How to do VPNs without public IPs?

Dinhors · December 16, 2024, 2:45pm

Hello, community,

I’ve been facing a dilemma for a few days and haven't found a solution, so I wanted to reach out to you all. My internet provider doesn’t offer me a public IP address, and I would like to be able to remotely access my server and internal services to provide maintenance for my family when I'm not home.

How can I set up a VPN to access my home network remotely without a public IP? I would appreciate any ideas or suggestions!

My router is running OpenWrt on a Raspberry Pi. I have tried a few things without success:

Using Docker with Twingate, but the Twingate container is not being created.
Setting up a Cloudflare tunnel in Docker (which worked), but I couldn't get the Nginx Proxy Manager container to function properly. Since the Cloudflare tunnel supports only HTTP and HTTPS, I need Nginx Proxy Manager to redirect the traffic, and I plan to use Apache Guacamole (also in Docker) to access other software. However, I haven't installed Guacamole yet because I'm having trouble with Nginx.

Any help would be greatly appreciated!

brada4 · December 16, 2024, 2:47pm

Your question is not related to (your out of date) openwrt.

lleachii · December 16, 2024, 2:52pm

Since you listed unrelated solutions, are you asking for solutions now that employ the OpenWrt instead?

eduperez · December 16, 2024, 2:58pm

Have you considered Tailscale?

Dinhors · December 16, 2024, 3:45pm

It's not directly related, but it's an important point. It's likely that I'm using an older version. Since I use this as my main router and have multiple networks, VLANs, and ports configured, it’s difficult to turn it off for an update. I'm afraid that upgrading might break something, so I’ve decided to avoid updating it for now.

What is your opinion on using an older version?

Dinhors · December 16, 2024, 3:48pm

For all these other options, I'm using OpenWrt. I have installed Docker on OpenWrt and am trying to use this solution within a Docker container in OpenWrt to avoid breaking something by executing commands directly in the CLI. In my opinion, working in Docker is a safer environment.

Dinhors · December 16, 2024, 3:50pm

Looking for this option. Do you have a specific topic I can check?

Dinhors · December 16, 2024, 3:54pm

Can I install it with OpenWRT? Would that not be a problem?

Dinhors · December 16, 2024, 3:56pm

OR should I install it via the OpenWRT interface?

lleachii · December 16, 2024, 4:01pm

Yes, it's generally best to use the official install channel when adding OpenWrt software.

mk24 · December 16, 2024, 4:10pm

Tailscale does not need to be installed on your main router. It can run on any device inside the LAN and it will make a connection outward. That opens a tunnel which allows connections inward as well.

brada4 · December 16, 2024, 5:23pm

Docker does need outer system to have similar kernel version and all container required kmods installed. Use VMs if you need many diffetent systems.

Dinhors · December 16, 2024, 6:48pm

My challenge is that I need to support some Wi-Fi connections. The AirGrid M5 HP is accessible via a web interface. Would it be possible to create a connection using Tailscale in OpenWRT to act as a bridge between the internal IP of my network?

Dinhors · December 16, 2024, 6:50pm

If it fails to install.

Executing package manager

Installing tailscale (1.58.2-1) to root... Downloading https://downloads.openwrt.org/releases/23.05.0-rc2/packages/aarch64_cortex-a72/packages/tailscale_1.58.2-1_aarch64_cortex-a72.ipk Installing kmod-tun (5.15.118-1) to root... Downloading https://downloads.openwrt.org/releases/23.05.0-rc2/targets/bcm27xx/bcm2711/packages/kmod-tun_5.15.118-1_aarch64_cortex-a72.ipk Configuring kmod-tun. Configuring tailscale.

Errors

2024/12/16 18:48:43 logtail started 2024/12/16 18:48:43 Program starting: v1.58.2-1 (OpenWrt), Go 1.21.13: string{"/usr/sbin/tailscaled", "--cleanup"} 2024/12/16 18:48:43 LogID: bc4e8caf5ef8f662f8a84c25ec5f9b6a9abaf6dfb439d4f2315db5203bd65a04 2024/12/16 18:48:43 logpolicy: using system state directory "/var/lib/tailscale" logpolicy.ConfigFromFile /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory logpolicy.Config.Validate for /var/lib/tailscale/tailscaled.log.conf: config is nil 2024/12/16 18:48:43 dns: [rc=unknown ret=direct] 2024/12/16 18:48:43 dns: using "direct" mode 2024/12/16 18:48:43 dns: using *dns.directManager 2024/12/16 18:48:43 deleting [-j ts-input] in filter/INPUT: running [/usr/sbin/iptables -t filter -D INPUT -j ts-input --wait]: exit status 2: iptables v1.8.8 (legacy): Couldn't load target ts-input':No such file or directory Try iptables -h' or 'iptables --help' for more information. 2024/12/16 18:48:43 deleting [-j ts-forward] in filter/FORWARD: running [/usr/sbin/iptables -t filter -D FORWARD -j ts-forward --wait]: exit status 2: iptables v1.8.8 (legacy): Couldn't load target ts-forward':No such file or directory Try iptables -h' or 'iptables --help' for more information. 2024/12/16 18:48:43 deleting [-j ts-postrouting] in nat/POSTROUTING: running [/usr/sbin/iptables -t nat -D POSTROUTING -j ts-postrouting --wait]: exit status 2: iptables v1.8.8 (legacy): Couldn't load target ts-postrouting':No such file or directory Try iptables -h' or 'iptables --help' for more information. 2024/12/16 18:48:43 deleting [-j ts-input] in filter/INPUT: running [/usr/sbin/ip6tables -t filter -D INPUT -j ts-input --wait]: exit status 2: ip6tables v1.8.8 (legacy): Couldn't load target ts-input':No such file or directory Try ip6tables -h' or 'ip6tables --help' for more information. 2024/12/16 18:48:43 deleting [-j ts-forward] in filter/FORWARD: running [/usr/sbin/ip6tables -t filter -D FORWARD -j ts-forward --wait]: exit status 2: ip6tables v1.8.8 (legacy): Couldn't load target ts-forward':No such file or directory Try ip6tables -h' or 'ip6tables --help' for more information. 2024/12/16 18:48:43 [RATELIMIT] format("deleting %v in %s/%s: %v") 2024/12/16 18:48:43 flushing log. 2024/12/16 18:48:43 logger closing down 2024/12/16 18:48:44 logtail: upload: log upload of 214 bytes compressed failed: Post "https://log.tailscale.io/c/tailnode.log.tailscale.io/28e1b9ba376b5663682a8a06e764df80822cffb9f8718563a0b97457db390d76": context canceled

brada4 · December 16, 2024, 6:56pm

You are using ancient release candidate. If you are into prerelease versions go for 24.10-rc2. It has recent tailscale.

Dinhors · December 16, 2024, 6:58pm

If I upgrade it directly in the interface, will I lose all the configuration?

lleachii · December 16, 2024, 7:01pm

You need to upgrade e.g. 17, 19, etc. - to the current version. Skipping versions while saving config is not supported.

brada4 · December 16, 2024, 7:03pm

1% chance you lose one config file (not so much on raspberry or x86)

lleachii · December 16, 2024, 7:07pm

True (I forgot the device, now I wonder why there's such an old rc version).

brada4 · December 16, 2024, 7:16pm

More considerate would be to install some general-purpose linux and run libvirt/kvm virtual machines and the normal linux bridges between them.