So, I live with my parents, and I recently (a few months, but I’ve been using it a lot more the past few weeks) set up a personal home server on an intel NUC I got secondhand (which I wiped and all). We have 2 routers/access points (idk the terminology; two boxes with antennas that we can connect to, both for the same network, one of which is connected to the house internet and the other connected to the first via a 5 GHz connection iirc). My server is connected via ethernet to the secondary AP.
Anyway, my parents have been complaining about my server maybe causing issues with the internet. We’ve been having issues forever, but this is “new issues”, and I can’t actually guarantee it’s not because of it so I kinda have to look into it. The symptoms are:
- General connection issues (these I’m pretty sure are not any different)
- On one phone, “suspicious activity detected” when connected to the network, automatically disconnecting the phone (this does seem actually new, and potentially actually caused by it)
- On one laptop, refusing to connect/disconnecting automatically.
The most recent significant change to the setup was connecting my server to cloudflare/with a domain name instead of accessing raw ports with a tailscale IP. The setup is:
- Docker containers for everything
- Traefik reverse proxy
- Cloudflare tunnels for each service (IP is dynamic and we’re behind a NAT, so this was easiest)
- Only non-login-required service is nginx serving a few kB of plain HTML/CSS.
Because I’m using cloudflare tunnels my external IP has, as far as I know, never been exposed and has never been in DNS.
Could any of this cause these issues, particularly the android warning? If so, is there a fix? If not, what could be causing that?
OK lets start with the phone, what app is responsible for the suspicious activity message? Because I’m not aware that is part of Android. The closest symptom is that Android will disconnect from networks that it claims do not have internet connectivity. Which would fit more closely with your intermittent connection issues. We could really also do with knowing what router you are using for the actual internet. It sounds like you are using mesh system for the wireless side of things. Can we also know are you using the ISP DNS server, or have you pointed the router to more reliable DNS servers? You should probably never use the ISP DNS servers - aside from any other reason, because it makes it much easier for the ISP to record what sites you are visiting.
The warning thing is apparently a popup, from some Samsung thing it seems: https://web.archive.org/web/20230609040346/https://old.reddit.com/r/AskNetsec/comments/caiugx/galaxy_s10_detect_suspicious_networks has the same model as the phone with the popup.
It is a mesh system yes, two ASUS ZenWiFi CT8 boxes.
For DNS I don’t know, there’s a good chance it’s the ISP DNS. Is there a way to check?
OK, so the first thing we can see there in the comments is that someone found that with that setting turned on, it prevented the phone from being able to roam between access points, so that’s probably the issue with the phone.
As for the next part login to the router, find the part about configuring the internet connection and in there will be something like WAN DNS or something, if it’s set to get it automatically - then it will be using whatever the ISP set when you receive your WAN IP address from them. I typically use 8.8.8.8 (Google) and 1.1.1.1 (Cloudflare) which gives me redundancy if Google or Cloudflare fall over, it’s not likely both will fall over at the same time without some major global internet outage.
is there something that could be causing this with my server?