|
|
Log in / Subscribe / Register

Quick straw poll...

Quick straw poll...

Posted Sep 7, 2022 15:21 UTC (Wed) by somlo (subscriber, #92421)
In reply to: Quick straw poll... by mathstuf
Parent article: OpenWrt 22.03.0 released

> At this point it really seems like Wireguard is a better solution...

I assume that would require one to have access to (control over?) a gateway node with a publicly routable IP to set up a tunnel from one's inner network, and to use as a relay to connect *into* said inner network from the outside.

A reasonable tradeoff compared to tracking one's ISP router's public dhcp address as it (rarely, but reliably) gets re-assigned (after e.g. a power outage), and connecting to it from the outside when needed (the forwarding rules don't need any adjustment if set up correctly).

to post comments

Quick straw poll...

Posted Sep 7, 2022 15:33 UTC (Wed) by mathstuf (subscriber, #69389) [Link]

I already have a VM in the cloud, so it's not too much to add the gateway node there. AFAIK, the "commercial VPNs" that deploy WG work fine for those without a cloud/DNS presence (Tailscale?).

Quick straw poll...

Posted Sep 8, 2022 2:38 UTC (Thu) by pabs (subscriber, #43278) [Link]

Tor onion services are a good way to connect to machines behind NAT, or there are lots of commercial services that provide that sort of thing, some of them with FOSS client software, others without.

Quick straw poll...

Posted Sep 9, 2022 0:54 UTC (Fri) by flussence (guest, #85566) [Link]

I've got this setup myself, here's what I ended up doing:

The outer router has RIP2M turned on (one of the few useful things it does), the inner router runs bird and automatically maintains two kernel routes to the IPs both ends of the PPP connection. When those routes change or expire I have a script do a UPnP query for the correct address (slow and flaky, so I can't just poll using this method) and then it goes off and updates a dynamic DNS pointer with the result.

That sounds like a whole lot of busywork (it sure is!), but it does mean I don't have to rely on an external IP address checker service and I get pinged instantly at home when there's a problem. It recovers from power outages, line disconnects and ISP DHCP expiry with at most 2-3 minutes of lag provided everything else is up and running. Room for improvement on that number, but I'm not winning any medals for going fast.

WireGuard on top makes most of this transparent, to the point where I didn't even realise I had an outage last week until cron sent my phone an angry email.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds