Having some trouble setting up access to a nextcloud server on my local network. Feeling a bit lost tbh.
I want to access the server from outside the local network i.e. internet. The server is sitting behind a pfsense firewall running three load-balanced VPN clients (all connected to ExpressVPN).
Server access works fine from within the local network.
This is my network config:
Server running nginx, serving up nextcloud -> 10.0.0.0/24 sub -> LAN port on Pfsense firewall -> WAN port Pfsense firewall -> 192.168.1.0/24.net -> home router -> internet
I have three different ddns hostnames registered with no-ip.com, also the pfsense machine is running three individual ddns update clients. They are each assigned to one of the three ddns hostnames and one of the three VPN gateways.
They update just fine, I can see them updating in the no-ip.com dash.
Now I can only hazard a guess, but it appears that ExpressVPN does, in fact, support ddns. I gather that from this page: ExpressVPN ddns setup
Here is what is happening: If I run the ddns clients on pfsense, then no-ip.com gets the remote host address i.e. ExpressVPN server end address. Which I thought would work (?), but all I get when I access one of the registered ddns hostnames (which is updated to the ostensibly correct IP) is 'nginx 403 forbidden' and that's also happening when my local server is disabled. I even turned off the pfsense firewall just to do a complete sanity check and it was still returning a 403. So something else is definitely intercepting this request.
NOTE: Also just to be thorough I had setup NAT to redirect incoming port 80/443 requests to the server's IP. I tried setting "Destination" to each of the gateways as "GATEWAY-X_address" and "GATEWAY-X_net" but nothing changed.
It's as if it's not actually getting back through the tunnel from the ExpressVPN end at all. As if they are denying it entry before it even has the chance to get NAT'd.
However, If I run the update client from a machine on the home router net i.e. 192, then accessing any of the registered ddns' directs me to my home router. Obviously, I haven't port forwarded on my router so this is fine, just illustrates that the ddns is in fact set up properly and there is definitely something wrong with my configuration. Do I need to set up my router in bridged mode or something? Do I need to tunnel back IN to the local network? Surely not...
If anyone has any idea about how I can have my VPN clients running on my firewall, then also set up ddns so that I can access a server behind it, That would be great.
