Hyperoptic Fibre Broadband Routing IPv4 & IPv6: home servers

At last, in our central London family apartments we have 1GB connections with Hyperoptic. Reliable and fast. We get the speeds advertised, and one our flats it is even a little faster. Ping is time 1ms. With such fast speeds, upload as fast as download, it is tempting to run servers at home and run a private cloud. The snag is the devices at home are not reachable using IVp4 from the internet; the home routers are behind CGNAT, just as phone companies do in order to share the rationed IPv4 addresses and protect their network. You can pay Hyperoptic extra each month for a fixed IPv4 address that is then reachable from the outside using IPv4. You do not need to. Better to use IPv6 anyway.

Your home or office devices can be reached by IPv6 addresses from the internet which when calling from on an IPv6 enabled network. IPv6 is fixed and you are given a whole reachable subnet. Then you set the home router’s IPv6 filter, that is open pinholes to any local device IPV6 address and ports you want. You can now have multiple reachable devices on the same port, say 443 as there is no address sharing (NAT).

Connection is fine from IPv6 enabled networks away from home. It does always work from some workplaces or from phones outside because many ISPs still use IPv4 only routing. To solve this I use another server (my VPS) that has IPv4 and IPv6 connections. I use the VPS as a middle man to “cat” the connection from IPv4 to an IPv6 address. I can access home systems anywhere and can give my home machines domain names IPv4 and IPv6 with DNS entry. On this middle machine, a Linux site (a VPS) I use SOCAT command with the IP and ports I want like this:

socat TCP4-LISTEN:9831,fork,su=nobody TCP6:[2a01:4b02:a40a:4b10:af9b:c59c:b1b8:2e7x]:2529.

So connecting to VPSserver:9831 using IPv4, connects to my a home device on IPv6:2529. Can also run a VPN though it (SoftetherVPN). It’s magical (don’t forget to open the port on the middle server). It is very fast, I do not notice any degradation.

By the way, I found that if you have two places with Hyperoptic fibre connections you can access the other by using the internal Hyperoptic IPv4 addresses that are given to the routers (in 10.0.0.0 range). These internal Hyperoptic IPv4 addresses seem fixed. Mine has not changed over multiple reboots. I am pretty certain all this will pertain to any fibre provider.

https://bulger.co.uk/message.htm

Working from Work: Access your home PC as a Web page from anywhere.

Screen shot of my PC logged into my apartment’s PC as a web page. I can do this from work

Thininfinty Web login

Working from areas with tight security and behind firewalls which you cannot control can be very problematic.  Some places the blocks are simply too clumsy, making internet connection almost useless. Even medical sites such as dermnet.nz can get blocked (skin tones=too much skin). Or using medical terms such as “Oral” too much. So safely log into your home computer.

The simplest and secure solution, that does not imply any hack, download or compromises the security of the work site, is to connect to your outside home computer using a web page, port 80 or better port 443 (https, encrypted).  Those ports are never blocked.  This method does not require ANY software installation at the work end.   You are simply viewing a web page on any browser. You are not downloading or introducing anything of risk to the work system.  No malware can pass.  

The setup is to uses Thinfinity.   This offer a fast VNC like connection to your home computer using a web page alone.  Once installed on the home computer, at work just type in the URL or IP address of your home machine on the work PC’s web browser, eg   https://10.20.30.40/ or something like https://myhome.mydomain.com   

On your home router you will have to port forward port 80 or 443 to your home computer that is running the Thinifinfity workstation server, and that machine needs to be left on!  Give it a strong long password.

The non-commercial single use workstation license is free.

That’s it.

You can then look at all emails, all files, one drive, dropbox, edit stuff and post to NHS email address, and even use WhatsApp messaging that is connected to the phone left in the car.

I set it is as a subdomain of my own domain, so it can share the site’s lets encrypt SSL certificate.  You can use http, port 80, but it is not encrypted. Thinfinity have their own certificate system for https, but that requires connecting to their servers, which could get blocked, and the certificate did not work when I tried.  Domains can be created for any home router using dyndns or similar products, but I feared such domains may be blocked, so I used my own.  You could use the home IP address if it is fixed.

To untrained it could imply a security worry. From work, via this system, you can see on your home computer thus any site or file, such as time-wasting Facebook. But we are responsible professionals and just need access to all our clinical stuff.   

There is no record on the work computer or knowledge what sites your home computer has been looking at.   The work computer just sees the connection to a single domain or the IP address of the home machine as a single encrypted web page. All its doing is sending a screen image.

When logged to your home PC via Thinfinity in there is a hidden menu at the top middle: clicking on it you can scale the screen to fit the browser window. You may also need to hit refresh there if not seeing a window.

Gerry Bulger

Contact https://bulger.co.uk/message.htm

Older links on similar subjects

http://bulger.co.uk/satellitecost2.htm

http://bulger.co.uk/softethervpn.htm