TBH I still donate $5/mo to Mozilla. But only because someone has to fund the upstream development of the browser I actually use (and which arguably is the browser Mozilla was supposed to be)

CGNAT and changing IPs make this harder. What I’d consider in this scenario is renting a small vps at a local provider (a tiny/cheap machine is enough). Then use this one as a hop to your network, basically homelab->vps<-client. Here is a post that talks about something like that: taggart-tech.com/wireguard/

I haven’t used this method personally, but I’ve done something similar for incoming web traffic before, when you want to host things behind a CGNAT. You can actually keep all the traffic confidential by having just an L4 proxy on the vps, then the http traffic is still end-to-end encrypted between the client and the service, so you don’t even have to trust the vps provider when it comes to them snooping. They still get some metadata, but not significntly more than the ISPs.

The simplest would be renting a VPS I think.

I grabbed an Oracle free-tier many moons ago. The x86 one with 4 gig of memory I think? The arm have a much more core and memory but unless you go with Pay As You Go (PAYG) account ( need a one time refundable $100 credit) it’s virtually impossible to grab it.

My free tier account is sufficient as pure VPN for accessing stuff, you get 10 TB/month egress traffic. The downside is it’s Oracle, and you are at their mercy ( they can purge it without notice )

I never tried it because CGNAT but maybe Dynamic DNS could also solve this.

Other than that, Tailscale / CF tunnel etc are a fine solution ( for now )

If you’re not dealing with CGNAT, Dynamic DNS (DDNS) is relatively easy to set up, doesn’t require a VPS and is designed specifically for dealing with changing IP address endpoints.

Instead of connecting using your (sometimes changing) IP address, you use a URL that dynamically updates when your IP changes. For instance, with DDNS you would access your home network using mynetwork.ddnsservice.com. The DDNS service returns your current IP and your connection can complete. Most routers have built DDNS clients that update the DDNS service when your home IP changes.

There are various DDNS services out there, but I like DuckDNS. It’s free (or you can choose to donate), easy to set up and has worked flawlessly for me for years.

See my comment here, infosec.pub/comment/21363677

Off the top of my head: - Bring your own domain for homelab - Gateway/httproute support in Kubernetes operator - allow connecting tailnets to each other - allow connecting to multiple tailnets simultaneously without ridiculous workarounds

• fix the documentation bug I reported 3 years ago, before it became a problem for stable Linux distributions. Instead of leaving up documentation that literally prevents the client from working and is an even bigger problem for stable distributions now. Yes it’s my pet tiny bug, but how much effort can it really be to rewrite one section with configuration that DOESN’T break the product. I even wrote a suggestion for them.

Tailscale is Canadian

Ah, nice. I actually didn’t realize that. They are also open source friendly https://tailscale.com/opensource I don’t hate Tailscale, btw. They seem nice.

But, I like Netbird lets you self-host the server components. And, an important feature for me, is that Netbird doesn’t require me to create an account with Big Tech to use the service. Right now I created a dummy account with GitHub just to use Tailscale, Netbird just allows me to create a username and password. E-Z P-Z. No extra hoops to jump through.

After switching to Netbird, I’ll be able to get completely off of GitHub.

Whoa did not know this, this changes some plans over here.

Hopefully also part of Europe soon. Geologically, our land masses were very closely connected, but it was a few years ago.