Hello everyone, i have been trying to setup wireguard vpn server on my router to access my homeserver network outside my home. But as i got into this little deeper, i found out that my ISP alliance broadband blocks the connection as it is a CGNAT and later found out it is not possible until i buy static public ip from them at Rs: 3.5k/year.
So i am looking for ways and workaround for this and i havent found many solutions other than buying a vps for reverse proxy or using tailscale. I need the wireguard default port work over my network thats all and that too without paying. If anyone have expericed this issue and came to some solutions, please let me know too. Many thanks!
Just lost 420rs on buying a domain for ddns using cloudflare dns, this is before i knew my connection is under cgnat.
I have already done setting up cloudflare DDNS on my router which updating fine.
Any problem in using Tailscale for this? Your needs not met by their free plan?
Probably should expand more on what you were planning to do with this setup. Hosting websites? Media server? All on public web?
If it’s public-facing hosting from your own home network/machines, can either go with Tailscale or Cloudflare Tunnels. Both should work even with CGNAT IIRC. If your needs aren’t heavy, free plans should suffice.
Thing is i dont want to rely on them because they may not provide free service later. Also another reason i only want to do this on my router with openwrt with limited ram and storage space..
Wireguard vpn to access everything on my network, RDP, SMB, pihole over wireguard, my smartplug, and also openwrt router interface.. so basically full network access at home.
Well, you can’t have it both ways. You either have to do 1) buy a static IP, 2) buy a VPS, or 3) buy tailscale/CF tunnels plan (if u don’t wanna use the free tier).
Most, if not all, ISPs provide a NATed network nowdays, and we can’t do much about it. I have jioAF at home, and it’s CGNAT. So I just make do with tailscale (for jellyfin/NAS) and tunnels (for all the services), remote access ain’t a big deal for me as I rarely go out/access my network outside my home network.
1 Like
I know cloudflare tunnel doesn’t support most ports so it will not be very much useful to me, especially for the free tier idk about the paid one.
But tell me if tailscale free tier support wireguard access to my homeserver without any rate limit and bandwidth limit (1-2tb month), is it possible?
I suddenly have this wild idea, is it possible to get ipv6 from any broadband providers. I saw ipv6 can mitigate this cgnat issue, i already have ddns setup so it will work right?
Yes it’ll work with the caveat being, you won’t be able to access it from v4 only networks. Ask alliance if they do ipv6.
Other than this, you can self host headscale and use that instead of relying on tailscale. The apps are all the same, just the controller is different.
Furthermore, tailscale tries really hard to route traffic directly without involving derp. They don’t have bandwidth limits and their premium model relys on restricting some features to paid tiers.
Tailscale doesn’t explicitly have any such bandwidth limits like @ishanjain28 said. In normal cases, none of their servers would be involved AFAIK but when you have tricky NAT scenarios, their relay servers would be used: https://tailscale.com/kb/1232/derp-servers
I guess there’ll be fair-use/speed limitations but there’s no max cap as such. You probably should test your use cases and see. Again, not sure what you’re planning to do here but assuming media streaming, might not be the best choice.
Best thing is to contact your ISP and ask about your options. Or switch to another ISP, see if any local ones are available that aren’t as annoying to deal with.
1 Like
Im thinking about doing self host. Do you have any suggestion on ultra cheap vps service?
My oracle cloud account got smoked after i used as vnc remote desktop and downloaded some torrents on it..
That was to be expected, you don’t use piracy related stuff on rented servers/VPS unless absolutely sure about your service provider & the method you are using.