Getting a High Speed FTTH:
For people in India, FTTH is still a dream especially for those who are in small cities. People in metro cities like chennai have a plenty of options and providers to choose from, whereas people in tier-2 cities have less choice and even there were no one providing in my town till 1 year back. So i finally see a 100Mbps speed on my screen, thanks to cherrinet. Although BSNL is providing FTTH in recent years, i couldn’t get in my place, since mine was few kilo meters away from town.
Anyone remember those noise from dial up modem ? (I’ll write a post someday on how i updated my IE for Rs.3k!)
Speed with Cons:
Ok, now fire stick streams 1080p without any lag but that high connection came with a problem. By default i cannot port forward. (I cannot open standard ports like 80 443 for incoming traffic, without which my site will not be accessible from outside world.) The ONT devices don’t have any configuration and they connect using PPPoE. If i would like to portforward, i should get a static IP which will cost, around 5k per year. So after googling, i decided to create a VPN connection between my pfSense and a remote VPS where i could point my DNS and open common ports to the internet. I created a droplet in digitalocean and tried configuring openvpn in ubuntu. I faced lot of issues related to routing. (not an expert in linux and routing).
pfSense Site-to-Site VPN:
Then i came across a site to site VPN tutorial in pfsense docs, and immediately thought of installing pfSense in a cloud VPS. Luckily vultr (referral link) has native support to pfsense and you can do a 1 click install. So after installing i had little issues with the configuration and fixed it by googling and doing some research.
For pointing domains to internal IP address, i need a reverse proxy, for with there is haproxy addon for pfsense. Now i have couple of services like this blo, nextcloud etc., exposed to the world. Basically this is how it all works…
Cloudflare DNS –> Cloudflare Firewall –> pfsense in cloud –> SNORT filtering (SNORT also filter bots which directly scan my IP for open ports and vulnerabilities.) –> HAProxy –> Open VPN Tunnel –> pfsense in homelab –> Individual services (www, nextcloud etc.,)
One real advantage is SNORT filters all the unwanted traffic in cloud and allows (hopefully :) ) only required traffic to pass through vpn tunnel.