I am running Unifi at home, but since my WAN IP is a private address it warns me that I can’t setup a VPN for access to my home network.
The main use cases are (a) remote access of my home computer (ever need to access a private document while at work?) and (b) accessing my media while not on my home network (e.g. JellyFin). I don’t have anything I want to serve broadly (like a website) that I’m looking to self-host.
Tailscale or Zerotier.
Sounds like you’re dealing with CGNAT. My condolences. Basically what you’re going to need to do is make a tunnel from a machine in your home to some VPS somewhere, and then use that VPS as your public front end via a reverse proxy or the like.
I use both tailscale and cloudflare tunnels for making my self hosted / homelab stuff available. Neither requires port forwarding or a dedicated public IP.
Do they do IPv6? IPv6 is great for this sort of thing because when ISPs support it properly they give you billions of routable public addresses and then it is just a matter of dynamic dns to get to your stuff.
I user ZeroTier for that.
That means you’re on a CGNAT. It’s one public IPv4 address shared between many customers, which makes it impossible to forward ports or host anything. They don’t do that because they’re an evil ISP who hates their customers, it’s because they do not have enough public IPv4 addresses to assign to everyone.
If your ISP is doing CGNAT, surely that means your ISP is deploying IPv6, right? Use that instead. No need to pay for a VPS or anything. It’s even easier because there’s no need for port forwarding because there’s no NAT. The more people using it the better.
Call the ISP and tell them you want an outside IP?
I personally used CloudFlare tunnels when I had 5G with no option of getting an external IP.
My current provider charges for static IPs but is happy to provide a dynamic non CGNAT IP for free!
I’ve setup automatic DNS, but the IP hasn’t changed since the day I got it…
I haven’t gotten rid of the old tunnel, kept it as a backup…
I think Oracle Cloud has a always free tier
I also get a cgnat address by default from my ISP, but all I did was request a public one from them instead. If it’s not possible, use some kind of nat traversal proxy, like cloudflare tunnel
I’ve had great success with CloudFlare Zero Trust tunnels. I have about 30 public facing routes lol
£4 a month VPS and a wireguard tunnel
try zrok.io. also offers private tcp tunnels
Ask them nicely for a public IP. Some will just give it to you.
When I had CGNAT issues in the past I did reverse ssh tunnels to an external server and published the services from there. You’re probably looking more for a VPN-esque service like wireguard.
I’ve been testing Twingate over the last few weeks, and it seems pretty good so far.
Is your ISP willing to help? (Mine pulled my public IP without warning a few years ago, I called them and they reverted the change right away)
If not, you need some kind of relay host that forwards the traffic into your home network. There are commercial solutions available, but if you want to tinker a bit, you can set up your own. For example, I have a service running in my homelab that just connects via SSH to a cheap VM that sits in a datacenter (any cloud VM will do). Using this SSH session, it sets up port forwarding, so that when I connect to the VM on that port, that traffic is relayed to my homelab. Given that the homelab dials out to the VM via SSH, your homelab doesn’t need a public IP, only the VM does.
Usually if you call the ISP and let them know you need to set this up, They will switch up your config
A) Twingate/Tailscale will giove you direct access to you machine for remote access
B) Cloudflare Zero Trust tunnels will allow you to publish services (such as Jellyfin).