Did anybody tried oracle free tier as vpn?

There are no such things as random terminations. Adhereing to the term of service does not involve luck.

Is presented with contradicting evidence. Ignores evidence. Nice!

The chance of cancellation seem to be quite low too… Ow, I haven’t backed up that with any proof too the same extent as you did

Feel free not to use it, I’m happy to have this opportunity costing me nil for over a year.

Oh I’ve been using Oracle Cloud for a long time as a non-paying user. I have one of their A1 Ampere instances for 858 days of uptime now.

But that is not to say my experience or yours will be reflective of others, just warning people before they commit. Definitely, people should test run their instances for an extended duration before putting Storj behind it.

As an aside I am somewhat worried they will follow AWS and charge for IPv4…

You need to increase your standards of what you consider “evidence”. This is not the evidence. You don’t have the full picture. You are not even sure that the details that are presented, are trustworthy. I would not trust any random internet users telling you a convincing sob story.

What I trust is a Terms of Service document, and staying within those terms. Nothing else matters. Somehow I highly doubt that if organization that bans users for no reason can survive for any amount of time let alone be commercially successful.

Fair. Your warning should be however “Don’t break ToS”. Which is applicable to any other service on earth and not speifcifc to oracle.

This advice makes no sense. I’m using storagenode usecase to test how the VPS behaves long term. Why would I test it before storj? I do run other services there too (including Kuma, that watches storage nodes, and Unifi controller). It’s a hyperscaler. There is nothing to tests. Those instances work. Subscribe to outage notifications, and you’ll be fine. (They had one recently)

The OP is wanting to use Oracle Cloud as a VPN, presumably to game the subnet ingress policy or to be able to host a node behind CG-NAT. If the latter is true and they have the same experiences as some others having their account cancelled (for their own or Oracle’s fault) then they would face disqualification.

I created a small vm with free tier and installed wireguard. Connecting with my phone works, and I also have internet connection. I tried a stack with gluetun and storj. Server-side, pivpn (wich is wireguard) sees a connection and some traffic is going through (several mehabytes), but for some reason, when looking in the storj logs, it tells me, that the satellite ping is failing. I opened tcp udp ports, but nothing. Is there anybody wich knows how to use gluetun, or know how to properly configure it?

The whole this conversation was about oracle banning you, not storj.

This is a violation of Storj ToS, not Oracles’s

This is acceptable use in both Oracle, and Storj ToS.

There is third reason – someone may not want to expose their home network to extra attention and probing, by publishing the naked IP. Hyperscalers can help shield you from that.

Why? If your node loses connectivity you are not instantly disqualified. You get a notification and you have tons of time ( a month?) to fix it. If you don’t mange to fix it in a reasonable amount of time – don’t run a node. Again, this has nothing to do with oracle.

Your /etc/wireguard/[name of your wireguard].conf should be looking something like:

# Input from outside, mind the ingress-rule from Oracle-cloud!
# In my case the Wireguard-port is 59435 
PostUp = iptables -I INPUT -p udp --dport 59435 -j ACCEPT
PostDown = iptables -D INPUT -p udp --dport 59435 -j ACCEPT

# Forwarding bidirectional, %i is substituted for the name of the wireguard-adapter
PostUp = iptables -I FORWARD -o %i -j ACCEPT
PostUp = iptables -I FORWARD -i %i -j ACCEPT
PostUp = ip6tables -I FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT

# In my case the ethernet adapter is enp0s6, change according to your situation
PostUp = iptables -t nat -A POSTROUTING -o enp0s6 -j MASQUERADE
PostUp = ip6tables -t nat -A POSTROUTING -o enp0s6 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o enp0s6 -j MASQUERADE
PostDown = ip6tables -t nat -D POSTROUTING -o enp0s6 -j MASQUERADE

# STORJ, in my case it's the client with IP 10.66.66.2.
PostUp = iptables -I INPUT -p udp --dport 28967 -j ACCEPT
PostUp = iptables -I INPUT -p tcp --dport 28967 -j ACCEPT
PostUp = iptables -t nat -A PREROUTING -p udp --dport 28967 -j DNAT --to-destination 10.66.66.2
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 28967 -j DNAT --to-destination 10.66.66.2
PostDown = iptables -D INPUT -p udp --dport 28967 -j ACCEPT
PostDown = iptables -D INPUT -p tcp --dport 28967 -j ACCEPT
PostDown = iptables -t nat -D PREROUTING -p udp --dport 28967 -j DNAT --to-destination 10.66.66.2
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 28967 -j DNAT --to-destination 10.66.66.2

Also make sure the firewall from Oracle has been set up correctly. I would set 22/tcp, 28967/tcp+udp and the port of your Wireguard (in my case 59435/udp) open for ingress and stateless in case of tcp. And all outbound traffic allowed for egress.

In the end it can be enabled by: systemctl enable wg-quick@[name of your wireguard]

I’m not using Storj or what people do on Oracle machines as a means to show that OP will eventually be cancelled for signing up for Oracle Cloud. More so that: If they are expecting to have a free VPN to host/shield their storage node they should think twice about using it as a long term solution because people have faced seemingly random cancellations out of the blue.

No one is stopping the OP from spending ~$5 USD/mo to achieve that from buying a VPS from other providers. I’m not sure what prices are in other parts of the world; perhaps only when having a free VPN that storage nodes are economically viable, and that might be risky to depend on Oracle in the long run given experiences of others.

Fully agree on this, …

I don’t know, but why is the guy using Oracle himself and warning other users to use it? Feels a bit like self-serving in some way or just show…?

We even don’t know the fraction of users are concerned, nor whether it’s really out of the blue. I’m being warned every three months my resources are being reclaimed if I’m not logging in and doing anything with the server. So my instances are all being restarted every three months. I never see coming it along in this forum, although knowing that a fair amount of people are using this method for a variety of reasons.

And even then, big deal being cancelled by Oracle. In the boldest case I can think of, you just use another credit card and e-mail address and you’re fine to go.

As we discussed, this is not a claim worth pixels its written with. If you take a million users there will always be vocal minority that experienced extraordinary events or got cancelled for mysterios reasons - these is non-actionable noise. I would not pay any attention to it.

And then let’s say you are cancelled due to bug in abuse detection automation, cosmic rays, whatever. Take two minutes and open a new account. I don’t see a problem.

How is that any different than using oracle free tier? Other providers don’t have ToS or can’t ban users for breaking them just the same?

It’s really really simple: There is a service provider. There is customer. There are terms of service and terms of use both agree to.

Exactly! The load is so low, that Oracle thinks the instance is idle

There was a way to tell oracle that this is low use instance and to stop buggering you about it. I can look it up if you don’t find it.

Bingo!

Do I have to put this in my wireguard config? Normally in the wireguard config you have private and public keys, with ip addresses etc, and not so many rules.

Did you use the script from angristan to install it?
Then there’s probably that /etc/wireguard/wg0.conf on the server (not your cliënt)!
Then you see some of these rules already in there, but I sorted them out.

The contents I posted, should be between:

[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 59435
PrivateKey = [TheKey]

And

# The STORJ-client
[Peer]
PublicKey = [PublicKey]
PresharedKey = [PSK]
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128

So my full config looks like:

[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 59435
PrivateKey = [~TheKey~]

# Input from outside, mind the ingress-rule from Oracle-cloud!
# In my case the Wireguard-port is 59435 
PostUp = iptables -I INPUT -p udp --dport 59435 -j ACCEPT
PostDown = iptables -D INPUT -p udp --dport 59435 -j ACCEPT

# Forwarding bidirectional, %i is substituted for the name of the wireguard-adapter
PostUp = iptables -I FORWARD -o %i -j ACCEPT
PostUp = iptables -I FORWARD -i %i -j ACCEPT
PostUp = ip6tables -I FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT

# In my case the ethernet adapter is enp0s6, change according to your situation
PostUp = iptables -t nat -A POSTROUTING -o enp0s6 -j MASQUERADE
PostUp = ip6tables -t nat -A POSTROUTING -o enp0s6 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o enp0s6 -j MASQUERADE
PostDown = ip6tables -t nat -D POSTROUTING -o enp0s6 -j MASQUERADE

# STORJ, in my case it's the client with IP 10.66.66.2.
PostUp = iptables -I INPUT -p udp --dport 28967 -j ACCEPT
PostUp = iptables -I INPUT -p tcp --dport 28967 -j ACCEPT
PostUp = iptables -t nat -A PREROUTING -p udp --dport 28967 -j DNAT --to-destination 10.66.66.2
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 28967 -j DNAT --to-destination 10.66.66.2
PostDown = iptables -D INPUT -p udp --dport 28967 -j ACCEPT
PostDown = iptables -D INPUT -p tcp --dport 28967 -j ACCEPT
PostDown = iptables -t nat -D PREROUTING -p udp --dport 28967 -j DNAT --to-destination 10.66.66.2
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 28967 -j DNAT --to-destination 10.66.66.2

# The STORJ-client
[Peer]
PublicKey = [~PublicKey~]
PresharedKey = [~PSK~]
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128

Meaning that everything like [~var~] is a variable.

I remembered. I switched to “Pay As You Go” plan. Still staying within free tier, still pay nothing, but they don’t reclaim my instances.

So this is the config file I put into the vpn client, to connect to my server right? I scanned my wireguard config via qr code from pivpn on the server, and sent it to my pc. I have to figure out how to configure gluetun to pickup the modified file. At the moment I did it like shown in the documentation and put the credentials directly into the yaml file, and not grabbing the config from the drive. (https://github.com/qdm12/gluetun-wiki/blob/29e3dee5024d82218e3f170b32f027102ff84aab/setup/providers/custom.md) I appreciate your help.

As a ToS advocate you don’t seem to have read the Oracle ToS, as multiple free-tier accounts are not allowed.

Are you trolling?

That was in the context of discussing unlikely hypothetical scenario of your existing account being banned by mistake and you creating another one. You only have one at a time.

And then, you can always upgrade to Pay as you go tier (which I did) and still enjoy free allowance.

Have you read the ToS? It says you are only allowed to create one free-tier account, not owning one at a time.

Dude. You are the first one who claimed that oracle can ban your account for no reason. So if we go to that slippery slope – they broke ToS first, so I’m breaking theirs in response.

If nobody breaks ToS – your account is not being banned, and this conversation is moot.

Also read about pay-as-you-go tier by the way. This may reduce your anxiety of using free account.

No, as I stated above:

You have to modify that file. It probably has already some lookalike rules in it.

There’s also just a wireguard app for your phone.

Moreover, you can just copy-past the contents of the created conf-file in your home folder on the server (if you used the angristan-install script) to the /etc/wireguard/[wireguard-adapter-name-you-wish].conf on your client and then enable it on your client (so your Storj-node) with systemctl enable wg-quick@[wireguard-adapter-name-you-wish] after you installed wireguard of course with something like apt install wireguard.

I don’t see why you are using docker to get this done. If you want to make sure the wireguard doesn’t influence your OS, you probably should consider to setup the whole thing withing a lxc-container.

My setup actually looks like this

 _____________________________            _______________________________________
| VPN-server, with the config |  <====>  |  Debian host                          |
|_____________________________|          |   __________________________________  |
                                         |  | LXC-container (wireguard client) | |
                                         |  |  _________________________       | |
                                         |  | | Docker (network = host) |      | |
                                         |  | |_________________________|      | |
                                         |  |__________________________________| |
                                         |_______________________________________|

Might there be a neater way, for sure. Is it easy to maintain? You bet…