Hello all fellow geeks!

Yeah I’m a proud geek!

After 2 or 3 weeks fiddling with making my own cloud at home, aka self hosted cloud,
and about to throw in the towel thinking, “I’m puny. I don’t have the skills for this! Give up buttercup!” …Knowing that my inner Yoda-nerd will never give up! I gave up on Google and other data harvester for a reason or five…

I ask this first:

Can I have anything on my LAN, on always on VPN, connect from outside via a domain name as xyzxyz.com??

My case:
I want to have my own “cloud” at home, for mainly share family photos with my family. Long story short, my mother and grandfather used a few summers, manually scanning 1000’s if not 10s of 1000’s pictures, all the way back to 1950s! As the family geek, I want to pay my respect to them 2, and offer to make a cloud for them, to share with the whole family.

I tested out TrueNAS Core, with NextCloud, and on my LAN, I love it! It have all the bells and whistles I want.

So I installed a physical server in the basement, with TrueNAS Core, and Nextcloud, copied over all pictures, and all is well.

Over the next 2-3 weeks, I follow between 20 and 50 different guides, on how to get this online.

Bought a domain, actually two, for two different providers, for trouble shooting reasons. Because… No matter what, none of my domains, connect to my home server…

What I have tried:

Both domains is now in Cludflare. Also because trouble shooting reasons.

The caveat if I cal call it… Is that my LAN is behind a pfSense box… ALL my LAN gadgets must go out of this house via VPN tunnels. Controlled by aliases. Gadgets not in correct alias, can’t exit this house.

Is THAT my problem??

Even though I have sat up DDNS for my Domains, Cloudflare get the correct IPS IP address for all my sub servers.

I have tried HAProxy clean. HAProxy with Virtial IP. Also in FW Rules, ALL ports open direct to my NextCloud server, still my xyzxyz.com addresses, with correct DDNS, with Challenges sat up, with Certs made through Acme certificates service. NOTHING helps!

I even installed a brand new bare metal Ubuntu Server, followed a guide to the dot, with install Nginx and Let’s encrypt bot.

Fail, fail fail. Can’t connect my server, Let’s encrypt bot can NEVER issue a cert, blaming this and that. I even open up for IPv6 in pfSense. No go!

Now that I wanted to say “GIVE UP, NERD!” In the shower, it hit me…

“Is it because my Server in the basement, is always on VPN???”

So I ask you gurus, that KNOW this stuff.

Must the server be off VPN, or do I have to make some special adjustment somewhere because my LAN Server is on a VPN?

ANY tips and tricks is highly appreciated!

    • Little-Math5213@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Because I care too much about data harvesting and trying to be a bit privacy minded in this house…

      Since wife and kids don’t care, I have to care for them, so everything on this LAN goes out via VPN’s on that pfSense.

      Even 3 different VPN’s, depending on what that gadget do, even 2 different countries for streaming. (wife and kids like foreign stuff to watch)

      • Large___Marge@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You can prevent most of that data harvesting by using pfsense and packages properly. DNSSEC and pf-blocker ng are your friends. If the devices are using cookies for websites and services, which they most likely are, the harvesting is happening anyway, regardless of VPN use. That can only be mitigated from the client, if at all. Your issues with routing are likely due to how you’ve setup WAN, VPN and your NAT rules.

        • Little-Math5213@alien.topOPB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          You’re right.

          And yes I use pf-blocker too. It’s a God send.

          My issue was port forwarding on always VPN. VPN tunnels need be configured for port forwarding.

          So all works for me now.

          Thanksgiving again 👍