this post was submitted on 14 Jun 2023
4 points (70.0% liked)

Selfhosted

40710 readers
511 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Hi,

for various reasons i have two routers. (In fact, one is a FritzBox hosting various SmartHome stuff, another is a Speedport from Telekom Germany, that also does the Internet Connection) The WiFi on the FritzBox is also a lot better and right now i don't have any need to get anything better (all that matters has Rj45 anyway).

This however also is an issue, because i can't easily host something. I have however a Hetzern Server as well and i have tried some zerotier, but i have failed to set it up correctly. Is there an easier way or has anyone something like an How-To for this that works?

Thanks :)

top 12 comments
sorted by: hot top controversial new old
[–] nrezcm 6 points 2 years ago (1 children)

Do either routers support going into what's called an AP access mode instead of router? If they do then you could put one into access point mode and run a patch cable between the two.

You may also be able to load DD-wrt on them but checking https://dd-wrt.com/support/router-database/ it doesn't look like either have support.

[–] nexusband -1 points 2 years ago (1 children)

No WRT for either of them and yes, it does support AP Access Mode, but i don't want to put them in to it, beacuse i actually want the networks to be separate

[–] nrezcm 2 points 2 years ago (1 children)

So you probably won't be able to without a router that is capable of supporting VLANs (not just vlan tagging). If you aren't looking to spend any extra money and have an old computer lying around you could look at getting a multi port network card and running pFsense/OPNSense as an inexpensive alternative.

[–] nexusband -1 points 2 years ago (1 children)

I have VLANs, but they are more or less switch based and there are no direct routes between them. The basic gist of it is, Telekom switches back to DSL only, if it detects VPN traffic. And that's only 2 Mbit/s upload. However, with the 5G Hybrid and SSL Connections on Port 443 i do get the full 60-90 Mbit/s upload. I could just put the Telekom router in my "main" network and have it be the Gateway, but that doesn't go well with some devices i have.

[–] nrezcm 2 points 2 years ago

Yeah it sounds like you're still going to need something that can support VLAN routing not just hard coded VLANs or isolated guest networks. If one of your other devices happens to be a desktop that you can run a small VM on you could potentially run pFsense as a VM then buy a 2 or 4 port gigabit pcie card as a stop gap until you find a better solution. You could even do the same with a laptop and say a USB ethernet adapter or two. Neither of those options would be better than having a dedicated device acting as the router though.

You might also be able to something with say a cheap managed TP link switch but that would really depend I think on what the rest of the network is doing.

[–] Lyxea 6 points 2 years ago (1 children)

your secondary router should have an option for change the mode to "bridge mode" in this way doesnt create any problems for create your self-hosted system so take a look in your secondary router configuration,almost all TP-Link Routers have that choice

[–] nexusband -1 points 2 years ago

In theory it does, but it would do other things i'm not prepared to change right now.

[–] [email protected] 2 points 2 years ago* (last edited 2 years ago) (1 children)

I don't really understand the problem here. Do these routers each have their own internet connection? Why can't you just attach whatever device you are using to host stuff to one of them, configure your router for port forwarding, and be done? To get a domain name for free, you can use https://www.noip.com/.

If that mysteriously doesn't work, you might want to investigate if your internet provider uses CGNAT (mine does). In that case, you might be able to contact them so they'll turn it off for you. I don't know about Germany, but in Austria they have to comply with your request, by law.

If you can't do that or don't want to expose your device to the internet directly, you have other options depending on whether you want your stuff to be public or not. For private services setting up WireGuard using wg-quick (on your Hetzner server) is really easy, reliable, and very secure. For public stuff, you might want to look at one of the services listed here. I recommend Cloudflare Tunnel, though it's only meant for web stuff, no gameservers etc.

Feel free to ask for more help if you need more details.

[–] nexusband 0 points 2 years ago (1 children)

The basic gist of it is, Telekom switches back to DSL only, if it detects VPN traffic. And that’s only 2 Mbit/s upload. However, with the 5G Hybrid and SSL Connections on Port 443 i do get the full 60-90 Mbit/s upload. I could just put the Telekom router in my “main” network and have it be the Gateway, but that doesn’t go well with some devices i have.

I don't really want to host stuff, i'm fine with having to make a connection (like WireGuard or a VPN), but if i do it directly, i only get DSL Speeds, because WireGuard is also "detected" now. Everything that's not Port 443 or Port 80 get's routed over DSL...

[–] [email protected] 1 points 2 years ago* (last edited 2 years ago)

Ugh, internet providers are annoying. Why is stuff like that even legal.

For situations like this I've had success with Shadowsocks, which you can combine with Wireguard, and run over Port 443, here's a guide.

You could also try if it's sufficient to just run vanilla Wireguard over port 443.

Edit: One issue you might run into with Shadowsocks is that combining it with Wireguard is not possible on mobile AFAIK.

[–] [email protected] 1 points 2 years ago (1 children)

This however also is an issue, because i can’t easily host something.

Why not? Or rather, to which router do your servers connect, the FB or the Speedport? Or because you're on DS-lite or CG-NAT and don't have a "direct" external IP?

[–] nexusband -1 points 2 years ago

The Speedport via 5G Hybrid. Neither DS-Lite nor CG-NAT. I have a direct tunnel exit IP, which i could also use as external, but i do want to have two different networks, however i want to tunnel from the FB Network to an external exit point (like the Hetzner router)

Zerotier apparently can do that, i have not been able to set it up though. The connection works, but for whatever reason i can't really get any incoming Data to be routed back to the corresponding server.

load more comments
view more: next ›