Is there a free way of getting a static ip from home? Currently I OpenVPN into a vm and port forward traffic to my homelab
Ddns and reverse proxy could work, for a VPN you could probably tie ddns to your IP if you can use the VPN with a domain name.
Depending on your use case, CloudFlare Tunnels could be an option (as long as bandwidth isn’t crazy). It requires your own domain name.
I also use DuckDNS (free / donation dynamic dns service) and it’s worked great for me for many years (I even cname my own domains on my duckdns subdomains for various things)
How I used to do this before I got a business contract with my ISP:
VPS with public IP, WG connection between home and vps. Iptables rule to forward all incoming traffic on the VPS (besides SSH port) to pfsense running at home, then treating the WG connection as a WAN connection in pfsense. This way I could manage all firewall rules in pfsense.
Yes, i could’ve blocked at vps level and avoid forwarding unnecessary traffic, but I wanted to make it easy to configure new rules
for ipv6 (if you dont already have it) you can use Hurricane Electric then for http[s] you can use cloud flare to allow ipv4 only network access you
Do you need it? How often are you assigned a new IP?
I’ve had the same DHCP IP for close to 7 years now.
I use ddclient. It automatically updates my ip address linked to my domain name, so whenever my up changes the domain is up to date
Ask your ISP they can tell you your options.
Not every service needs a static IP.
Only services like emails that require reverse domain (IP2domain) lookup need static IP.
For other services, you can dynamically update domain2IP.
You can get a /48 for free from Hurricane Electric.
Try netbird.io
Base Account is free for 5 Users and 100 Peers.
Peers can be configured for access to private networks or as an exitnode.
That really depends on your ISP. I got a static IP address from mine for a one-off charge of £5, and I chose that ISP specifically because they offered that.
Otherwise, the option is to continue what you are doing at the moment.
And this VM is placed somewhere outside of your homelab? On some VPS or cloud? It’s a good setup then. What’s wrong with it?
Otherwise you can also switch openvpn to zerotier or tailscale. Few years ago I ditched my external IP with DDNS setup for ZT. My DNS domains are set to ZT IP of my proxy server. When im outside i enable the client and i have access to proxy. When im inside of my homelab i overwrite domain to internal IP with my internal DNS (adguard home). Works perfectly.
Or you want to serve some games/services to the outside world? Then some cloudflare tunnels could help you with that.
You’re talking about IPv6 I presume? How often does your prefix change?
My isp doesn’t give me a public ip though
Then you’ve already answered your question. And to be fair, you’re already doing it right with the VPN and forwarding only the necessary ports.
This is a different thing than static IP.
If you are behind CGNAT you have three options:
- Use ngrok, which is not free for TCP or UDP tunneling
- Use Tailscale instead of OpenVPN, which is free for limited personal use.
- Contact your ISP or carrier to see if you can get a public IP
If you go for #3 and can only get a dynamic IP, then you need a ddns provider to be able to associate your current IP address to a static fqdn. Providers such as duckdns or noip, and many router manufacturers have their own ddns service. Or, if you own your domain name, your registrar may offer ddns, or you can move your ddns hosting (and, if desired, your domain registration) to cloudflare, who offers ddns for free (domain registration is a paid service, but is the cheapest around).
I think Tailscale is probably your best option. If your router doesn’t support it, you can run it on any PC or server in your home. Even proprietary NAS’s have a Tailscale plug-in.
Look into TwinGate or tailscale or similar services, then you can get a way in to your network without a fixed ip nor open ports etc.
You can use the Cloudflare DDNS Updater to make this a non-issue. It automatically updates your IP in your cloudflare DNS entry so that your hosntame always reaches back to your home network. I have mine running every 60 seconds via a cron job and havent had any issues.
Yea so buy a domain, tie ddns to it so it’ll always update and match up to your IP and then you use the domain that doesn’t change as your route