Another Lemmy thread led me to thinking about getting a cheap VPS for my homelab. I’m double-NATted by my ISP, so I can’t do traditional port forwarding. I’d like to get a cheap VPS, install Tailscale on it, and access my homelab from anywhere without having to have Tailscale on every device I use (at work where I can’t install it, for example).
I found a cheap VPS company and the plan I was looking at gives 1000 GB bandwidth per month. Some of the things I want to access are media servers (Navidrome and Jellyfin). So if I set up the VPS with nothing but a reverse proxy and Tailscale, will all my Jellyfin traffic go through the VPS and count as bandwidth used?
How/why are you double NAT’d? Is it the ISP’s fault, or did you setup your own router behind their NAT’d handoff? If the latter, you can work around this.
Some other options to deal with the former:
Regarding Tailscale: you shouldn’t need a VPS for this. Even though you’re stuck with dNAT, the Tailscale client should be able to figure out a way to communicate with you wherever you are with DERP servers. Install on your phone, then a machine at home, and try it out.
It’s the ISP. I’ve asked about it, they won’t let me do anything about it unless I sign up for a business account at triple the price.
And no, I don’t need a VPS strictly for Tailscale, but i do want to access my tailnet from machines where I cannot install Tailscale (at work and on a roku tv in a remote location, specifically).
I don’t know where you work but don’t access your tailnet from a work device and ideally not their network.
Speaking to roku, you could buy a cheap raspberri pi and usb network port. One port to the network the other to roku. The pi can have a tailscale advertised network to the roku, and the roku probably needs nothing since everything is upstream including private tailscale 100.x.y.z networks which will be captured by your device in the middle raspberri pi.
I guess that’d cost like 40 ish dollars one time.
DynamicDNS will get you there without having to pay for VPS host traffic prices for ingress though.
This won’t work, your wan ip isn’t dynamic, it’s on the ISP NAT network and your resulting ip to public services is shared across many customers. CG-NAT.
It will with Tailscale though, as OP mentioned using. Tailscale clients reach out to DERP endpoints to create the routes they need to communicate with other clients. dNAT wouldn’t matter.
Source: don’t this with Tailscale vanilla and Headscale