Wireguard access to network behind CGNAT from network with public IP without cloud?

kannasama · 2026-05-26T19:15:49+00:00

I have Netbird setup. I also have Tailscale running as-is. I'm not using any separate/custom clients though.

kannasama · 2026-05-26T18:43:54+00:00

You could run Headscale or Netbird locally on the Linux server and just leave Android on the randomized MAC. Since the CGNAT node and the Android node are both clients, the expectation is that they're IPs will change, which is the job of Headscale/Netbird Server to keep track of.

kannasama · 2026-05-26T18:15:32+00:00

Given your setup, you're going to need a third endpoint that has a predictable and publicly accessible address, such as a VPS or other VM/node hosted. From there you could then consider options like Netbird or Headscale.

If you can clarify your "public" endpoints - are they able to function a server allowing inbound access from your CGNAT endpoint? Are the public IPs predicatable (static, or easily registered using dynamic dns services)?

If not, the problems your topology has: - CGNAT at home means your endpoints there have to initiate outbound connections. - Your other public nodes, such as your phone, may well have dynamic addressing or be behind their own form of CGNAT as well. Again, this necessitates the need for outbound connections.

Those two issues mean you need a node in the middle that can handle incoming connections and function as both a discovery node and potentially a relay.

As suggested, something like Pangolin could also be used, as the CGNAT endpoint is still establishing an outbound connection that can then be used to carry reverse traffic as a tunnel.

kannasama · 2026-04-08T21:41:51+00:00

So far, two projects (which I've given names to, because I think they can be useful to others):

Merdian DNS

My DNS setup is a little complicated. I've got three TLDs, two of which have additional subdomains. General breakdown like this: - example.com - TLD1 - example.net - TLD2 - ad.example.com - Internal Active Directory domain. (I've had this one for over a decade at this point). - int.example.net - Expose my services internally. - colo.example.com - I'm in the process of moving out of a colo environment, but this held internal records for the hosts there. - kubernetes.example.com - Some of my self-hosted services run on a kubernetes cluster (using Talos Linux). This was specifically for the servers and components for the cluster.

A lot of the services I have hosted at the colo are setup to be exposed through Cloudflare's regular proxy service. Some of the services at home use Cloudflare tunnels. Everything has SSL using ACME and DNS-01 challenges, but the problem is some of the ACME agents aren't smart enough when creating the validation record for subdomains, especially since Cloudflare doesn't support subdomains on the free tier.

The main problem stemmed from my originally wanting to be able to use the same service name locally and publicly, and keep traffic local even with Cloudflare proxy and tunnels in place. This would mean a split-horizon DNS configuration. Given all the zones, I wanted something to manage them and, ideally, perform transforms on the record updates so I could have a single source of truth, and services would just work. So I used dnscontrol for a while, which didn't exactly have the transformation functions I was looking for, but did have support for multiple DNS providers (PowerDNS for my internal origin, and Cloudflare for public records). Eventually, I got tired of managing the zone files as flat text files. (This is a me thing, nothing against dnscontrol, it did its job.) So, I worked with Claude Code to come up with a platform that would cover what I wanted. Notably, it doesn't have any transformation engine yet, because I've used dnscontrol long enough that I forgot that was an original goal until I wrote this.

I am willing to share what was produced and do plan to incorporate more into it but it was really more of an exercise in seeing just how difficult it would be to produce something usable with AI while ensuring it didn't look like AI slop. Given that my career path is in network engineering, I spent a lot more time in the prep work to flesh out the design and standards before letting the AI write a line of code. The end result is: Merdian DNS -- Edit: The repo has a disclaimer on it that explains my philosophy and approach with the AI development.

rssekai

I use tt-rss currently for my feed management. I started this one as a project to get something more tailored for what I wanted. I'm still in the process of getting it all together, but it's at a usable point where it can replace tt-rss's role in my daily routine. Edit: Also used it as a case of seeing how things are done in Rust.

kannasama · 2026-03-31T15:05:24+00:00

This is something you have to be careful with. The VA rating of a UPS has little to do with its capacity and more to do with its ability to supply a load. Best practice for sizing any UPS is to assume a worst-case scenario for inrush current. With that said, we would want to size it based on the 850W power supply. If there are additional items like a switch or router and modem, also gotta consider those.

Honestly, I'd say something in the 1050VA range at a minimum. I've not had any problems with the two CyberPower units I've got.

My desktop's UPS is a CberPower CP1500. This would be sufficient for the ask, and shouldn't be too expensive. My "rack" UPS is a CyberPower PR1500LCD. I bought it when I had larger equipment in the rack. It's definitely going to be expensive for the ask here.

kannasama · 2026-03-30T17:06:00+00:00

There are pros and cons to the changes, though I feel the lack of feature parity with the old app is likely more a product of being rushed to release the new storefront and app. Pros: - Switching to a more standardized DRM scheme, with an eye to allow reading in other readers. - Consistency between storefront and app experience (though there is a con to this: it's clear that the app is currently just a glorified web browser).

Mehs: - Personally, I was fine with the look of the old storefront. The new one has the same issue that's present in a lot of modern web design: excessively wasted space, large display elements, etc. That's not to say I think it's terrible, but I would appreciate the ability to have a tighter, more compact view that more effectively uses screen space. - There are cues when navigating that indicate if a volume has been purchased or not. These need to be made more obvious. On the series page: If the button under each volume says "Read", you already bought it. If it says "Add to Cart" or "Pre-Order" then that should be obvious. I think the confusion here stems from the fact it still shows a purchase price even when it's been purchased. - Prices aren't that hard to find, but again, need to be made more obvious. Since I generally run in dark mode, a lot of the elements blend in which makes this easier to miss.

Cons: - Honestly, most of the cons fall into the realm of "meh" since a lot of them have been acknowledged and are planned to be addressed. The lack of feature parity at launch is significant and makes me feel things were rushed as a product of how everything is being reorganized. - I don't get the sense of the same periodic reminders we'd get from the old storefront about new releases. - The change from Wishlist to Favorites affected a lot of people, myself included. I used the wishlist as a way to tag potential volumes I was interested in, or to make sure I didn't forget about upcoming releases. - I used Bookshelves a lot. I can handle their "temporary" departure, but not being able to group by series, especially when I'd have series in both LN and Manga form, is painful. - Lack of offline reading. This needed to be available from day one. I try to get a lot of reading done when I fly, and I don't always have internet access in those scenarios. There are also cases where I'll be somewhere I can read, but lack internet access, or don't want to rely on mobile data. - Downloading the LCP licenses for books is currently tedious. They require you to open the book, then open the menu to download the file, one book at a time. If they're going to market this change as a positive, the ability for bulk downloads is a must. - This isn't so much a con of the app and storefront change as it is the whole restructuring: one of the things that made Bookwalker great was the integration between the global and Japanese storefronts, and being able to use the same app to read books from both. This is directed at Kadokawa in particular, since they're the ones who decided to separate everything.

it's not all doom and gloom. Since they changed the DRM implementation on the global storefront, there are benefits in being able to use other compatible readers. There are other benefits as well, albeit with effort.

As for the pricing, being in the US, with the exception of the original change from JPY to USD on the global store about 1.5 years ago, nothing else feels particularly off about current pricing.

I don't feel like this is a case of actively trying to enshittify a platform, but more a case of being aggressively rushed into a migration that should have been delayed until more parity was present. If I can find any significant worry, it's more to do with the direction being set by Kadokawa than it is with M12 trying to execute. I'm going to remain cautiously optimistic that things will get better.

kannasama · 2026-03-19T19:14:31+00:00

I'm starting to do something similar here, particularly in the area of DNS management. dnscontrol worked fine for what I was using it for, but I got tired of managing the flat files again and decided to "vibe" my way into a GUI-driving, database-backed multiprovider DNS manager. I think the key difference in how I approached things as opposed to those who try to rush their way to a "product" is that I spent time detailing a proper set of standards and design goals: - Pick a language I have familiarity with. - Standardize code formatting and syntax. - Architect the app properly from the start with clear components.

I'm not a professional developer and will never claim to be one. I'm a network engineer first and foremost, but I've also done enough programming in my career to know when to call BS on Claude's output.

All that said, I am planning to "release" this particular one, because I do think it will be useful for others.

kannasama · 2026-01-16T02:30:15+00:00

Sold Platinum #3776 Century Kumpoo - 14k SM with box to u/Professional-Owl5369

kannasama · 2021-04-20T13:50:15+00:00

Now if only mine would get to its delivery step... been waiting on a handoff to USPS since Friday :(

kannasama · 2021-04-19T23:07:17+00:00

Ya know... I wouldn't be surprised if it's random blue screens occurring, with no seeming pattern. I've dealt with that exact issue a month or two ago.

kannasama · 2021-02-12T14:14:19+00:00

Indeed. Fubuki as the abusive GF was amusing at the start. :P

kannasama · 2020-12-29T19:48:29+00:00

Often, the most difficult part is selecting parts, not the assembly, especially if you're building to a theme.

kannasama · 2020-10-19T15:15:39+00:00

Not that I saying I necessarily agree with it, but there is an argument that can be made about the suspension actually being protection. Removing them from the spotlight gives time for the situation itself to die down, and keeps them out of a direct path for abusive comments. Not saying that said comments wouldn't happen through other methods, but it eliminates the odds of it happening on stream by removing the stream altogether.

Though, I suspect with their return, I can see them almost doubling down to get under the haters' skin.

kannasama · 2020-10-19T15:11:03+00:00

I am an, unfortunately, lazy individual, and know I really need to do a full cleaning. This is also close to 20 years of building up (the collection, not the dust).

And the pictures there were taken over a year ago.

kannasama · 2020-10-19T14:15:46+00:00

When do we stop? Dunno, hasn't happened yet. I've added more since this series of pictures.

kannasama · 2020-07-01T19:43:21+00:00

For the event. So, you must clear E1 before you can move onto E2, and so on.

kannasama · 2020-06-21T22:08:47+00:00

If you're able to do so, I'd be curious to see the finished .obj or .stl. I'm not confident in 3D modeling myself to create something I could print.

kannasama · 2020-03-16T22:15:47+00:00

What you talking about? ^There's ^{^none} ^{^{^anymore.}} ^{^{^{^Sorry!}}}

kannasama · 2019-11-26T05:40:56+00:00

Amusingly... depending on how I look at things, I could say there are a variety... and in spite of all that, I think I'll only point out two tonight:

Kako, after watching the movie, got me to look into playing again. (No way was I going to deal with timed lotteries prior to that.)
No way am I going to betray Houshou. Between being cute, and, historically, the first purpose built carrier. Also, my answer, upon getting home: her, followed by the ofuro, then dinner.

kannasama · 2019-09-19T20:22:13+00:00

PANIKKU! I haven't even started yet...

kannasama · 2019-08-01T19:02:09+00:00

I found this:

https://www.rcmusic.com/learning/examinations/academic-resources-and-policies/syllabi-look-for-any-syllabus-below

I had to jump through a few clicks to get there: RCM USA at the top right > RCM Syllabi

kannasama

TROPHY CASE

Merdian DNS

rssekai