static public IP address
January 4, 2024, 17:38
I need a static public IP address but have no clue where to begin. I need this for a wireguard vpn, it will be set up on a pi 4 along with wireguard and will be used not only to encrypt my data when I'm not at home but also allow me to access my pi and let my pi hole block ads for me even on the go. any help is appreciated so thank you for even reading this. once I have this set up I feel like life's sorted for me lol 😂
1. Use a tunneling software
2. Buy static IP from your ISP
there is no other way afaik
tbh i would just use cloudflared
tho you need a domain for that
or you can set up a rathole server on a remote dedicated
whats a tunneling software? oh and im also attempting to do this the free way if i can
oh wait it looks like wireguard sets it up for you?? idk ill just test it and report back
should i do this? i dont even think my phone has ipv6 which is what ill use it on
im just gonna press yes
ok i did etherything and it seems promising but when i install the app and add it via the qr code i cant access the internet
ngrok, cloudflared, playit.gg, rathole and such
you open some ports to internet
clarify first: do you want a static ip on a device in your network or do you want a public static ip?
I think I solved that. but if you have a solution just to make sure I want a static public IP so when I connect the VPN it doesn't change on me. apparently I need to do that
public or private static ip?
or if I don't you tell me, I really have no clue what's happening lol
public
*apparently
do I need that for wireguard? I guess that's the first question to ask
rent a 1$ vps and setup rathole
is there any free option? remember I can't work yet so not much option for like a subscription
and I really don't want to link my credit card to anything rn
you cant afford 1$?
im sorry for you...
I can I thought you meant it's a subscription?
1$ a month yea
oh not bad at all
ok how do I get that?
is this like a website?
yes, something like this
there are a lot of cheap vps offers out there
any specific one? can you recommend some? especially one you have used and know how to use so then it's easier for both of us
i have used the 1$ hostvds one, can recommend
https://hostvds.com/#cloud
other than that i currently also use contabo (not so good, cant recommend)
and alexhost (good, can recommend but expensive)
ok so I paid, do I create a new instance now?
yes
oki dokie
any preference I should have on the image?
<@661583386992836619> I'm in ssh, I chose cent os because it's lite. what do I do now?
not sure about centos
I thought you said you have it on a docker image because it's so lightweight?
but first change ssh password to Something secure And block all ports is always the first step
how do I do that?
never mind just saw you said alpine ðŸ˜, well that wasn't an option
the video you sent me suggested cent os. idk it was the first one and they're all just Linux right?
I can change it if you want?
your choice
these are the options
choose whatever you want
I am not informed enough for this
eh I'm gonna go with debian, it's the safe option ig
ok Im in again, how do I do this?
I've already changed the password
standard ufw setup
wait I just realized, did you get me to get this so I can run wireguard there?
thanks but that kinda defeats the purpose of why of this. using my pi it will also let me use pi hole anywhere and with the static IP I can ssh from anywhere. so is there any way I can do this on the pi itself?
Yes, with a domain and dyndns.
may you explain a bit more?
You can have the domain providers refer to your public IP so that requests to the domain are automatically sent to your public IP.
Because the IP changes and you don't want to manually enter a new one every day, dyndns is used. There are scripts that query your public IP and then communicate this to the provider of your domain. This way, the correct IP is always set automatically.
oh im happy with that, so how do i do it?
<@348421858519154699>, what should i do first?
ok, so. going through the process for a hosted VPS is waaay overkill in most cases.
The easiest way to get this working with a dynamic public ip address is to use a DynamicDNS provider.
There are heaps of them.
I've seen a number of modem/routers that have the option built in to them. You just sign up with the free DynDNS service, input your login details in the correct area on your router and it'll handle it for you.
Some will have a client you can download and run on a computer that checks the IP every hour or whatever.
The PiVPN even has an area talking about them and it looks like basic instructions for a client to use.
https://docs.pivpn.io/faq/
Now, the one issue with this is if your internet connection is on CG-NAT.
This is very common with 4G/5G connections and on the home plan of Starlink.
Do you know what your internet connection is?
You have a third option, Dynamic DNS, yes it is not a "static IP" but it will fulfils the goal of having a device that is reachable from public internet.
as per the screenshot in general, it is even built into the router
but as i mentioned above, if you're on CG-NAT that won't help.
Sometimes you can be asked to be removed from it by your provider.
Carrier Grade NAT is a PITA. And I don't really know how that could be allowed in IMS! But the telephony world is a beast that I have tried to fight against my hole life.
well, apparently we're running out of IPv4 addresses... again?
but realistically, for most people it doesn't make a difference.
If you all need to do is e-mail, youtube, play games on your phone and watch netflix, who cares?
ok i think ive done it
Yes, I agree why would anybody be annoyed by being limited to just email, youtube and gaming. Lets make all to passive consumers as it was in the good old days.
ok i did etherything but its still not working. im gonna take a break from this project and get back t it later
What exactly did you do?
linked it to a domain and reconfigured wireguard to use that domain then port forward it like you said in the imager
So I didn't write anything about wireguard, because I don't know how to set it up. I only said what is needed so that the domain always points to the public IP of the router.
Have you set up the dyndns?
if you ping the dynamic dns hostname does it resolve to an IP address? and is that your public IP address?
yes
do you mean if i search it up in the browser?
i mean ping it, from the terminal/cmd
ping my.dyn.hostname.com
ah ok
wait is that the domain or hostname of the pi? sorry ig im realy new to this
my.dyn.hostname.com
is that not obvious enough?
oh btw the site i set this up from is no-ip
the dynamic dns hostname you set up
oh yeah sorry lol
ok it does give a ping back but the ip is not the same as my pis public ip
not you pi, your internet connection
you pi doens't have a public ip, it has a private ip
your internet connection has a public ip that your internet provider allocates you
so do i check my routers?
you can do that, or just google "what is my IP" and it should tell you
or something like speedtest.net
i checked my public ip with curl -s https://icanhazip.com, google says this is how to check
im on headless. but i do have speedtest-CLI ill test
google literally tells you in the search results
nothing of this needs to be done on the pi, this is any computer on your home network.
Everything has the same public ip because everything is connected to the same internet connection
oh i can do this on any? oh im so dumb
ok it is the same then
thanks for dealing with me btw ik im dumb
what do i do now?
now that i know that works
does it?
yes my public ip is the same as the one that comes up when i ping the domain
great
and you've forwarded the VPN port in your router to your Pi's PI Address?
then go back to this part of their website
https://docs.pivpn.io/faq/
scroll about halfway down until you see
How do I troubleshoot connection issues?
And start looking at that.
There is a test you can run that does checks for you.
You'll likely need to update the config with your new hostname, etc
okay will do
double checking now
ok now im unsure whether ive done that
let me go back to your tutorial to check that
hmm it doesnt really say
?
i'm not sure what 'it' is or what it 'doesn't say'
about port forwarding
that can't tell you how to do the port forwarding, it's in your modem/router that you do it
i found it but what do i put for the external and internal port stuff
thats the port that you're using for the VPN
yeah i know everythings different, its stupid
in the config file that website shows it has a port number, what is yours set to?
? im setting a port forwading rule. i set it to my pi and just named it so far
in the website i've linked to you multiple times already
that i just told you to look at
it talks about editing a configuration file
that contains the port number you need
oh i set it to 22 i think because thats the one i think my pi uses
yeah i know it
i just didnt know thats what your talking about
port 22 is reserved for ssh
don't use that
oh damn, should i switch it to 80?
multiple things can't use the same port
no
is there a one thats free?
did it offer a default port?
i cant remember
use the one that is in the example on the website i linked to
ok i think that was 80
no
80 is the port used for websites
i rememberd wrong then
good thing is you don't need to remember, click the link, scroll down the page and you can see it
yeah im doing that now
> [...]
> IPv4dev=eth0 <--- Network interface you have chosen
>
> IPv4addr=192.168.23.211/24 <--- IP address of the Raspberry Pi at the time of installation
> (only consider the 192.168.23.211 part)
>
> IPv4gw=192.168.23.1 <--- Gateway IP, which you will type into a web browser to open
> the management interface
>
> pivpnPROTO=udp <--- Protocol you need to use in the port forwarding entry
>
> pivpnPORT=1194 <--- Port you need to forward
>
> pivpnHOST=192.0.2.48 <--- Public IP or DNS name your clients will use to connect to
> the PiVPN
> [...]
doea that mean the ports 1194?
yup
well, i'm guessing thats the default port.
If you set yours to 22, you'll need to update your config
and anything else that isn't correct
as i said above, you'll need to put in your dynamic host name to that too
yeah
this is gonna take a while, ill get back to you when somethign happens
not sure if i can tell you this but the default port for me is "51820"
how did you determine that?
ok, after googling it, seems that is what wireguard uses as it's default
so, if that is what your config is set to, then use that as each of the 4x port numbers in the forwarding, and then you'll need to set UDP or TCP, that is also in your config
after all that, give it another go
but as i said, there is a command that will do a test, use that first and see if it shows any errors
yeah i found that before with pivpn -h it said is solved something for me
is there any preference for these? my router can set both at the same time apparently
the setting in your router is just telling it what kind of packets to expect.
Set it to both and that'll be fine
okay then
YAASSSS ITS WORKING!
thank you so much, i know i was a pain but you were so helpfull
awesome, thats great
just a question before I close this thread. how encrypted is my connection now? like with a normal VPN it encrypts what searches you make so If you use a public WiFi they can't track you at easily right. along with changing your location ofc. does this do the same thing? I just mean does it have basic level encryption?
tbh i would just use cloudflared
it works really good
yeah I'm intrigued by what it offers. I haven't checked the prices yet but the service sounds really good
cloudflared?
it is free
tho you need a domain
I mean I got a domain from no-ip. can I just put that in there and it will give me all those sweet cloudflare features like encryption, ddos attacks (even tho I won't use it) and stuff
if you can set your name servers to cloudflare yes
for free?
yea but as i said, you need to be able to set your ns to cloudflare ns
I'll look into it
you don't have a domain from no-ip, you have a hostname that they control
yeah i figured that out and went around searching for cheap domains
https://www.ionos.co.uk/domains/co-uk-domain would you say buying a random one from here is a good choice? 1$ for a year
you can also use free domains
freenom.com
but they are weird
be prepared
so i would actually own that domain so i can add it to cloudflare?
also wdym by weird?
<@1071178789939331253> tbh just get yourself a .dev domain
which is cool and usually cheap around 5$ for one year
maybe 10$
tho i pay 2.3~ for a year
im looking around, about to buy one
okay i set that up
last question: is there any way to test the security of this and the encryption? because ig im not so confident in this until ive seen it for myself
also thank you for everyone who helped its been great. ive never seen so many people contribute to a thread here!
ok nvm I did some research and I'm happy with the result
thank you yet again for everyone in this thread. id just like to let you all know that you made my day ig lol