OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: Felix. on March 07, 2023, 11:21:13 PM

Title: IPsec (23.1) behind CGNAT
Post by: Felix. on March 07, 2023, 11:21:13 PM
Hi,

i recently moved and my DSL is not ready yet.
I have an unlimited telekom business SIM and using an Teltonika TRB500 gateway in bridge mode.
I get a CGNAT IP at my WAN interface in OPNsense.

Before I used an VTI Tunnel and it worked great, but I had fiber and an (not offcially but never changed) static IP on my client side.
Now I need to use the cellular connection behind CGNAT as client.
I read this will work when the server only listens to connections and my client side initiates the tunnel.

What happens is, the server receives packets, and tries to send one back.
The one that is sent back never reaches the client and so the tunnel times out.

I really don't know what could be messing up right now, the client never sees any incoming traffic whatsoever from the server.

I'll post my configs tomorrow when I'm at a real computer... mobile right now.
Maybe someone can find culprit with me, many thanks!
Title: Re: IPsec (23.1) behind CGNAT
Post by: tiermutter on March 08, 2023, 07:27:45 AM
Behind CGNAT you will not be able to access anything via v4.
You will need IPv6, but in your case, you will still not be able to access anything, as tmobile restricts IPv6 access as long as you not booked the option "feste IPv6 Adresse" which will give you access over IPv6.
The only thing you can do without any extra options: simply use APN with public v4 ;)


internet.t-d1.de
t-mobile
tm
Title: Re: IPsec (23.1) behind CGNAT
Post by: tiermutter on March 08, 2023, 07:30:14 AM
 ::) sorry, misread your post, I thought you have trouble accessing server side behind CGNAT...
Title: Re: IPsec (23.1) behind CGNAT
Post by: Felix. on March 08, 2023, 06:33:53 PM
Using the APN you posted, I got a public IP and now I see incoming UDP packets, amazing.
The Tunnel still doesn't initiate but I that is probably something else, never tried the new 23.1 setup before.