I have a cloud VPS running Ubuntu with Tailscale installed directly. I also have Tailscale installed on my home server.

I’m trying to access my self-hosted applications from outside my home network which I did easily until I switched to fiber internet that uses CGNAT.

Tailscale is working locally but not outside my home network. A suggestion was to disable IP v4 on Tailscale since it conflicts with the CGNAT IP my ISP is using. However when I add the “disableIPv4”: true to the config file in the access control area of Tailscale, I keep getting various errors.

Any help would be appreciated.

  • SecurityProOP
    link
    fedilink
    arrow-up
    1
    ·
    1 month ago

    I did some more testing and I can access my Nginx Proxy Manager from outside my network. The issue appears to be accessing the self-hosted applications on my home server, mainly Jellyfin. I still think the issue is the IP conflict with Tailscale. NPM is fairly easy to configure and is setup correctly with my domain name.

    • sudo@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      Forgive me if this sounds condescending but you’re not providing any specifics so I don’t know if you’re making any rudimentary mistakes like trying to use your home WAN IP address instead of a tailscale IP address. If your nginix proxy manager is port forward on your home router and jellyfin isn’t then you’d get the results you described if you’re using your home WAN IP address.

      You shouldn’t be using IP addresses directly if you have them all on the same tailnet. Tailscale will set up MagicDNS which will make them all addressible by their host names. You can use the IP address of a machine on the tailnet, but you must use the IP address that tailscale assigns the host, which is visible from tailscale status. The IP addresses should all start with 10.

      Please confirm that your remote host is listed in the output of tailscale status from the home server and visa-versa from the remote server. Please also confirm that you’re using the hostnames or IP addresses listed in the output. If all is confirmed, try executing nmap -sT from the remote server against the home server. You should see port 8096 for jellyfin listed.

      MagicDNS is known to break by getting into fights over /etc/resolv.conf with other services, but its easy to fix.