I’m connected via a 4G modem. Got this setup about 3 years ago. In the beginning it was enough to look for the public IP (what’s my IP). The modem showed some sort of private ip in the ui. I’m running stuff at home (Homeassistant, Gitea,) and bought a domain and pointed it to my home IP via Cloudflare. After some time I’ve noticed my modem shows the public IP also internally. For about 2 years now it ran flawlessly, the IP changed from time to time, but not really more than once in several weeks. For about a week all stopped working and the modem shows IP 100.xxxx and outside 85.something I guess I’m behind NAT now. Normal port forwarding on the modem is useless now. Is it possible to open the ports via UPNP? I’ve tried via miniupnp from my Ubuntu server, but it just throws an error.

upnpc -a ifconfig enp1s0| grep "inet addr" | cut -d : -f 2 | cut -d " " -f 1 22 22 TCP

Can I use this to somehow open the ports via UPNP on my modem and bypass the blocking? I can’t even OpenVPN to my modem anymore.

EDIT: i also run AdguardHome, that I use as Private DNS on my Android phone

UPDATE: everything except Adguard Home used as Private DND on my Android works! I’ve used this: https://github.com/mochman/Bypass_CGNAT/wiki/Oracle-Cloud-(Automatic-Installer-Script) - free Oracle VPS + automated well described script. Even HTTPS works fine!

  • nucleative@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    For reestablishing the connection, use the wrapper ‘autossh’. It can be run from systemd so that it’ll auto start and restart as you command it.

    I have a couple instances using this that are absolutely rock solid after years.

      • nucleative@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Haven’t done any comparisons, but I’m using this in cases where my throughput isn’t too important. I can stream my webcam over it in HD, establish an rdp connection, ssh back through, and control web interfaces like octoprint. It’s acceptable.

        The big advantage is that a $2/month vps gets a static IP, therefore I don’t have to worry about a VPN provider changing the IP or blocking ports.

        Tunneling an encrypted connection through an encrypted connection is pretty much always a bad idea but when you’re evading CGnat or other network blocks, sometimes it’s the best we can conjure up on a whim.

      • tal@lemmy.today
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        I’m the grandparent commenter, not the parent commenter, but for my very limited use, it’s not noticeable, but I’m also typically just giving a remote machine access to a local web service. I’m not trying to tunnel anything bulk (or where latency is critical, which I’d think might be a larger issue).

        The one thing I can say, though, without digging up numbers: ssh is fundamentally TCP-based. It forces ordering on anything it transports. While there are ways to cram UDP through an SSH tunnel, that’s gonna impose an unwanted constraint. if you want to provide access to anything that natively runs on UDP, I’d probably look into a UDP-based VPN – like Wireguard – that doesn’t do that.