Nextcloud + 4G router

Bastien_Vanderstraet · November 28, 2019, 9:35am

Hi Everyone,

First all, I am sorry for my bad English, I am a French student.
I am a new user of Nextcloud and I have some question.
I have set up a functional Nextcloud server on a raspberry pi 4 with an external hard drive; connected to my internet box.
I also have set up a ddns with Freedns and opened my internet box ports (80 and 443) which allow me to connect to my Nexcloud server with my phone everywhere around the world.
But due to my really slow internet connection, I would like to use a 4G router instead of my internet box. However, if I repeat the same config with the 4G router, it doesn’t work, probably because my public IP is share with each user of the 4G antenna (its what i have understood).
I have read a solution which is to set up a VPN.
So my question is : can I set up a VPN server (with openvpn for example) directly on the same raspberry as Nextcloud and just use a VPN guest on my phone? If yes, do you have some tuto to help me ?

Thank you so much.

Best regards.

Bastien.

j-ed · November 28, 2019, 10:05am

BTW, you are aware that only port 443/tcp is required for an SSL secutred connection?!

In general that should be possible. You will find a description how to install and configure OpenVPN here (aunt G. knows many more sources ):

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=14&cad=rja&uact=8&ved=2ahUKEwjWysLczozmAhUC6aQKHX1fBg8QFjANegQIBRAB&url=https%3A%2F%2Fdzone.com%2Farticles%2Fhow-to-setup-an-openvpn-server-on-a-raspberry-pi&usg=AOvVaw0wghEInB17v_hbH-7My2H2

BUT, first you should check if your router is reachable from the outside world and gets an IPv4 and/or IPv6 ip address assigned. If this is not the case you wouldn’t be able to establish a VPN tunnel from the internet. You would have to open a tunnel from your router to an endpoint on the internet which has an official IP address assigned.

I could imagine that a LTE router from AVM, e.g. the 6820 LTE or 6890 LTE, can be used in conjunction with the AVM MyFritz service, which is available FOC, to provide remote access to your router.

Reiner_Nippes · November 28, 2019, 10:10am

you can’t run a server on your device behind the 4g router. because you don’t have a public internet address. most likely your 4g router has 10.0.0.0/8 ip address. which is not routed on the internet.

you would need a vpn client on your raspi, a vpn server somewhere at a hosting company. with this you have to allow the vpn clients in that network to see each other.

running a nextcloud server directly on the internet is easier.

did you check if your router is accessible via ipv6? https://test-ipv6.com/

Bastien_Vanderstraet · November 28, 2019, 10:18am

Thank you for your answer,

As you said, I will stop port forwarding on port 80 and I will try to open a form my router to an endpoint on the internet because during my test I was not been able to reach my router with an IPv4 (while it was possible with my ADSL box).

Reiner_Nippes · November 28, 2019, 10:26am

letsencrypt without port80?

j-ed · November 28, 2019, 10:31am

If you want to use a Let’s Encrypt certificate port 80/tcp is only required if you use “http-01” as protocol. If you use “tls-alpn-01” port 80/tcp need to be opened only for the first request, later you can run it over port 443/tcp as long as a alpn listener is running on your server. If you use “dns-01” as protocol, there is no direct requirement for an open inbound port.