Hello,
I have a Nextcloud server installed at home that works well on my LAN network, but when I try to make the server accessible via a DynDNS service, I cannot connect to it. The request doesn’t even reach my server. My question is whether the router immediately blocks the request, because when I set the router to be accessible (it has separately that option), I can connect without any issues over dyndns url. Could my ISP (O2) be blocking it? I can confirm that it’s not a firewall issue, and it’s also not because I’m connected to the same WiFi as the server. It’s not a port forwarding issue either, as I’ve gone through all possible options. My router is a Fritzbox 6660, and there are no logs indicating that a request has even come through.
My second question is whether this is even allowed in Germany? Also, I’ve noticed that my ISP rarely changes my IP address; in fact, I haven’t seen it change at all in the past few months, which is strange because in my home country, it changed every 24 hours.
Edit: First, thank you all for your help. I will try your suggestions over the course of this week or month (due to time-related issues :) and will report back with the results. Since I am clearly a noob when it comes to self-hosting and I plan to have only a Nextcloud server for personal use, what is the best way to secure the system in these situations and allow only certain devices to access it over the external network? (if I ever manage to access it at all)
The problem was with DS-Lite tunneling, as some users mentioned, and it only works over IPv6. However, now I have another issue. My entire family has access through their ISPs, but my cellular data ISP does not support IPv6. Is there any workaround that doesn’t require me to look for a new ISP or asking for IPv4 address? 😀 By the way, thanks to everyone for the help!
i would just ask for an Ipv4 address. I asked Vodafone for one and they just gave it to me for free.
Had the same issue. I have a VM at a hoster which proxies requests to my nextcloud server at home. Both the VM and my server on my home network are connected via tailscale. I’ve been using the VM for other stuff as well and happened to have it anyways, I didn’t get one just for this purpose
You get a real IP? Its been cg-nat with every provider for the last many many years in Italy.
I got a cheap vps and just run some reverse tunnels to map ports from it to my home server going trough my cg-nat.
even allowed in Germany?
Yes.
works well on my LAN network, but when I try to make the server accessible via a DynDNS service
I guess your Fritzbox does NAT for your LAN. Then the dyndns address works only when the client is outside.
Does your router indicate that you have DS-Light? I think O2 provides each customer DS-Light until they ask for a real IPv4.
To your second question: In case of DS-Light you don’t need a new IPv4 IP every 24h because your IP is not public facing.
PS: I don’t be sure, but the Fritz Remote Apps use IPv6 to ensure that they also work with DS-Light.
Most likely you are under CGNAT, so your best bet is Tailscale, Wireguard, CloudFlare Tunnel or Zero Tier. Pick your poison.
Wireguard will only work if the cellular or ISP at, say the workplace, have an IPv6 adress or IPv4-to-6 translation
This so much of a lie.
Only the usual suspects (new fiber ISPs, Vodafone/KabelBW and O₂) do and usually on the coax and fiber contracts.