From your text I understand you are not a really tech savvy person and yiu are really struggling with all the service and configuration involved.

If you want a simple tip, stick to tailscale, it is a vpn and will protect all your services because you will not have access from internet. It is pretty safe and the configuration is trivial.

The obvious drawback is that you won’t have internet access without installing the vpn, which depending the use case can be a deal breaker.

Honestly, a proper configured nginx with certificates and strong password are reasonable secure when there is not any misconfiguration. But if you are in doubt stick to tailscale.

Good luck :)

Incredible amount of work, respect.

If you are lacking ideas for the super long term I could suggest you:

Any kind of ids/ips (intrusion detection system) Deep inspection packet to detect any vpn or crypto tunnel Ability to create a vpn link to another instance of the program (to link geographical disperse nodes)

And many other things that honestly I am ashamed of asking :)

Truly incredible, shame on the.

Question then.

Are you experimenting some kind of connections problems?

I ask because I know some multiplayer games make a heavy use of the ipv6. Steam have some servers that are not reachable via ipv4, and don’t speak about vps…

Honestly, I cannt believe it.

Double or triple check it. The problem these days is to get a semifucntianl ipv4, they are expensive, scarce and full of problems.

Ipv6 on the contrary is abundant and all enterprise equipment fully support it since decades.

Take wiht a bit (or a lot) of salt what I am gonna say. Because undoubtedly I am. Missing something here.

But if what you a already say is true probably you are not restricting anything. The recommended way to do so is with a firewall rule (probably in your router).

You are extending the subnet definition beyond the 16 bits. This can create problems and I doubt that your router will block anything if something crafted is received from Internet.

But of course, being the extremely big address space your are probably safe.

I any case, with a firewall rule in your router allowing only the proxy to go receive connections, you should be good and more standard conform

This is not the Nat functionality as people associated with ipv4, and certainly it is not showing the drawback of allowing the communication only when the NATed client started the communication.

Even if they are alike they are not the same.

I reaffirm myself here. It is possible to have full ipv6 communication and providers do not have cgnats. It is your easiest and most uncomplicated solution with almost nothing to install to make it work.

And in addition, I have to say that I don’t see any benefit in using such functionality at home. If someone can illustrate me a use case I would be thankful

Ipv6

Cgnats don’t exist in ipv6. Nat doesn’t exist in ipv6

What also could happen is your isp blocking some ports from outside its network as a security approach, but normally you can ask to free a range of port from the firewall.

Start selfhosting.

Most of the most useful services can be easily selfhosted. And that’s an incredible amount of info that stays at home

Something that is usually forgotten is that cgnats are only there for ipv4. Running your server in ipv6 is almost a safe bet to have good connectivity.

And you know, these days getting a real ipv4 is more expensive than running in ipv6

It could also be noise on the line, try introducing a ferromagnetic filter (low pass filter) to see if the situation improves.

Check also that the occurrences are not linked with the activation of an electric motor. I one bought a meat grinder that evertyime was on the analogical radio got only noise. And they even were not connected to the same circuit.

Borgbackup. It is an ugly command line program. But it gets the job done and ticks all the boxes. But if you accept a recommendation try to use one of the friendly frontend like emborg or borgmatic

And you don’t need different partitions so you can save space.

OK got what you mean.

For avoiding the cases you are describing I use several plugins for the keepass (original flavour) so in my desktop it syncs directly with the cloud.

And in my android I use keepass2androd thst is able to open the database from the cloud too.

Regards

May I ask what is wrong with your archaic setup?

I have exactly the same config and I find it easy and reliable for not asking for a change.

Am I missing some points or what is going on?

Save yourself a headache and use btrfs/zfs with periodically checks as suggested in another post.

Who cares if it is a problem or not when it has a simple and inexpensive solution.

As a friendly suggestion: Don’t rely on wireguard alone, try instead services like tailscale or zerotier because if you set up ur server in residential zone, there are huge chances that you will hit some cg-nat in other cities / countries.

Those are nasty problems that wireguard is not able to solve but those programs can

Apart of that this is the zero risk approach and it should be the default one.

Thanks, I will check this solution too

Ok, Thanks to all, it seems I am doing something wrong with my nextcloud instance. I will double check again to see what the problem could be

Thanks for the answer, I don’t know why but I overlooked this solution.

Let’s see if I am able to spin it up

I already tried nextcloud but it doesn’t seems to support a proper a sync (2 ways sync), in addition the address book appears to be common to all nextcloud users.

So unless you can tell me I am doing something wrong it doesn’t look like an option