Maybe the IP is wrong? Can’t ping or get any kind of response.

my ip has been static for like a year. they changed it to the one I have now: dig +short myip.opendns.com @resolver1.opendns.com 24.84.153.116 so I updated my dns (ln.damus.io) to that, but now I can't connect to it from my external VPS. thinking rogers (my isp) started filtering me. no other config has changed.

gonna change my port to see if its a port blocking thing

bleh nothing. guess I'm switching ISPs

Can they actually know that it's lightning traffic? or are they just blocking the ln.damus.io?

rogers recently bought shaw (the ISP i was with). it looks like i just got kicked off my static ip into a CGNAT, so I can't host anything anymore. lame.

cannot connect

That sucks.

Cgnat is 💀 Look into cloudflare tunnel... Free

24.84.153.116:9735 timed out

I'm passing off a 2 second AI query as my own 😂 Alternatives to Cloudflare Tunnel For ease of use and features: ngrok: A popular and feature-rich option for developers, it's known for being easy to set up and use, offering features like TLS tunnels. LocalTunnel: A straightforward and easy-to-use tool for quickly exposing a local port to the internet. Pinggy: A simple and accessible alternative for creating tunnels. For private networks: Tailscale: Ideal for securely connecting your own devices in a peer-to-peer network, often used for accessing a home lab or NAS. Unlike Cloudflare Tunnel, which acts as a reverse proxy, Tailscale creates a private network that only your devices can join. For self-hosted and maximum control: Pangolin: A self-hosted solution that combines features of Cloudflare Tunnels and other tools like Traefik using WireGuard for a high degree of control over your infrastructure. Traefik: A modern reverse proxy that can be used to build self-hosted solutions similar to Cloudflare Tunnel, giving you full control over your setup. Other options: LocalXpose: Another alternative for tunneling. Zrok: A self-hosted option with a focus on privacy and easy sharing.

Put tailscale on your machine Run a vps, the cheapest one you can find Put tailscale there Write a caddy config that routes traffic to your home server via tailscale. Problem solved

Do you pay for static IP? With some ISPs that is part of the agreement and so maybe the new ISP is breaching yours...

I will guide you through the whole setup over here if you want

I don’t think there was an agreement, it was just how shaw had their network setup

Already did this but just used wireguard since tailscale is a backdoor into your network nevent1qqsgk2hhnr5zh7fgc0k9c48t3n05tdtmwl6n383em9hntgqtz4zlxtgl9ynyx

why is tailscale a backdoor since it's also WG

tailscale has a control plane which can add a removes machines to your mesh. they control this unless you run your own. its just simpler to run wireguard imo

they could in theory backdoor into any tailscale network. scary shit. I wouldn't be surprised in governments are already thinking about using this.

seems to work? { "id": "03f3c108ccd536b8526841f0a5c58212bb9e6584a1eb493080e7c1cc34f82dad71", "features": "0898882a8a59a1", "direction": "out", "address": { "type": "ipv4", "address": "45.79.91.128", "port": 9735 } }

yeah I have my VPS acting as a wireguard proxy for now

What about headscale?

IPv4s finally got expensive enough that it became worth it for legacy carriers to transition networks over to CGNAT, at least if they’re already redoing it like in an acquisition. Sucks…

was able to hack a fix together with wireguard: View quoted note → its nested noise protocols all the way down

Damn sorry brother

Not true, or not entirely true The control plane can be self hosted (headscale), and they have a mitigation for mitm or attack surface in the control plane - tailscale lock. It's FOSS, on their clients, if their control plane is FULLY compromised, literally completely taken over, they can still not add new machines, nor access them, at best they can shut you out of derp (can't even prevent your already logged in machines to connect because holepunch)

Tailscale

Tailnet Lock white paper · Tailscale Docs

Learn details about Tailnet Lock.

now i probably need @semisol to explain because I'm 5 and retarded

basically tailscale does direct connections between nodes, yes, and it is encrypted but these nodes at the start don’t know each other, they ask the tailscale control plane “what nodes are there” if the control plane lies and inserts fake/impersonating nodes, it could pretend to be your trusted laptop for example

this makes no sense. if they couldn't add machines then how do they add your machines? something has to coordinate everything.

i meant to reply to View quoted note → not sure how that happened

With lock, YOU are the one coordinating. After a machine gets added it can't do anything until YOU sign a lock message. (I.e. sign its pubkey and publish that)

It's true without tailscale lock, please look into that feature