I'm in the peculiar situation where my home server (running Home Assistant, and a custom stack of other software) is behind CGNAT, and for some technical reasons, my carrier is unable to activate dedicated IPv4 for my building (I live in a new development and apparently the local fiber endpoint/switch that supplies the whole building has this limitation).
However we do have an IPv6 segment assigned to each flat, and using SLAAC, my server gets a static IPv6. Well, somewhat static - apparently the configuration I'm running has SLAAC privacy extensions enabled, meaning I get a new IPv6 every time the router or the server reboots. Because of this, I'm running an IPv6 dynamic DNS updater as well.
What I'd like to achieve is to have a small VM in Azure (I have a grandfathered MSDN subscription giving me €130 credit every month), which would tunnel any and all ports coming from the external network, to my home server, effectively creating a sort of reverse tunnel.
I'd also like to keep IPv6-capable devices connecting directly to my server, and had the following idea in mind:
On IPv4, the A record would point to the Azure VM. All requests to this VM would then be forwarded to the domain's current AAAA record (thereby supporting this "wandering" server). On IPv6, the AAAA record would be used directly, allowing direct connection to the server.
I've been looking into various solutions, and the two options I see mentioned are either socat
or haproxy
. Both seem to need specific configuration for each port I wish to forward - however I'd like to blanket all ports to have full access to my server (which would also handle firewalls as well). They also do not seem to support domain name targeting, and would require a static IPv6 to redirect to.
What would be my best option for this?