Messages

1

General Discussion / Re: User can’t connect because of CGNAT

« on: October 26, 2024, 11:38:05 pm »

For now I solved it with Tailscale. I briefly checked ipv6 and for one user on home network it would probably work but the same provider on mobile doesn’t have IPv6.

OpenVPN over TCP/443 is also an option, I will try it one day.

Thanks for the hints and explanation!

2

General Discussion / Re: User can’t connect because of CGNAT

« on: October 25, 2024, 09:17:44 pm »

I checked it on test-ipv6 and it has a public IP of 104.28.xxx.xxx and ipv6 is available as well.

And yes these are from the same ISP.

3

General Discussion / Re: User can’t connect because of CGNAT

« on: October 25, 2024, 08:58:42 pm »

I had a chance to check it with a CGNAT 4G mobile (other than the previous):

WAN      2024-10-25T20:56:19   100.112.xxx.xxx:51095   85.66.xxx.xxx:51821   udp   Block private networks from WAN

And here’s one which passed and not behind CGNAT:

WAN      2024-10-25T20:57:20   185.6.xxx.xxx:5677   85.66.xxx.xxx:51821   udp   Wireguard OpnSense

4

General Discussion / Re: User can’t connect because of CGNAT

« on: October 25, 2024, 08:09:11 pm »

In the logs it was a 100.64.0.0/10 address blocked because private address block is enabled in WAN interface.

The Softether CGNAT traversal feature is for the other way around when the server is behind CGNAT right? Cause that’s not the case, the server network is a public IP.

5

General Discussion / User can’t connect because of CGNAT

« on: October 24, 2024, 08:47:38 pm »

Hi,

I have a small server at home and users are connected via Softether VPN. One of them is behind CGNAT so if I block private networks on WAN she cannot connect.

What if I remove it from the WAN interface and set a WAN firewall rule to block all private addresses except CGNAT network? Is there a security risk involved?

Or maybe any other solution? I set up Tailscale as a replacement until I find a solution.

Thanks in advance,