What would be a recommended way to access my home network from behind cgnat?
Is Tailscale’s free tier a good solution?
Yes, it is.
If you are tech-savvy enough, getting a cheap VPS, and putting Wireguard on it with a hub and spoke model is also an option.
4 Likes
This is my next setup I’m aiming for. But I’m currently lazy and just WireGuard directly to my home LAN.
I have never used Tailscale.
Another option is a Tor HiddenService which also does not require port forwarding. I have not tried it with CGNAT, but I have wondered if it would be a nice workaround.
1 Like
Using a VPN with port forwarding is also an option. Not particularly private or secure on its own, but you can just expose your own VPN server or whatever to double-tunnel instead to your LAN, it’s more a bypass / workaround of CGNAT than anything.
Some degree of opening a port on a router will need to be done if not using tail scale. I’m happy that I don’t need to forward to an internal server, rather OpenWRT handles this part for me.
That isn’t true. If you’re using a (hosted) VPN then your “router” is the VPN service’s endpoint. You “open the port” on the VPN service, and become accessible on <vpn exit ip>:<your assigned port>. I used to do this for WebDAV access over Mullvad when they allowed port forwards.
1 Like
Note that depending on what type of NAT you’re under for both ends of the connection if Tailscale determines that you need a “relayed connection”, they have some bandwidth limitations.
1 Like
Thanks for the clarification.
Thats the thing. Its one thing to know how to do it. Doing it correctly and securely is a separate thing altogether. Tailscale may be the better option for most intermediate tech savvy persons.
May I ask what led you invested in this? Are you using a home internet provider with cgnat that limits port forwarding for your network with services like Jellyfin or Emby?
Yeah. My ISP at home limits port forwarding, and I want to stream games from my desktop at home to my laptop (with Sunshine/Moonlight)
1 Like