Messages

Thank You everyone for your help!!  I finally got them to sell me a static for 20 smacks a month.  Too much for sure but zerotier looked like one complex setup (I'm still trying to get my head wrapped around what the document says it does and how it works) and VPS would have got it done but having everything in one place works for me. It is great to know there are options if I have to use them though!

Thanks for all the suggestions.  Getting them to give me a static is turning out to be more difficult then I imagined.  They want me to sign up for a biz account and pay 3x the price of residential.  Thats out.  I can't even get them to talk to me about IPV6.  I'm really surprised how fluent people here are with it.  It is hardly mentioned in my neck of the woods. I know when I went tube surfing on the subject, the details always seemed to be missing.  Anyone know of a good tutorial on it?  I have done a bit more digging on how the VPS would work. It is certainly a possibility if I can find one for a decent price..  How does Zerotier get around NAT?

I too would like some details on how this is suppose to look.  Perhaps Prez and I have the same new Fiber ISP that isn't currently offering IPV6, although if they were, I would have to start a thread on what that is suppose to look like as well :/  If the other options talked about here work, I would be open to understanding what is involved there as well.  How do they get around the natted IP?  What are the pluses and minuses of each?  Do they require a separate service like VPS does?  All this just because a ISP is to cheap to buy a few extra ips.  What a shame.

Those lyin dogs.  They tell me that they do not block ports just to find out they use CGnat.  I'm not real familiar with how CGnat works.  I see people talking about having to use a VPS to make it work but I'm wondering at this point, is having to deal with cgnat worth it over keeping my cable?  I was switching because they are currently over subscribed but with the new fiber folks in town, that likely will not be a problem for long. Fiber has synchronous speeds that are nice as well. Can I get around this issue without having to pay for another service?

Newsense, Yes I changed the port on the wan firewall rule, the instance, and phone app.

Seimus,  according to there online FAQ they do not block ports but have not reached out to ask.  The reason being is I tried my original ISP that was known working before I switched and I am having the same results.  The phone IP never makes it to the live logs when I filter against its IP or against incoming connections. I have not tried filtering against blocked connections.  I will give that a shot. 
"Additionally, a lot of Internet providers and other actors constantly scan Internet for Open ports, those should be visible as well on Ingress of WAN as blocked." So even though the ISP would be blocking that traffic, I would still see it show up in live view as blocked? or do I need to see that in a different part of OPNsense? I could run NTOP from another IP and see if the port is open but I have a good feeling on what I would see since ping isn't working. I will try connecting a laptop directly to the ONT and see if ping works.

nsteinmetz - the wireguard logs are only reporting that the instance is up but no connection logs.I have not tried zerotier or openvpn on OPNsense.  I really like the way wireguard worked.  It connects fast and maintains a solid connection and is much faster the openvpn.  Haven't tried zerotier to compare it against.

I'm thinking something is defunct with the WAN side firewall.  I tried creating a ICMP rule for incoming pings that would ping the WAN IP and Source set to any, and could not ping.  I also could not see the ping requests coming in using tcpdump but I have never tried using it on a firewall.  It would make sense that the traffic would hit the firewall first before making it to the scanner. Is there some way to flush and rebuild the firewall portion? Maybe there is some bad db entry causing it to hang up on the incoming connections? 

It is a public IP.  OPNsense is the router directly connected to the ONT.  I have tried 51820 and 51821.  Is there a different port range that I should try?

I had the road warrior instructions working for my first Internet provider but after I switched, I cannot get the phone to connect.  I have tore down and rebuilt numerous times with not luck.  I tried re-connecting the first internet provider and re-configuring wireguard to match the original config but that is no longer working.  I have attached my current settings.  I have used the WG0 net for the source and as shown in the attachments, I have tried using the actual wireguard subnet.  The status page for wireguard never shows the handshake and looking at the WG0 traffic, it doesn't look like there is anything happening there either.