← statichum.studio

May 7, 2026

Turnkey CGNAT-Bypass Appliance for Renters and Apartment Self-Hosters Who Can't Open a Single Port

saas real project •• multiple requests

Apartment dwellers and anyone behind CGNAT (most US cellular ISPs, T-Mobile Home Internet, many fiber muni-builds) cannot expose a homelab service to the internet without renting a VPS and hand-rolling a WireGuard tunnel. Demand is for a $5-15/mo managed ingress: bring your own domain, point a single CNAME, get TLS, get a public IPv4 endpoint that backhauls to a tiny home agent. Pangolin solves this for self-hosters willing to run their own VPS, but the non-DevOps majority still falls off the cliff at 'rent a Hetzner CX22 and configure WireGuard'.

builder note

The gap isn't the tech (it's WireGuard plus Caddy), it's the boring billing-and-support business. Sell it as 'one CNAME and a tiny home daemon' priced like PikaPods-for-ingress. Don't try to compete with Cloudflare on price... compete on 'no Cloudflare ToS surprises and your TLS isn't theirs.'

landscape (4 existing solutions)

Every existing option asks the user to either run a VPS, accept a vendor-locked subdomain, or pay per-GB. A managed ingress that owns the VPS and the WireGuard config but lets you bring your own domain is a real product hole.

Pangolin You still have to rent and provision the VPS yourself, install the binary, point DNS, manage SSL renewal. Excellent for self-hosters, an absolute brick wall for the audience that just wants the tunnel.
Cloudflare Tunnel Free and turnkey, but ToS prohibits media streaming and large file transfer (the actual reason most homelabbers want ingress). Also, every TLS session terminates at Cloudflare.
Tailscale Funnel No custom domains; you get a *.ts.net hostname. Repeated complaint that custom-domain support has been 'coming soon' for years.
ngrok / LocalXpose Bandwidth-throttled at the price points self-hosters tolerate; ngrok caps the free tier at 1GB/mo and Personal at 5GB/mo with $0.10/GB overage.

sources (3)

other https://forum.gl-inet.com/t/bypassing-cgnat-with-wireguard-p... "How do people without static IPs actually self-host?" 2026-04-20
other https://github.com/anderspitman/awesome-tunneling "List of ngrok, Cloudflare Tunnel, Tailscale, and ZeroTier alternatives" 2026-04-15
hn https://news.ycombinator.com/item?id=47747808 "rent a $5 VPS in my region that I tailscale to ... un-CGNAT myself" 2026-04-29
self-hostedcgnatnetworkinghomelabwireguard