that is owned by the municipality and in that case you are out of luck.
4 USD? That’s actually not bad I would have to pay around 15 USD monthly to get public IP
There are very, very low cost VPSs on the market, and you can determine what you need (it sounds like it’s bandwidth). Check out https://lowendbox.com - if you have 4 USD monthly, you can easily get something from there.
But yes, it sounds like a long lived tunnel (SSH, Wireguard etc) initiated by your client is the best way to achieve your aims.
Or you can ride your free CF tunnels until they decide otherwise. Free is free, right?
Or you can ride your free CF tunnels until they decide otherwise. Free is free, right?
That’s true. Considering it’s free I shouldn’t be complaining
I will probably continue using CF until it will drive me crazy or it will not be free (or I get banned ). Then I will surely use my own VPS and some tunneling solution (wireguard, tailscale, etc)
Well, the GDP per capita in my country is really low, which makes the cost of living dirt cheap compared to other countries (it’s not a good thing unless you work remotely for a foreign company).
In my city a 800 Mb/s download 80 upload internet connection with an exclusive public ip is around $30 USD. Slower plans have more Mb per $, like 300 Mb/s download for 10 bucks.
Also, I forgot to ask - for personal cloud how much computing power do I need for running own tunnel (wireguard, tailscale, …). Would minimal setup (1 core, 500 Mb ram running Alpine linux) be enough to tunnel communication to homeserver?
I have a prox container with half a gig of RAM and 2 vCPUs running debian. It’s more than enough for what I need, which is, at most, two clients at the same time.
). Then I will surely use my own VPS and some tunneling solution (wireguard, tailscale, etc)