You could make a bitcoin fork that lets you commit hashes to a central chain that users can index like a hashmap to find content. Such a chain would not necessarily be a bittorrent only protocol, since ipfs and TOR can benefit from name services like that too. Namecoin already exists and can possibly fill that role. What you would do is either commit novel entries, or commit tags that point to existing entries. So you can upload an ISO file with its canonical name and future transactions can point tags to it describing it, like "Ubuntu" or "16.04" or even "fake".
It would be a giant mess to parse though, since you need to keep the canonical chain in order of block allocation while having a hashmap into it of all the tags and corresponding data.
That is correct, the information that ties the .bit domain you register is only modifiable through your keys.
https://namecoin.info/?p=video
Much like you can't "take" Bitcoin away from anyone if their keys are kept, in, for example, a "cold storage". Or you could even make a brain wallet in order to have no paper or electronic data laying around with the info on it.
Third parties even have options for you to be able to do it without having to have any actual Namecoin, utilizing any of the existing coins tradeable on shapshift:
Just posting one I used as a broke high school student:
You don't even need a domain name. You can piggy back off some free ones they offer.
Costs exactly 0 dollars, and I would still use it if not for namecheap offering it with my domain name.
I have looked, and these instructions are just generic instructions to join an AD domain. Nothing Microsoft-specific.
I guess the fact that you are unable to join from outside is because the domain is not properly delegated to Microsoft in the public DNS, and is therefore only visible from within the Azure network. I.e. the same reason why your laptop can't join my "home.lan" AD domain (known only to my DNS server at home) if you are not my guest.
Get a real domain name (a free one from freedns.afraid.org will do), get a subdomain for AD, create the NS records and glue records pointing to your AD servers (give them public IPs), and maybe it will work. Well, except that giving AD servers public IPs is a bad idea for security - so better configure DNS replication to some less-valuable hosts with public IPs.
While encryption will continue to be used and strengthened, I think you are spot on with your assessment of the sad state of certificate authorities. Those companies are living on borrowed time, and they will be replaced by a better technology in the future.
The only alternative I've seen so far is namecoin's implementation of the .bit domain. Domain names there, once created, cannot be seized, shut down, or interfered with in any way by someone who does not hold the corresponding coin/encryption keys. Certificates are created and held by the holder of the domain itself and stored with the domain name itself, they can only be changed by the holder of the keys. This effectively denies all forms of third party interference with the ownership of the names and the keys.
It's still a young technology but what a great idea - a cheap decentralized DNS replacement with a built-in decentralized CA replacement, riding on an anonymized transaction network (better than private DNS registrations, anyway). Going forward, this is the kind of technology that will take the ownership of the internet and its security out of the hands of governments and corporations. Imagine their frustration at being unable to seize domain names or compromise security certificates.
For now you need a plugin to resolve the .bit domains, but there are some nameservers out there that have integrated .bit and support looking it up via regular DNS.
I don't know any blogs or sites, but Namecoin is very interesting. https://namecoin.info/ Its a bit hard to set up for non tech users, if it proves to be promising hopefully someone will make it so its easy for the average user to set up and use.
Hi,
First of all, why are you using sudo to run a curl command ? I'm curious about why you would require root rights to run a plain curl. Can you test by running duck.sh as a standard user and see if it takes another 15s, so we can rule out sudo configuration ?
Also, if you make it as simple as possible and run from the terminal the plain curl command like that, what do you get ? :
(replace above with the domain and the token that match your account. Notice that there's not "url=" part with this syntax, so don't copy/paste url=).
Einfache und effektive Lösung ohne viel rumbasteln mit ufw/fail2ban.
Pivpn installiert in weniger als 5min
Dyndns bei afraid
Und die Portfreigabe bei der fritzbox
Das ist ein eleganterer Weg als ssh,rdp etc. offen erreichbar zu haben.
Habe ich mir so vor kurzem auch eingerichtete um auf pw Manager und Nextcloud zuzugreifen, hat den Vorteil, dass man mit openvpn tcp 443 trotzdem aus dem uninetz rauskommt ohne irgendwelche Sachen wie obfs machen zu müssen.
I'm a fan of Afraid DynDNS https://freedns.afraid.org. However, Dyn DNS doesn't handle roaming very well. EG: using SSH in a coffee shop, etc. For each location, you have to pinhole port rules, and that sucks.
Instead, I set up openVPN on a server, then SSH to the clients over the VPN. Not any harder than DynDNS / Port forward route, and also allows for roaming and doesn't cost anything. Your server can be behind DynDNS if you don't have a "proper" server.
Lots of ways to skin that cat!
I imagine DNS Made Easy would: http://www.dnsmadeeasy.com/
However they do have a processing fee for small payments.
a solution from someone like DynDNS is what it sounds like you're looking for.
You'll need to set up a hostname for you to use (usually $10/yr for a .com) then have something setup on one of your machines that checks periodically (daily, hourly, etc) to see if your IP has changed since its last check. If it has, it will update the dns record for your hostname.
Now, you just use your hostname rather than your IP
> All of the article is about is source code hosting. He never mentioned web site hosting. Did you even read the post?
I did and I'm all in with /u/disclosure5
The post is basically "don't put your stuff where money runs the business" - guess what; hosting of anything costs money and the money they earn is running the business in any way possible, including political and decision wise.
So, while you might not appreciate hosting your static website with GitHub because of the contents of that post, don't waste your time imagining that anywhere else you buy any kind of hosting has different priorities. But for the sake of argument, lets just pretend that's not the case.
Host your own shit; for $15 af month, you can get a droplet with 60GB of space and 3 GB of RAM via a VPS. Install git, webserver, mailserver, cloud server and use a free dns hosting service, like https://freedns.afraid.org/, for your domain - and be like Tom. Because Tom prioritizes.
It simple, it's cheap and you're in control.
That's a good free dynamic dns hosted by some geeks who just do it for fun
It doesn't make you create an account but you need to link an account from another site. Reddit is supported hahaha
>there's no free alternatives that don't rely on the whim of an ISP or third party services
Yes, it's a third-party service and you sound pretty against that... but it is free, provides IPv6 support, and allows easy dynamic IP updates. I've had going on probably ten years of no-problems experience with FreeDNS and Joshua is pretty responsive if any issues do pop up.
CCproxy is really easy to use but has a cost. I am sure one could find a pirated version but that is your call. Then I forward port 808 on my router to my desktop running CCproxy.
The hard part is the IP to connect to. Your home IP can change from time to time. While most people this happens slowly enough that one could Google "what's my IP" and that would be their IP for like months there is always that chance it could change and you would have to get the new number.
There are two ways I like to handle this problem.
If your router supports DDNS then use https://freedns.afraid.org/
Or. Just use Chrome Remote Desktop. Your school will not have that blocked and you can use it to remotely use your desktops browser to Google "what's my IP".
What's wrong with afraid.org? You can choose from thousands of domains there. Keep in mind though that any free service is going to have you at the whims of others. I had my Dyn accounts expire, but freedns.afraid.org has always been reliable for me. Use the more popular domains (preferably the ones run by josh - the owner of the service) for reliability/longevity. Edit: By the way, I don't think you can register <subdomain>.afraid.org, it's reserved for the service only.
If you need to access it from outside your LAN, you either need a static IP from your ISP, or a dynamic DNS provider. There are quite a few out there, both free and paid. I used to use DynDNS, but they don't offer a free version anymore. I don't use one anymore, but the one I linked seems to be popular since I see it mentioned on reddit now and again.
Moved to them as soon as Dyn made it clear that they didn't want people using their free service (the 30 day nonsense).
I update my record via a homebrew shell script on an OpenWRT router, run via cronjob.
I also have a CNAME set on a subdomain of my actual (.co.uk) domain to point to the dynamic (sub)domain.
You do realize that if someone is after you they could still just lookup your nameservers and DDOS them, right?
I'm not sure what you're trying to achieve by having your own nameservers...
But if you are looking for a solid Authoritative DNS provider, I'd recommend http://www.dnsmadeeasy.com/
https://freedns.afraid.org (click “subdomains” on the left)
You get a subdomain, so it will end up looking like “example.us.to”, but it’s completely free and has served me well for years. They have a variety of free dynamic-dns update clients as well.
I use Free DNS (freedns.afraid.org) as my dynamic DNS supplier. Basically you register a public DNS entry that points to the public IP address of your router. Then you run a script on your router or setup a client application on any device in your home network that will update the Free DNS servers with your current public IP address any time it changes. If you own your own domain, Free DNS can use it, but they also have dozens of domains available for you to use.
​
been using them for years. never had to log in unless I wanted to change something.
edit: they also have premium services but if you just need a domain name, they offer that for free.
Well, there's Namecoin, but the folks at KAT would have to register there. If their IP is staying put when their domain names are are seized, you could always add an entry in your hosts file.
For unknown people? Yes! Can be a lot, not because people will necessarily invade your computer, but they can compromise your conection easily if they want. However it's avoidable if you use a free dns, https://www.duckdns.org/ for example is quite easy to setup, gives you a valid SSL and you have a "name" instead of numbers to give to your players that will never change even if your IP changes > you simply access duckdns and update your IP. Check the #documentation channel at foundry discord and you will see that the last posts have 2 good guides for that.
I don't know anything about dyndns (I use the marvellous duckdns instead), but if you want help, it would be useful to put information in your post that tells us what the problem is, other than a vague "I have a problem connecting".
What are the symptoms? What messages, error or otherwise, do you see? What happens that you don't expect? What doesn't happen that you do expect? Have you had it working before and it's stopped working, or has it never worked for you? What have you tried? etc.
You could get a free (sub)domain with DuckDNS (e.g. gonsa.duckdns.org). You can get multiple (sub)subdomains with it (e.g. plex.gonsa.duckdns.org, nextcloud.gonsa.duckdns.org). If you combine this with the SWAG container as the reverse proxy, it's stupidly easy to set up - just enable the relevant nginx proxy configuration files that ship with the image. The SWAG container will also do SSL certificates, fail2ban, geoblocking and authelia integration.
Looking up on whois shows thruhere.net is registered to and by dyn.com, which is Dynamic Network Services, Inc.
Trying to go to www.thruhere.net redirects to this: https://dyn.com/dns/dyndns-pro-free-trial/?domain=thruhere.net
Not sure what you mean with "no sign-up". How would you validate who updates the IP to your DDNS entry?
If you mean "Free": https://freedns.afraid.org/
Used them for a long time before I bought a domain for my homelab.
Indeed. Causing issues with our VPN, Email and Web Servers.
What's everyone's go-to DNS provider? I have had several personal projects hosted with freedns.afraid.org for years and never had an issue with them. Thinking about moving our company's external DNS to one of their paid tiers.
You could set your router up to use a dynamic DNS service like https://freedns.afraid.org and then run a function app or automation script to watch for changes. Simple nslookup can detect the change and get the new IP to add into the NSG.
Other option is to use https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time which will detect your current external IP when you submit an access request.
Wireguard as your VPN allows you to point your webserver to an external entity (whether that is a DigitalOcean droplet, EC2 instance, whatever) and is pretty easy to set up.
You can then configure something like nginx's proxy_pass
to land SSL traffic on the external entity and then pass the actual web request over the Wireguard interface to your home web server.
There are free DNS services like https://freedns.afraid.org/ that, when combined with Let's Encryt, would allow you to create and use SSL certs without needing to buy a domain.
At that point the only cost is for the external entity itself and that will depend upon what provider you go with / what level of traffic you're expecting.
For $0 it's your best option. Another option would be to set up a VPS with a static IP and connect to it via VPN, once your home router gets an IP on the VPN subnet you can then NAT/firewall the traffic accordingly from the VPS. The DDNS option is a cleaner solution for the purpose of hosting game servers though, you will no longer hand out an IP address to your friends but rather a hostname that you choose when you sign up with the DDNS service. I use afraid.org, which is free and has never let me down in at least a year.
You could sign up for a dynamic DNS service like freedns.afraid.org . They have a simple scheduled wget script to keep the DNS record up to date. They have examples on how to set that up.
For additional security I also suggest finding an inexpensive ssl certificate so you can use HTTPS.
Edit: changed words for clarity.
Script another device which is often online (desktop/phone/laptop) to periodically ping your home server/check for HTTP 200 response. When server is down, update the DNS records to point to a fallback plain HTTP page on a cheap host (or even a free github/tumblr/... personal page...).
Check https://freedns.afraid.org/ as an alternative to no-ip.com (community project, also supports updating DNS from a simple HTTP query).
When the server comes back up, update DNS records again (you can do this from the server this time, no need for another machine).
This requires a bit of scripting but the other solutions also have disadvantages:
I don't know if this already exists (probably so), but if it doesn't, and you want to write your own, I think it would get interest (android/win/linux support is a must).
Have you thought about submitting smartfl.at onto https://freedns.afraid.org ? (i've nothing to do with them, but i use it quite a bit, its got free and paid options, and the free subdomains are more than good enough for me)
The R510 and R710 are always my go-to recommendation for homeservers right now.
Very cheap to own, and performance has been tops for me and a few other users to run our VM's on.
Our Total power draw seems to be around 200 Watts when under load, so its only costing about 3 bucks a month in electricity too!
OP, I'd Also recommend looking into one of these servers. You don't even need to fully spec it out. With the applications you are looking for you could do a single CPU and a few gigs of RAM.
One thing is that these servers are decently large, so you will need to find a place to set it if you do not own a rack. Mine sits next to my desk though, and has been working fine there.
As far as tools to manage it, SSH will be a great way to manage the thing, and can be setup so you can access it securely from elsewhere.
If you do not have a Static IP (ie: residential internet service connection) you can register for free at https://freedns.afraid.org. They are a great Dynamic DNS service so that you can get a domain name that always points to your server IP, even if the IP changes. I prefer to run with FreeDNS instad of No-IP because they tend to be more vocally supportive of linux and free software, Especially in BSD groups. Just a personal preference really.
If you have more in depth questions, send me a PM or reply here!
You need a DNS service, you can't just forward the domain to the IP and expect it to work properly. That is what a DNS server/service does. Resolve names to IP numbers.
You can use Google DNS service: https://cloud.google.com/dns/docs/
Or any DNS service you want.
One free: https://freedns.afraid.org/
Or CloudFlare, also free.
Then create an A record to your external IP address.
This is a job for a DNS entry. Setup a free entry on https://freedns.afraid.org/ and point it at the IP you want. You can then either manually update the entry, or configure a script to do it automatically. It's also worth noting that DNS entries can point to private IPs.
https://freedns.afraid.org/domain/registry/ Jako bezpłatny user masz dostęp do pięciu wpisów w DNS na konto. Szukaj domen publicznych. Do prywatnych też się możesz podpiąć, ale wtedy właściciel domeny ma prawo odciąć cię od subdomeny. Poza tym właściciel może w każdej chwili zlikwidować swoją domenę, dlatego więc najlepiej szukać starych, ustabilizowanych domen z wielu użytkownikami, te nie powinny zniknąć bez ostrzeżenia. Te z kilku pierwszych stron rejestru istnieją wiele lat i mają wiele tysięcy subdomen, więc powinny być bezpieczne pod tym względem.
Don't connect using the IP. Use dynamic dns to update a DNS name to point to the correct IP address every time it changes. Some routers support it natively (or might be able to load DD-WRT on it which also supports it). If neither of those are an option there are some free clients that can run on your server to do it for you. A little less elegant since your server could go down, but if that's the only service you're offering via that public IP it wouldn't matter if the DNS is out of date when the server is down.
You can get a free DNS name here although donations to the service never hurt.
https://freedns.afraid.org/ Sorry, I thought they also had freedns.org as a redirect. Up to 5 free subdomains, and sub-subdomains also work. I'm using it for some El Cheapo VPSes right now and it works great.
You would have to pay your ISP to get a static public IP. The IP of your modem is your public IP that you will be using - however, it is not static unless your ISP is specifically providing that service for you. Fortunately, there is a free solution.
Go to FreeDNS and open an account to get a free domain name associated with your IP. If your public IP changes then it will automatically update to reflect the change. Use this domain name to connect. For example, if your IP is 1.2.3.4 and you get the domain name test.free.com from freeDNS, then you can use that same domain name to connect even if your IP changes to 5.6.7.8.
Now, make sure that your PC's private IP is static, because you'll need that for port forwarding. Depending on the applications you want to use, you'll need to set up your router to forward the appropriate ports to your PC. For example, if your PC is at 192.168.1.1 and you want to FTP to it, you'll need to forward TCP port 21 to 192.168.1.1 in your router's settings. Remember to create a rule in your PC's firewall to allow the port.
Free DNS options...
-Some registrars offer it (NetEarthOne, does for example)
-CloudFlare has a free Cloud Hosting plan (just turn off the cloud stuff and use it for free DNS hosting).
There are also places like:
- Best of luck.
Edit: Misspelled "Earth" (go figure I'm a sys admin not a english major)
special way to set it up. Bamt is running APACHE web server. google the two places you need to change a port. Make it like 81
then get a free Dns at https://freedns.afraid.org/ theres HUNDREDS to choose from. Once u get one it binds to ur IP address by default.
THen u gotta use the WEB FORWARD service on the left to forward to a specific port. example: my site http://icebeast.mine.bz points to port 81 but its hidden.
next on ur router u gotta forward port 81 to ur miner ip
repeat for each one
I agree with your proposals but $ is the difference, many of this coins had bounties paid with "premine" or were IPO coins like NXT etc.
NMC has a bounty program but very few people donate to the NMDF Namecoin Marketing and Development Fund.
NMC developers are mostly volunteers. I moderate here all day because i'm unemployed, etc.
Did you manage to get it working by now? I just realized again how straight forward it is to follow https://www.duckdns.org/install. There's even a link to help you with setting up port forwarding with your router.
You can always set up Dynamic DNS so that your router updates a DNS entry whenever your IP address changes. This should let you host most things without a problem. Just connect by your name instead of ip address.
DuckDNS is one of many free options https://www.duckdns.org/
edit: a word
Ahh, okay. Apparently I suck at reading.
Maybe setting up DuckDNS or something similar would work? I haven't used any myself, that's just the one that comes to mind first.
Log in to duckdns with your reddit account, under domains create a domain eg "booradly" type: booradly, then click "add domain" so you'll now have the domain http://booradly.duckdns.org on that page you'll also see your token, a long string of letters/numbers
now on the pi, you'll need to open a terminal window, if you're accessing the pi from ssh via another computer, then you're effectively already there.
You should be in the default directory at this stage, eg it'll say something like pi@raspberrypi
type: mkdir duckdns (press enter) cd duckdns (press enter) vi duck.sh (press enter)
you've now created a folder in /home/pi called duckdns, you've moved into that directory, and now you've created a file in it.
Now type/paste: echo url="https://www.duckdns.org/update?domains=booradly&token=xxxx&ip=" | curl -k -o ~/duckdns/duck.log -K -
xxxx will be the token that you see on your duckdns page, and booradly is the domain that you created.
Vi is a bit fiddly, pressing ESC lets you use use arrow keys to move the cursor, x key then deletes text, i key puts you back into insert mode. If you get stuck, type it in manually, taking care that it is exact.
save the file, in vi press ESC, then type wq! Then press ENTER
so you've made a script that that addresses your domain, with the correct token. Now you'll make it executable, set it to dial out, and test it.
Type/paste: chmod 700 duck.sh
type/paste: crontab -e
type/paste: */5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1
press CTRL and o
press CTRL and x
type/paste: ./duck.sh
you should see KO or Ok
if Ok then type/paste: sudo service cron start
(edited for formatting, assume you are using raspbian)
Yes, it will check to make sure the secondary IP is responding before failing over to it. It will then switch back to the primary IP when it's healthy again.
Another option for DNS is DNS Made Easy. The nonprofit I work for has been using them for 7 years for multiple domains and haven't had any issues.
For a single domain with less than 5 million queries per month, the price would be ~$30/year.
Assuming you have an AD environment.
Some DNS cloud providers sell "Secondary DNS service." For example, http://www.dnsmadeeasy.com/services/secondarydns/
This keeps your local DNS server your primary. The new, secondary DNS server, in the cloud (AKA on the Internet), would basically be a copy ("mirror") of your primary so far as your local networks are concerned.
This would allow you to set DHCP clients to using two DNS servers. Your local DNS server would be their primary DNS server. The cloud one would be secondary. If your local DNS server is offline, the clients will still be able to access cat videos.
I've been using DNS Made Easy for over a year. It has been reliable, inexpensive, and fast. The UI is simple but allows for all record types (at least all I've needed) and their service allows server monitoring and failover to backup IPs should your server or ISP go down.
In case it helps: Route 53 is no different from any other DNS provider for this use case. The normal way of doing this applies here.
EDIT: Well, on second thought, we've used DNSMadeEasy, which has a feature that allows you to create "HTTP" records which do this, but it's actually just pointing to their own web servers which do the redirection for you. That's more like "magic" on top of the normal way of doing it, though.
DNS failover services like Amazon's Route53 and DNS Made Easy are designed to address issues like these from a DNS level, making it easier to manage, and more cost effective.
I'd look at those solutions first, before you try out more complex and costly solutions.
When you add multiple A records to your DNS, most hosting companies will treat as a round-robin.
Let's say you have two DNS entries on two WAN connections that point to one website. (IP1 and IP2)
If three computers access this website at three different times, it would look something like:
Computer1 -> IP1
Computer2 -> IP2
Computer3 -> IP1
What your looking for is a service that offers DNS failover. Something that detects if one IP or internet connection is down. It will automatically switch to your secondary IP. This is how my setup works. I use http://www.dnsmadeeasy.com/ for this.
You're basically telling DNSMadeEasy what to monitor (port, website, file on a website, etc.), then a set of failover IPs. On your failover entries you're going to want to set the TTL very low - about 3-5 minutes (that's how it does the switching). Once it detects a failure, it automatically switches to your secondary IP.
Hope this helps and makes sense. Let me know if you need anymore info.
I just finished configuring a crude, pure Node-Red setup that updates DNS-O-Matic - a free web based DNS updating service (run by OpenDNS) that supports many 3rd party DNS providers.
That specific setting you are highlighting... dynamic DNS... that actually is for something else. That is so if you wanted to use your home computer as a type of server that you could access when you weren't home, you could assign a static name to your router, instead of having to always know your IP address. https://dyn.com/dns/ if you want to see a service that provides this same function.
What about stepping up one in that menu? What happens when you view only the DNS choice in that menu on the left, instead of the dynamic DNS settings?
just a few bits of information, since from your question you don't seem to be in the surveillance industry.
> Who do you recommend for registry?
The days of me running vanity domains are long gone. It always used to be either stashed away in my employers' A records ... where by neglect, multiple buy-out and blind luck some DNS hostnames I used to use are still resolvable to this day, 20 years later ... or once that ended I've used DynDNS, but I haven't kept up at all.
>I'd like to use a free (libre) DNS service and found nsupdate.info just because I really value the idea of FLOSS and data privacy.
Pick a DNS server you would like to use, and enter this as Custom DNS servers in Admin GUI > Settings > DNS > Upstream DNS servers.
>then they provided a footnote about downloading root hint files which pretty much left me stranded in the process.
This is two steps of the guide. The first step gets the root hints file and stores it in the current directory on the Pi. The next step moves it to the correct location on the Pi.
wget -O root.hints https://www.internic.net/domain/named.root sudo mv root.hints /var/lib/unbound/
Not exactly true. A person can't access today's Internet without one. Especially Ipv6. Sure we could make something to hold all the IP addresses and store them locally, but then that would have to be updated all the time for billions of machines.
On that point, one should NEVER use their ISP DNSs...
There are better options, and usually faster options. Like nsupdate or opennic
You need a DNS service. You could buy your own domain name
eg https://www.namecheap.com/ or www.domain.com/
or sign up to a free dynamic dns provider eg www.noip.com/ or https://nsupdate.info/
In booth cases you then run a software on your computer that notifies the dns of IP changea. Edit. Some routers support updating to a dynamic dns service to.
You could write a script that checks the dns entries via nslookup or host, compares it to something like icanhazip.com and send an Update via Curl. There is an example on the afraid front page: https://freedns.afraid.org/
Your're right, no-ip is very annoying with the monthly multiple step confirmation which is basically an ad to upgrade.
https://freedns.afraid.org/ still has a good free plan and decent premium plans
I don't think using a domain would really make much of a difference, however if you feel like you want one anyway, you can use this site https://freedns.afraid.org/. It allows you to create subdomains for free, and there is no security risk (AFAIK) about using it, and you can create some pretty professional looking domains such as "myminecraftserver.uk.to" .
Now i'm no cybersecurity expert at all, however i've been hosting a Minecraft server on my home network (with port 25565 open on my router) for the last 5 years without a break. As far as i know, i have yet to experience any cybersecurity issues, such as my system being infiltrated or my home network experiencing a DOS. There are definitely security risks, yes ,but i wouldn't imagine it's too much of an issue.
Before I decided to spend money, I would use free subdomains from https://freedns.afraid.org/.
When I bought my first domain, never went back though. Might be worth paying a few bucks on name cheap / porkbun.
I have to share that I couldn't remember the name of porkbun so i googled 'oinkhost' and it was the first result.
Another idea: Assuming you have a dynamic IP at home, get a Dynamic DNS address setup. This lot is legendary IMNSHO - https://freedns.afraid.org/menu/.
When at work ie connected to the VPN, Google "what is my ip" which will tell you what external address you will need to allow through to your HA box. Port forward on your router to your HA box and allow only connections from the address above.
Now, work may filter you somewhat. In that case use OpenVPN! I've drilled my way out of some sites that I can't even tell you about 8) Get OpenVPN to listen on port 443/tcp and it looks just like a SSL encrypted website. Deep packet inspection is needed to block that sort of thing. If you have a sensible home router, it will be built in already. If not then you can put a server on your HA box and port forward via your router. You will have to take care of things like routing which can be quite tricky.
If you are not reasonably skilled in the ways of IP packet flows the above is a massive lot of learning, then see if you can send another type of signal from your PC, eg infrared or bluetooth or something.
Thank you for your response. I do have a dynamicdns setup using https://freedns.afraid.org . My original intention was that i want to be able to access my transmission torrent download list from my work so I can drop some torrents in on my breaktime. I dont think i have ports open to access the management interface, i used to be able to but honestly right now even i cant access it. perhaps deleted those open ports when i reset my google wifi.
A while back I already made a blog post about using it with btcpayserver and making it more robust so the backend doesn't drop out. It seems to be working fine whenever I check it but I must admit I rarely check or get donations on my blog to really exercise it.
(I seem to have more issues with keeping the btcpay services running than with the tunnel. When posting this I found that nbxplorer had failed and was 3000 blocks behind. I don't pay enough attention.)
Anyway, the blog post gives details but since I use this with my server I didn't need dyndns to keep the name lookup fresh. If you move around or on a phone you'd want some way to update the ip (use low TTL). There's simple ddns clients or even just a saved url/api call works. Here's is a good source for free domain names.
Check out https://freedns.afraid.org/ for free, anonymous domain registration. Other people donate their domains to the project, and allow you to register a subdomain for your own use. You can see all of the possible domains here.
If you have a second Mac in the home I recommend just setting up your own VPN. EasyVPN is a good GUI front-end for the built-in VPN service that would otherwise require you mess with the Terminal. Then you just open the right ports on your router and you're good to go. You can even get a free host-name from https://freedns.afraid.org and setup a simple script to update it with your current IP address.
This is what I use for VPN. I wouldn't never want to rely on some third-party to handle my data.
strangled.net is part of a small, free DNS vanity service (you can read about it here: https://freedns.afraid.org/signup/moreinfo/). Basically you register an account and you can get, for instance, 9blu.strangled.net and point it at some server you are running, saving you the money of registering and renewing a domain name for it.
Someone setup a Electrum node using lith.strangled.net. (see https://uasf.saltylemon.org/electrum for a list).
Since I at some time something nefarious used a host name from strangled.net (fictional example: MyBotNet.strangled.net), malware bytes detects and blocks the entire root domain.
I don't think there is anything wrong with the lith.strangled.net node, it's just malware bytes is being overly caution in blocking the entire strangled.net domain. I don't think it's a problem to keep letting it block it either. There are plenty of other nodes out there.
Why would you want to host HA in the cloud?
If you simply want to be able to access your HA from anywhere, I would suggest port forwarding (default HA port is 8123) and creating a free domain name (AfraidDNS for example).
You may want to start your studies with what a ddns is. You need a way for your computer to be reachable from outside your local network. I use this site as my router runs ddwrt and supports it. https://freedns.afraid.org
After you get that working the next step is opening up your router. You should be able to map any external to any internal. Your internal IP and port will be fixed (it will be the IP address of your system that your testing right now and port 8088). The external IP is your public IP, meaning what the "external world sees you as". You can check it here.
Your external port you can pick. Note that some ports are reserved (like 22 is usually SSH, 23 is telnet, 80 is HTTP, 443 is HTTPS). You can use the same port (8088) or use a different one. Do note that when connecting externally, that is the port you will need to use. So if you change it, it will become "PublicIP:ExternalPort".
As a third step, you can do what was suggested above and get a DNS name. Completely optional but still cool. I personally use https://freedns.afraid.org/ for free stuff.
Let's just assume you are supposed to write sh instead of bash here. With sh, I don't know what the smart way is to do something like that 173.*
comparison earlier. I have some version of busybox installed here and tried the following:
$ busybox sh ~ $ var="$(curl -s ipinfo.io/ip)" ~ $ echo "<$var>" <79.###.###.###> ~ $ echo "${x%.*}"
~ $ echo "${var%.}" 79.###.### ~ $ echo "${var%%.}" 79 ~ $ [ "${var%%.*}" = 79 ] && echo true true
Those #
are numbers to hide my IP.
That weird ${var%%.*}
is a way to cut the end of a text off, starting with the earliest .
character, leaving you with just the first number of the IP. This seems to work here for me.
So, what I want to suggest to try is, from your earlier experiment, try changing it to this here:
#!/bin/sh #VPN & DyDNS var="$(curl -s ipinfo.io/ip)" echo "$var" if [ "${var%%.*}" = "173" ]; then echo 'Comcast'; #else #curl https://freedns.afraid.org/xxxxxxxxxxxxx fi
The things I changed are the very first line, bash
-> sh
, and then the line with the comparison.
Firewall rules look good. Gamestream works fine for me (latest versions of moonlight/gfexperience)
Is the server IP (as shown in the screenshot) still the same?
Do you use a host name or IP-adress when connecting? You might try switching these
Does Steam in-home streaming work?
This might also happen when you've disconnected an active RDP session. Use a VNC viewer to unlock the remote computer. There's an RDP disconnect script floating around the internet that keeps the pc available for Gamestream.
BTW: for internet streaming I would recommend to use a dynamic DNS service. Most routers can be configured to use this. It allows you to connect to moonlight via a host name instead of a random IP address. As always, you need to configure NAT for this.
Yeah it will break DDNS, it will pick up the VPN endpoint IP instead of your actual IP.
What I would do is just get your own DDNS name from https://freedns.afraid.org/ or similar and separate that from the NAS so you don't have to worry about it.
I was using noip.org for a long time to access my homeserver and was always annoyed by the confirmation emails and too cheap to pay for the premium service. I just discovered FreeDNS which manages to offer the same services for free and allows users to share their domains with other users.
You totally should. You're welcome to have a subdomain on my domain as well. It's a nice simple one. (myth.zone)
(You can add any subdomain you want here)
Also, not sure how easy it would be to set up with things like filesize limits, but you might look into using OwnCloud or NextCloud for easier file management with users and uploading and whatnot.
I did this too but I utilized the Dropbox-Uploader script that creates structured directories to keep log files. For instance
Dropbox > ExternalIP > 2016 > January
and each month folder has it's own text file per day that updates every 15 minutes (kind of overkill I know but I can, so I do) with 2 lines, date, and external IP.
It's been chugging along for the past couple months with no problems. It also includes a script to update my external IP (I use https://freedns.afraid.org - simple curl command) for good measure.
Not familiar with any dynamic DNS clients myself but this looks promising: http://blog.belodedenko.me/2013/07/dynamic-ipv6-updates-using-ddclient-for.html
https://freedns.afraid.org can also be easily automated with some shell scripting, you could just throw a quick script together for that.
My IP rarely changed when I had Telus As long as you don't reboot your modem/router all the time you're pretty safe.
In any case, setup dynamic DNS at https://freedns.afraid.org (or another provider).
Without fully understanding what you intend, you could set up one (or both) of the devices with a dynamic DNS updater, like those found here that work with afraid.org. This would allow a static hostname that your machine updates with its current IP address. You'd still need to port forward if one devices is behind a router.
Use your LAN IP, 192.168.x.x on the same network.
If you want to access it from outside, open up the port the server is running on (both on the computer and your router) and access it directly. If it's dynamic IP and changes frequently you can use some dynamic DNS service like FreeDNS to keep it updated, but most ISPs issue you the same "dynamic" IP for months on end so it's not necessary unless you need continuous external access.
If you use a custom router firmware like DD-WRT, you can set up the dynamic DNS updater right on the router so your IP stays updated even if you turn the computer off and you don't have to run an updater client on the computer itself.
It's an afraid.org domain set up so anyone can make a subdomain if they wanted, and there's 130 right now, chances are someone probably did something fishy
You can use a site like https://freedns.afraid.org/ to get a dynamic IP address (and theirs are still truly free!). Then on your Mac you could run one of the Unix clients mentioned on the page at https://freedns.afraid.org/scripts/freedns.clients.php
I don't know if the Mac has the ability to send automatic e-mails from a script, though. Might be an Applescript out there somewhere that will do it.
Use no-ip free and run their dynamic update client (DUC) on any always-on device behind the router. There's no reason that the DDNS client has to run on the router.
https://www.no-ip.com/downloads.php
The client is cross platform and should run on pretty much anything.
EDIT:
Looks like they also have an ubuntu package pre-made, so you don't have to compile it:
> Either way, foreign or corporate control means a real loss for us, the people.
Any control means a real loss. We should have a completely decentralized DNS.
Like Namecoin.
I also run my services over a residential connection, and yes, the IP address is dynamic. How I ended up resolving it was by creating a script that automatically updates my DNS records because my DNS provider provides an API for it. The records have a TTL (time-to-live) of 1 hour, so should my IP address change, I will be back online soon.
There area also alternatives like https://www.duckdns.org/. Haven't used them, but it might be an OK option to get you started.
So i see people recommend VaREST for you to use. This is good if you have a server which exposes REST API as mentioned. It will not allow you talk to your DB directly. You need a HTTP server that is going to expose that. But i think you do not have something like that so i would suggest the following.
Do note that this is going to mean you need to leave your computer turned on, if you want your friends to play.
Install SQLite on your machine Use a service like this https://www.noip.com/remote-access or https://www.duckdns.org/ This service is going to give you an internet address that is going to point to your local SQLite database. Then find a UE4 SQLite plugin, maybe even the official one works good, i have never tried it, and have it connect directly to your internet address/DB. And thats it. You can store all the user info there.
Ensure that you are using a strong password for DB access as this is going to expose your DB to anyone on the internet, not your whole computer, just your DB. And make a backup of the SQLite file regularly so that if something goes wrong you have backups.
This is probably the cheapest, easiest and fastest way to get started.
But if you see your game growing this is not a good approach. You would want to create an web app with Python or Node or PHP, w/e expose that to the internet (or host it on Digital Ocean, Linode, Hostgator), have users create accounts and then validate each call. Is user allowed to execute this action? Is the value inserted correct etc...
Hope this helps.
I think at first since it does not deal with configs in the same way openVPN
does it looks confusing as hell.
All you are doing is adding a WG
interface with an IP address, once this is created you add devices to peers. You can create a firewall rule specifically for WG
, I personally just let it use LAN rules.
The device itself needs WG
installed, once that is done generate keys on the device. The public key needs to be inputted in to WG
interface on openwrt
and the public key on openwrt
needs to be inputted in to the peers
section of your WG
app.
From there you need to set the IP addresses for each device with whatever IP range you used for the WG
interface instance, example being 102.168.2.1/24
could be your interface subnet, so on your device you could put the IP as 192.168.2.2/32
and your dns as your router IP 192.168.1.1
do not use something like cloudflare, google or opendns
this will cause a leak.
Next in your firewall port forwards you need to set a forward for port 51820
to your router IP. And you need to probably setup a DDNS service I use duckdns personally.
Put that ddns
address you setup as your endpoint so vpn.duckdns.org:51820
should go there and allowed IPs if you want all traffic to go through the VPN should be 0.0.0.0/0,::/0
This is high level and I am sure @ninjanoir78 can help you no problem.
Having used some of this (thank you it is excellent) you may have issues setting up DUCKDNS. You need to ensure you use the proper directory. Since the directory in the directions is set up as /opt/duckdns you need to remove the ~ and indicate the directory to be /opt/duckdns i.e.
echo url="
<code>https://www.duckdns.org/update?domains=YOURDOMAIN&amp;token=YOURTOKEN&amp;ip=</code>" | curl -k -o /opt/duckdns/duck.log -K -
Following the DUCKDNS instructions assumes you are using it from the home directory.
If anyone also wants to get a dynamic DNS setup quite easy I recommend https://www.duckdns.org. Can sign up with a reddit account, never sends emails, and has a nice program that will auto update your IP for you.
DMZ is not a thing, rather you have to firewall off everything (some block rules) and have some pass rules for your servers (DMZ is such a 90s term). All routers have dhcp servers (including this one). Static (mac) leases are possible. Power usage? probably not much, it comes with a power brick (so I assume it's under 10W). The software it runs does not facilitate DDNS for any service, but you can run scripts and duckdns has an example for that so I guess you can adapt it. Yes openvpn yes ipsec + l2 (simple checkbox). I would absolutely recommend it. If you don't want to overkill (or BGP, or just want to test the software / platform first) the 750gr3 is quite performant as well and cheap (but it's not RM). If you want some screenshots or anything hit me up or I guess just do a google image search.
How does it work though?
I'm using this command: ./certbot-auto certonly --manual --preferred-challenges dns-01 --email -d xxxx.duckdns.org
I get this output
Please deploy a DNS TXT record under the name
_acme-challenge.xxxx.duckdns.org with the following value:
g0FKLWUmwqJs4htXsZzbfGhorf9y4xQOlLTerZMbVJw
Once this is deployed
Press Enter to Continue
Going by this link at DuckDNS, I know I'm supposed to do something like populate that URL with this key and modified domain name, but I'm not sure at all
Yes, or get a more friendly domain name.
You can also do a dynamic name service (like https://www.duckdns.org/), or if you have a "static" IP from your ISP, you can get a fancy domain name (name-cheap has good deals constantly). I did a .space domain name ($1 first year, $9 after that i think).
I also added a reverse proxy, which means that I can go do ombi.somedomain.space, as opposed to 8.7.6.5:5979 or whatever it is. Plus opening ports opens more holes, I like one port for the web host, and thats it.
Are you sure you don't have a public IP?
What happens when you run the command dig +short myip.opendns.com @resolver1.opendns.com
You should get an IP back from that.
My ISP doesn't offer static IPs, it can change mine on a whim, but to combat it I created my own dynamic DNS service*, which does the following
This runs every 15 minutes via cron.
That way I can access my Pi externally via my domain name. AWS Route 53 costs me pennies per/month so it's not exactly free, but may as well be.
* There are a few people who offer this 'for free' e.g. https://www.duckdns.org/ but I wanted to write my own, for full control.
If DSM 3.1 has cron installed and Task Scheduler in the control panel, you should be able to do this by making a new Task Scheduler task.
First ssh in and see if cron is installed by typing cron
.
Next, go to Control Panel->Task Scheduler. Set the scheduling and other task info, and in the 'user-defined script' area paste in the one-liner from the official instructions, just update the domain and token fields:
echo url="https://www.duckdns.org/update?domains=exampledomain&token=a7c4d0ad-114e-40ef-ba1d-d217904a50f2&ip=" | curl -k -o ~/duckdns/duck.log -K -