4

I have a home server that I want to expose to the Internet. All ISPs in my country provide static IP addresses to registered business only (not to home customers).

I'm thinking about renting a VPS and then forward ports to my home server. I have thought of the following approaches, but I'm not sure which one is better:

  1. Rent a VPS with two network interface and two IP addresses. Use VPN to connect from my home server to one network interface, and bridge it to the second network interface.

  2. Rent a VPS with one network interface. Use VPN to connect from my home server to it, then port-forward the ports I want.

  3. Same as the previous one, but using SSH for VPN.

A side question, is there a term for this kind of server-to-server VPN? Whenever I search for information about VPN, I find information about using VPN for privacy instead.

Another side question, is any VPN protocol (IPSec, TLS, etc) more suitable for this kind of server-to-server VPN?

Edit:

  • I can't use Dynamic DNS because my ISP uses CGNAT.
  • I want to host OwnCloud on my own server. Running it (and hosting the data) on the VPS is not an option.
Improve this question
2
  • 4
    Have you considered utilizing Dynamic DNS functionality?
    – user312019
    Commented May 9, 2014 at 16:57
  • 1
    ...or if you're going to rent a VPS, why not host your services there instead of behind your home network firewall?
    – heavyd
    Commented May 9, 2014 at 17:23

1 Answer 1

Reset to default
2

I think you need to tell us what you want to achieve. As always, there are several approaches with varying cost, complexity, speed, etc. (question has been updated)

As suggested by @Faisal, you could simply use a Dynamic DNS service and so refer to your home network via an IP name rather than address. You need a router or other device that is able to send updates to the service though so that the DNS entry always points to the correct IP Address.

The VPS route isn't a bad one either. It is more costly of course and it is really important to check the terms and conditions as many VPS providers exclude VPN's and routing - you'd get kicked off pretty quick.

If you do go with a VPS, using SSH is the easiest route as it is quick and easy to set up and manage. I recommend moving SSH from its default port though (22) as you will get constantly probed otherwise.

You probably only need a single interface, a twin interface service would be expensive even 2 IP's is often expensive. You would need to think about the throughput you needed.

One problem though, Carrier-grade NAT doesn't allow any hosting so even with a VPS, how will you connect through to the internal service?

One possibility might be to try and see if you can get IPv6 to work from your home to a VPS. But this isn't likely to be easy and may not even be possible for you as it will be dependent on the systems you are using and whether your ISP and the VPS host support it.

Improve this answer
8
  • I don't think CGNAT would matter if I use VPN. The home server will initiate the VPN, not the other way around.
    – imgx64
    Commented May 10, 2014 at 2:04
  • I agree with most of your suggestions, but how would using ipv6 help OP?
    – GnP
    Commented May 10, 2014 at 2:48
  • @gnp IPv6 allows through connection and wouldn't be impacted by CGNAT. You could try IPv6 right through but it rarely works. It is a long shot.
    – Julian Knight
    Commented May 10, 2014 at 8:48
  • @imgx64 I'm not sure it would actually work. Some VPN's will kick you off if your IP address changes, you could probably configure it though.
    – Julian Knight
    Commented May 10, 2014 at 8:50
  • @JulianKnight I see. As for IPv6, my ISP doesn't provide it, and tunneling IPv6 (through Hurricane Electric or SixXS for example) only to connect it to VPN doesn't sound like a good idea.
    – imgx64
    Commented May 10, 2014 at 9:32

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .