Tunnel to remote gateway for servers?

So I’m looking for some opinions, and experiences from others that might have done this.

A little background. In Canada our internet providers are frankly in trouble. We used to a bunch of independent companies that were very customer focused, and often would provide static subnets , even to residential customers. Recently thanks to the government sticking their nose in the middle of things and messing things up, the independent companies are dropping like flies.

So in my case I have 2 connections at home both with static ips and I enjoy running a few servers for my own use. When my providers eventually get swallowed up I fear that I’m going to loose my static ip’s. The odd thing is that I will loose the ip’s but I will gain fiber . So from 50meg DSL to 1.5Gig Fiber.

So I’m thinking what about a tunnel to a remote host to get to my static public ips. Essentially a remote gateway and do the NAT there to get to the public ips’.

Here’s s picture

image770×673 38.1 KB

To try and cover everything yes cloud servers would work but I enjoy having the flexibility of having them locally, and I’m going to be paying for the local internet anyway, and the cloud vpn host would be minimal and cheaper than having all my hosts in the cloud.

The idea of a tunnel sort of worries me, but When I think about it, in Canada our DSL is PPPOE and the back end has tunnels to the providers, so essentially my traffic is on a tunnel either way, the only difference is that my tunnel would be on the internet side which of course is not a guaranteed service (across the internet anyway).

One of my current providers has also offered to do the VPN tunnel to their infrastructure for me right now so which is great for now, but if they eventually don’t survive I’d like to have a plan b in my pocket, and do it myself.

Ok I think that’s enough to get things started…

Thoughts ?

Options:

1. Tailscale litterally takes minutes to set up between two devices, has a free tier, will traverse level of NAT, does not require open ports.
2. There are litterally 100’s of free tier DynamicDNS providers to allow you to connect to a dynamic IP via a hostname.

thanks I’ll take a look at those options.

The dynamic dns is a last ditch option. I currently have 2 /29 subnets with one provider and another /29 with another. While I could condense some of it down ( I really don’t need all the ip’s I have now) condensing them down to 1 ip and trying to do with with a dynamic provider would be a challenge. The other thing, and this may have changed, but if your ip doesn’t change enough, the free dynamic providers sometimes don’t like it and decide they want to charge. Again I recall that being an issue but it’s been quite some time since I last looked at them so maybe that issue doesn’t exist anymore.

The other issue I have to be careful with is some of the bigger telco ISP services block port 25, which would make my mail server a little unhappy.

I’m also playing around with the cloud vpn option too… I picked up a small VPS from OVH for next to nothing/month and I’m taking a stab at creating a tunnel from my pfsense to strongswan to try some testing there too.