Messages

For now I solved it with Tailscale. I briefly checked ipv6 and for one user on home network it would probably work but the same provider on mobile doesn't have IPv6.

OpenVPN over TCP/443 is also an option, I will try it one day.

Thanks for the hints and explanation!

I checked it on test-ipv6 and it has a public IP of 104.28.xxx.xxx and ipv6 is available as well.

And yes these are from the same ISP.

I had a chance to check it with a CGNAT 4G mobile (other than the previous):

WAN      2024-10-25T20:56:19   100.112.xxx.xxx:51095   85.66.xxx.xxx:51821   udp   Block private networks from WAN

And here's one which passed and not behind CGNAT:

WAN      2024-10-25T20:57:20   185.6.xxx.xxx:5677   85.66.xxx.xxx:51821   udp   Wireguard OpnSense

In the logs it was a 100.64.0.0/10 address blocked because private address block is enabled in WAN interface.

The Softether CGNAT traversal feature is for the other way around when the server is behind CGNAT right? Cause that's not the case, the server network is a public IP.

Hi,

I have a small server at home and users are connected via Softether VPN. One of them is behind CGNAT so if I block private networks on WAN she cannot connect.

What if I remove it from the WAN interface and set a WAN firewall rule to block all private addresses except CGNAT network? Is there a security risk involved?

Or maybe any other solution? I set up Tailscale as a replacement until I find a solution.

Thanks in advance,