So, I was building a server at home (just virtualization). then I hit the classic problem:
No static IP. No public IP. My ISP keeps me behind CGNAT.
If you don’t know, CGNAT (Carrier-Grade NAT) basically means your ISP shares a single public IP among multiple customers. So, no matter what you try, the outside world can’t directly reach your server.
I wanted my server accessible, even occasionally, without paying extra for a business plan or VPS. So I did some research, and here’s what I found:
1. Tunneling (like SSH tunneling or ngrok)
- Can make your local server public.
- Often requires a domain for convenience.
- Tricky if you want persistent access.
2. Renting a VPS
- Definitely works—you get a public IP.
- But, costs money, and I wanted something free or minimal.
3. VPN Mesh / Zero Trust Network (Best Option)
- Creates a private network between your devices.
- Works behind NATs and firewalls.
- Low latency, secure, and free for personal use.
I went with Tailscale, it’s essentially WireGuard but easy to use, works on servers and clients, and keeps everything secure.
How to Install Tailscale
Add the Tailscale repository and install
curl -fsSL https://tailscale.com/install.sh | sh
Start Tailscale
sudo tailscale up
It will give a URL. Open it in your browser, log in with Google/GitHub/Email, and approve the server.
Now your server has a Tailscale IP (like 100.x.x.x).
On Client Machines (Laptop, Desktop, Phone)
Install Tailscale
Linux/macOS/Windows: Download from tailscale.com/download
Android/iOS: Install from the respective app store.
Log in using the same account as the server
Check connectivity
tailscale status
You should see your server listed with its Tailscale IP.
Access your server
ssh username@100.x.x.x
Or for web apps, use the Tailscale IP in the browser.
Top comments (0)