@kronicd Unless android has implemented DHCPv6 and nobody is talking about it, no, no it’s not. It would still need me to route the entire /64 to one network after all for SLAAC.

Unless you’re suggesting I install more-specific routes on the other networks? maybe a /65 or /66 on them? But in that case, wouldn’t the main network, with it’s full /64 prefix, have issues reaching those other hosts… hmm. Unless I deploy it with ULA addresses too. And treat the GUA addresses as just for internet connectivity.

Might still have to NAT66 it for other networks that may see android devices…

Might experiment with it once my opnsense box arrives I guess. Don’t want to muck around with that on openwrt.
I just wish I got like a /60 at least.

I suppose tunnelling to a VPS is one option, but I’d rather use NAT66 over that because it’d have better throughput/latency.

I really only have a 500Mbit down/100Mbit up connection, so on the WAN side, it’s fine, can handle that easily.

And meanwhile on the LAN/VLAN side, I haven’t tested, but I’ve mostly tried putting the high bandwidth stuff in the same VLAN just so they don’t hit the router (on a stick), and just crosses the switch.

I’ve got a N200 aliexpress box on the way though. OPNSense is looking mighty interesting.

I feel like I’m missing some EASY thing; like can’t my apache2 just route the bitwarden.domain1.com traffic to another local IP address…

Yes. It can. https://httpd.apache.org/docs/2.4/vhosts/name-based.html

If you’re going to be jumping straight into text based config files… Caddy’s Caddyfile format is a lot easier to work with then nginx configs IMO.

Cloudflare tunnel free is pretty good, and I use it for my on-prem (in house) services because it can work through CGNAT, though you are subject to the standard cloudflare terms of use.

On the other hand, what you’re looking for is called a reverse proxy. I’d recommend Caddy or Nginx Proxy Manager for you.

I personally use Traefik, but I’m also running on a kubernetes cluster so…

Actually. Now that I think of it, I should probably diagram that out hmm. Anyone know any good tools for making that?

And seriously, Talos Linux is really, really, nice. If I ever manage to mess up a kubernetes node (which has happened a few times when I was messing around), I just wipe it, reboot it from the ISO, and reprovision it with the machine configuration.

• 3 used MSFF PCs (i5, kingston SSDs, 24GB of ram each). All running proxmox, set up as a cluster.
• 1x Raspberry Pi 4 8GB. Running ubuntu.
• 1x Vultr 2vCPU/4GB RAM instance.

I’ve got a small kubernetes cluster set up using Talos with 3 controlplane / 3 workers in VMs on the proxmox nodes. The vultr node is also running Talos and attached to the same cluster. Their KubeSpan feature is pretty neat, automatic full mesh wireguard between all cluster nodes.
Traffic inside the cluster flows seamlessly between all nodes, and I can even use it as sort of a proxy server using Cilium’s Egress Gateway function.

Meanwhile my Pi4 is running k3s, to host a few services needed to operate the main cluster, such as the Harbor registry operating as a cache and a zigbee2mqtt instance because I have a raspbee2 for a zigbee adapter.

The main reason I’m using K3S even on the single node Pi is because I very much like using flux to manage the deployments on the servers.

Network wise, I’ve got a USG-3P, one of the newer compact 16 port POE switch. And a pair of UAP-AC-LITE for APs.
Maybe one day I’ll get around to switching the USG for something a little more capable. And maybe capable of doing IPS/IDS on my 500M/100M internet connection. But no idea what kind of specs I’d need for that.

Would also like a NAS but… eh… Maybe I’ll just see if i can add more storage to the proxmox nodes and expand the ceph cluster or something.