this post was submitted on 15 Aug 2023
14 points (88.9% liked)

Selfhosted

40218 readers
988 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Total noob, but I set up TrueNAS/Nextcloud on an old laptop and it's working great locally.

What would be the easiest secure way to access my files remotely from my phone and/or laptop?

you are viewing a single comment's thread
view the rest of the comments
[–] loganb@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (1 children)

My recommendation would be some kind of VPN. If your looking for something plug and play and free, look into zerotier.

If your home internet connection sits behind CGNAT, like me, just buy a cheap vps and set up your own wireguard network.

Both solutions avoid exposing your services directly to the public internet which reduces attack vectors and adds an extra layer of encryption.

[–] NENathaniel@lemmy.ca 2 points 1 year ago (3 children)

Idk what CGNAT is tbh so I doubt it.

Other comment mentioned OpenVPN, would you say Zerotier is an easier option?

[–] loganb@lemmy.world 4 points 1 year ago (2 children)

CGNAT = Carrier Grade Network Address Translation. It makes it practically impossible to open ports to the public internet and in some extreme instances make zerotier very unstable. Typically you only have CGNAT if your internet connection is 4G or fixed wireless.

OpenVPN is just a VPN protocol. Roughly comparable to wireguard. It has been the gold standard for VPN technology for the past decade or so. Wireguard by comparison is much newer, and lighter to run. This typically results in faster throughput from a computational standpoint and devices where power is limited (cell phones), uses much less power by leveraging modern CPU encryption methods.

If you have the option to port forward on your home internet connection, its possible to setup a VPN connecting in a straight shot from your home to your roaming device. If you can't port forward, you will need a main in the middle (the VPS) to establish and route the connections through.

Zerotier works off of a PTP style network and the free plan allows up to 50 devices when last I checked. I'm not sure on the availability of zerotier or wireguard on truenas as the last time I used TrueNAS was Scale 22.

[–] lupec@lemm.ee 1 points 1 year ago

Btw, Tailscale raised the free tier limits a while ago and it's now an even more generous 100 devices/3 users

[–] tuff_wizard@aussie.zone 1 points 1 year ago

My provider uses CGNAT in AUS and I’m on fiber then copper connection. Luckily they just had a option on their account page to turn it off.

[–] unscholarly_source@lemmy.ca 1 points 1 year ago

I had literally just set this up on my truenas instance yesterday (even though I've been using ZeroTier for some time). The key thing to recognize is that truenas whipes out any modifications to its system after a reboot, hence the need for this script.

https://alan.norbauer.com/articles/zerotier-on-truenas

I've heard great things about tailscale, but just have had an opportunity to try it.

[–] mypasswordis1234@lemmy.world 1 points 1 year ago

It is a NAT, but created by an operator. The operator does not give you a real IP address, but instead hides you behind his own NAT and gives you one private address.