Switched to 1 gig fiber and now it looks like i am double nat. Help!

[Flamez]

I recently switched to 1 gig fiber server (local electric co-op).   I currently have a single box (Fiber ONT) plugged into my opnsense box.  I called my ISP asking about a static IP thinking this would resolve my issue of being double NAT and they are not offering one yet but will be in the coming months. Looks like I am stuck with this.  I have all my cameras behind opnsense and use openvpn to connect to my equipment. Of course, none of this is working anymore. I would appreciate any suggestions to a way around.

Thank you,
Flamez

[cookiemonster]

Sorry, not clear what the setup is.
ONT will not pull an ip address from the isp, so your OPNsense will but if none of these have changed, what part of the setup changed? I've no idea what "switched to 1 gig fiber server (local electric co-op)" means in terms of a user setup, so it might be the problem, it might not.
What makes you think that you have double nat and how was it before?

[Flamez]

My old internet provider was Suddenlink using a cable modem, and I moved to a new internet provider which had fiber 1 gig service.  The new ISP installed a Adtran SDX 621 XGS-PON ONT and fiber is connected to it and then I connected the network jack from the ONT to my opnsense box. I cannot access the web GUI of the ONT.  Looking at Opnsense I can see the wan gateway of the ONT is set to 100.64.xx.x range by my ISP. My Opnsense box is setup to use 192.168.2.x.  On my old cable modem setup, I could access my home server equipment using VPN. This stopped working when I moved to the new Fiber ISP.  When I performed a tracert it showed the first few hops as private address provided by my new Fiber ISP. 

Hopefully this helps.  Sorry I should have provided more information in my first post.

[cookiemonster]

Ok but I suggest breaking out the setup and the problems, as you seem to have more than one thrown into one paragraph: doube NAT, openvpn not working anymore, no access to ONT gui anymore.
Maybe that's why I'm unclear.
So without a particular problem in mind, you need to check the manual for accessing the ONT. It is expected that if there is one, to have a local ip address.
For the VPN, assuming you mean connecting from the outside world into your LAN, then it might need a refresh of the DNS to update with the new public ip.

[Flamez]

Thank you for your suggestions. The last call I had with my ISP the tech stated that I would be double NAT using my own router.

[lfirewall1243]

Please provide a Network Plan

Gesendet von meinem M2012K11AC mit Tapatalk

[Flamez]

Sorry for the delay in responding. I am working with my ISP to get a static IP assigned to me.

[Flamez]

I wanted to provide an update.  The only way I can get a static IP from my new fiber ISP is to move to their 2-gig fiber plan. I really don't need the extra speed, but it will finally get me a static IP and allow me to remote into my servers. My ISP is using CGnat and will not allow access to the fiber ONT and this is only solution they are offering.

My fiber ONT is a 10-gig model # 621 XGS-PON ONT.  It has a 10 Gbps ethernet port.

To benefit from the additional speed, I would need to upgrade my current USW-24-G1 switch and add 10-gig card to my OPNsense box and any additional computers in my house.

Any suggestions on what equipment to purchase?   What about 2.5 gig cards?  How about only adding the 10-gig card to my OPNsense box, NAS and one computer.

I am looking for any suggestions.

Thank you.

[cookiemonster]

Ah, CGNAT, that explains it all.
To your question, I'm sure you know it: current, future needs and budget.
I'd say if your internal machines are mainly consumer SSDs, Hard drives or combinations, and have no plans to replace all with NVMEs, I'd go for 2.5. I've not looked at the price differential between 10 Gb and 2.5 Gb cards but I'd guess it is significant and worth the wait for a future upgrade when prices are equivalent to 1 Gb now.
In any case it would be a good ideal to check the freebsd hardware compatibility list and check forum before purchasing.
I've read some 2.5 Gb interfaces are still not universally working.

[meyergru]

My fiber ONT is a 10-gig model # 621 XGS-PON ONT.  It has a 10 Gbps ethernet port.

To benefit from the additional speed, I would need to upgrade my current USW-24-G1 switch and add 10-gig card to my OPNsense box and any additional computers in my house.

Any suggestions on what equipment to purchase?   What about 2.5 gig cards?  How about only adding the 10-gig card to my OPNsense box, NAS and one computer.

I am looking for any suggestions.

First, a few comments:

1. I envy you.
2. 10 GbE over RJ45 has a serious problem: it draws 1 Watt per port or 2 Watts per connection. That is why whenever possible, you should use DAC cables with SFP+, altough that can only support 10 GBit/s. Alas, Adtran's 621 does not offer that and it seems to have 10 GbE only with no support for 2.5 or 5 GBit/s.
3. 2.5 GbE technology has much less power draw, is cheaper, is supported by more and more common equipment and can be run over existing CAT.5 cabling (unlike 10 GbE). Been there - done that.

You could go with a Mikrotik CRS309-1G-8S+IN and use SFP+ Modules that can support 1, 2.5, 5 and 10 GBit/s.
Considering your internet plan at 2 GBit/s, I would prefer a Ubiquiti USW-Enterprise-24-PoE for obvious reasons.

However, that does not solve the problem you have with the OpnSense machine itself. That must be capable to connect at 10 GbE over RJ45 to the Adtran and to transport it over at (preferably) 10 GbE to the switch.
The machine in question must have a lot of punch to be able to route / firewall at 2 GBit/s and preferably has a small power draw.
You could use a Deciso DEC 7x0 or 8x0 for that, it has to be a machine that offers at least 2 SFP+ ports, one with a DAC cable to the switch and one with an SFP+ module for RJ45 to the Adtran.