Yep that's where I'll put it once if everything goes well

Can anyone explain when to use (or not use) UDP Hole Punching at either the whole network or individual client level? Right now I am finding that Netmaker peers on the same LAN can only route to each other over WG if home punching is off; but then they are unreachable over WG from Netmaker clients outside the WAN. I am seeing this both on 0.9.4 and 0.12.0. Any ideas?

hole punching is best for clients behind a NAT. if the client has a static public IP and nothing (ie firewall) is blocking UDP traffic turn off hole punching. If multiple clients are on the same lan behind NAT, hole punching will not work well. Best solution, give each device a different listening port and set up port forwarding on the NAT device. If port forwarding is not an option, only set up one client using hole punching and and make it an egress gateway for the other devices on the lan. If you absolutely need more than one client, don't use hole punching and live with the limitation that network interaction must be iniated from from the NATed device. In this case, if you have a similar setup behind a different NAT, there is a strong possibility that the devices behind the first NAT will not be able to communicate with the devices behind the second NAT.

finally got it up installing lubuntu and taking up only 15GB of space and give it 4GB of RAM

BUT i think i am facing the same problem as @User and @User y forwarded the ports in my freshtomato to te VM with lubuntu opened ports WICH is in DMZ on the Internet Provider router and did not work. SO i went inside the lubuntu machine and tried localchost:443 and did not work AND after reading that netnem can acces through 8082 I tried that and the page loaded BUTwhen I hit CREATE ADMIN it says: "Failed to create Admin

this would be awesome! i have my own domain and i would like to not be necessary to pay dollars to a third

i realized that i am able to access through the 8082 port BUT on a NON HTTPS connection, when i type https i got this error (different SSL error than @User):

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

could it be that this error is because the site is NOT being accessed through HTTPS ?

Same issues

You'd prob want it on for all clients cause whether it works or not depends on the individual client network. If it works, great faster connections. If not, no harm done.

Nvm mines working now :p One thing I'll mention is make sure u have the proper DNS records for the programmed subdomains (cloudfare is funky with sub sub domains also can take time for records to propagate) and ensure u have the proper firewall rules set for all ports in ur VPS (FYI it can take a minute for firewall rules to be set properly) Also just try re-running the nmquick script. That's what did it for me

I take it back still not working lol

you have the same could not reach error?

I did.. but im pretty sure I have it all working now. On top of my earlier recommendations, I changed the provided caddyfile to reverse_proxy {public vps ip} instead of the default which was localhost under the subdomain definitions

so heres my final caddyfile

{
        # LetsEncrypt account
        email example@email.com
}

# Dashboard
https://dashboard.nm.secret.domain {
        # Apply basic security headers
        header {
                # Enable cross origin access to *.nm.secret.domain
                Access-Control-Allow-Origin *.nm.secret.domain
                # Enable HTTP Strict Transport Security (HSTS)
                Strict-Transport-Security "max-age=31536000;"
                # Enable cross-site filter (XSS) and tell browser to block detected attacks
                X-XSS-Protection "1; mode=block"
                # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
                X-Frame-Options "SAMEORIGIN"
                # Prevent search engines from indexing
                X-Robots-Tag "none"
                # Remove the server name
                -Server
        }

        reverse_proxy http://127.0.0.1:8082
}

# API
https://api.nm.secret.domain {
        reverse_proxy http://{public ip}:8081
}

# gRPC
https://grpc.nm.secret.domain {
        reverse_proxy h2c://{public ip}:50051
}

right

new problemo

nut changed those reverse_proxy fields back to localhost and seems to be fine. Gonna check netmaker docker logs and check back

hmmm

gonna take a quick break but thats where the issue lies

okokok imdumb

was trying to create access keys for comms network

thats what was giving me the error

seems to be working but ill update more later. If anyone wants help lmk

Would like to know if you ended up going with any special settings that helped for custom domains, seems like this is a challenge people are encountering somewhat regularly.

so I only changed the reverse_proxy ips from localhost to my publiv VPS ip

{
        # LetsEncrypt account
        email example@email.com
}

# Dashboard
https://dashboard.nm.secret.domain {
        # Apply basic security headers
        header {
                # Enable cross origin access to *.nm.secret.domain
                Access-Control-Allow-Origin *.nm.secret.domain
                # Enable HTTP Strict Transport Security (HSTS)
                Strict-Transport-Security "max-age=31536000;"
                # Enable cross-site filter (XSS) and tell browser to block detected attacks
                X-XSS-Protection "1; mode=block"
                # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
                X-Frame-Options "SAMEORIGIN"
                # Prevent search engines from indexing
                X-Robots-Tag "none"
                # Remove the server name
                -Server
        }

        reverse_proxy http://{public ip}:8082
}

# API
https://api.nm.secret.domain {
        reverse_proxy http://{public ip}:8081
}

# gRPC
https://grpc.nm.secret.domain {
        reverse_proxy h2c://{public ip}:50051
}

the only other tricky part was configuring the DNS domain side. Cloudfare doesnt like sub sub domains so I had to disable their proxy and then I created individual A record for each subdomain and then one A record for the main netmaker sub domain