NextcloudPi external access with DS-Lite

Hi there :slight_smile:

I just tried to install NextcloudPi on my Rasperry Pi 3 b+ and had problems with the external access. I created an account on FreeDNS and filled in the address and Hash in Nextcloud but i can’t connect from outside. Lets encrypt also produces errors (red dot after i clicked run in the UI).
After some reading I find someone who stated it’s not possible to use FreeDNS (or any other) with my Vodafone Cable Internet because of DL-Lite Tunneling (no real IP4 address). Is this true and there is no way for me to get access on my Nextcloud from outside my normal network?

hey. dunno if what was said is true… but i do know that you could call VF-technical support and apply for turning off ds-lite for free since i did that around 1 year ago for my mom.

Thanks :slight_smile: So i will try it (when there isn’t a waiting time about 20 minutes xD).

After that i should change my settings at FreeDNS i think?
The problems with Lets encrypt are based on the problem mentioned above with the missing real IP4?!

Another thing: If i want to chare a link for downloading sth from my Nextcloud, do i need to create a new User for every person or is there a possibilty to share such links like i can at Dropbox oder Onedrive?

could indeed be a problem… but i dunno for sure.

once you shared something the sharing link will be valid until it either runs into the ending date that you gave while sharing or it’ll stay forver.
so you could copy & paste this link as often as you want/need… to everyone you think wants to have it :wink:

1 Like

Hi,

Just adding some information here and hope it helps.

DS-Lite means:

  • you have your own IPv6 address (so you are reachable via IPv6)
  • you share an IPv4 address with many users (packets are transferred to you via NAT - that’s why you are not reachable via IPv4)

Disabling DS-Lite to me sounds like:

  • you no longer get an IPv4 address
  • you will only surf the Internet with your IPv6 address
  • you won’t be able to connect to servers that have an IPv4 address only

The other option that allows you to connect to your server is Dual Stack = DS (no DS-Lite then):

  • ask your ISP for a dedicated (your own) IPv4 address
  • that usually costs a bit (5,- €/ month for me)
  • FreeDNS will perfectly work without any efforts

While you have DS-Lite right now and therefore only your own IPv6 (no own IPv4), you can access your server as long as you only use your IPv6 address. And this means, that your DNS service should support IPv6 and you should only publish your IPv6 address.

One thing is very important when it comes to IPv6. It is different to IPv4 in terms of NAT and Port Forwarding and actually doesn’t work that way.
In order to make your server reachable via IPv6, you need to enable IPv6 in your home LAN and publish your server’s IPv6 address to the DNS service (FreeDNS in this case).

Additionally, you need to open the specific port on the router, to allow packets to pass the firewall to your server. In some routers, it is called IPv6 forwarding, while it is actually only a port opening.

Let me know if you need further explanation. I just wanted to mention, that DS-Lite doesn’t generally mean, that you can’t reach your server from the outside. It only means you can’t reach your server via IPv4.

Edit: oh and for Let’s Encrypt: it needs to reach your server (or with DNS challenge your DNS settings). That means, you first need to make your server available and then get a cert from Let’s Encrypt.

2 Likes

may sound like this but in fact you get a full ipv4 and a full ipv6-address

I see. So then you actually switch to Dual Stack (no “Lite”).
And while IPv4 addresses are rare, a few (or many?) ISP don’t offer DS for free and you have to pay a small monthly fee.

again sure… but at least last year it was still for free

Thanks to you. I just called Vodafone and they set me real IPv4. With my mobile phone (via mobile network) i can reach the cloud, but it says sth about an untrusted domain. It’s easy to find how i can add my FreeDNS address, but is there an easy way to do it with the Web Interface i’m using? Haven’t a direct access to the PI, doing it with my computer via network.
In Nextcloud configuration i can see the trusted domains and the FreeDNS one is already listed there. So what should i do about it?

Edit: oh and for Let’s Encrypt: it needs to reach your server (or with DNS challenge your DNS settings). That means, you first need to make your server available and then get a cert from Let’s Encrypt.<<

So, how does this work? :sweat_smile: I filled in my FreeDNS Subdomain as Domain, my normal Mail address and the notifyuser is ncp, the standard i think. When i klick on run it produces errors:
“There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: xxx”
So it kinda worked in the past hours but doesn’t gave me a certificate. So i should try it again later, or didn’t i understand it the right way?

Well, you don’t get a public IP, because it is basically a NAT to save the ISP from aquiring a lot of public IPv4 addresses (which are difficult to get for new ISPs, the old ones who got huge ranges of them in 80ies and 90ies don’t have this problem).

@Adlers You might give Beame-Insta-SSL a try. There is an app for that in the store: https://apps.nextcloud.com/apps/beame_insta_ssl

You have requested too many certificates for your domain. There is a daily/ monthly limit or so. You could check in the Forum of Let’s Encrypt. There are a few threads explaining that and how to solve that.

Yeah, I know :slight_smile:

It’s still for free (Vodafone Germany), think it depends on the carrier.

1 Like

i was referring to VF GER, of course. :wink: glad to hear that this worked as intended