I have a nasty double NAT problem because I have two routers, one is my Archer C6 with OpenWrt installed, and another one is a proprietary router from my ISP which has a Fibre-to-the-Home optical cable connected to it, obviously I can't remove it and plug it directly into my Archer.
So instead I found out that I can use "bridge mode" to totally disable NAT on the ISP router, so that all requests would be forward to my router.
I was able to access the ISP router's web control and used it to switch it to bridge mode. Now the issue is that I don't know how I should configure the "WAN" interface, what protocol should I use? I tried DHCP, PPP, PPPoE and Static but none of them worked
Your router is out of discussion. You have some sort of ONT with fiber in, Ethernet out and you configured it in a bridge mode - correct? So the question to the ISP or their user forum should be something like this: how should I configure a standalone PC that is connected over ethernet directly to the ONT when the later is in a bridge mode?
Alternatively you can probably restore the original ONT configuartion (with NAT) and carefully document the WAN connection configuration, then reproduce it on your router.
just navigate to the place where you made the changes [for bridging] and document the initial configuration that was there prior to your changes
Here is a sampe page:
But I tried that but it didn't work, perhaps I also had to restart the router? I was connected to it via WiFi when performing the operation, maybe that shouldn't work in bridge mode?
No, each ISP has its own methods. Some use direct DHCP, some require PPPoE, some use VLANs, some restrict the connection to one MAC, some just allow a pseudo-bridge mode, ...
If you tell us the ISP and country, perhaps someone around here already has all that info.
I did some research and I found this post on a forum thread:
In bridge settings Jio ONT has a VLAN ID. To enable bridge mode and have internet, you need a router that supports VLAN tagging for WAN port.
Someone also mentioned this on the same thread:
But considering the fact that Jio uses CGNAT (Carrier Grade NAT) where everyone shares the same WAN IP, it is pointless to have Bridge mode setup as you will not be able to port forward correctly.
If that is true, then I am f🤬ed.
I can't find a dedicated configuration page for WAN, the screenshot I posted has the most detailed info I could find... but someone in the thread I mentioned in the beginning has posted an older screenshot from the same ISP router with an older firmware where WAN settings are still present:
You can run a traceroute to see if their network is CGNAT. From your OpenWrt router, the first line of the traceroute will be your ONT/router, then the second line will be their first router on the other end of the fiber from your house. If it is not a publicly routable IP, that means they are using CGNAT.
Thank you for the useful tip. The situation looks very bad... the first address after the ISP's router is in the single class A network private range
1 _gateway (192.168.1.1) 1.920 ms 2.917 ms 2.879 ms
2 192.168.29.1 (192.168.29.1) 5.461 ms 5.427 ms 5.392 ms
3 10.196.8.1 (10.196.8.1) 6.791 ms 6.757 ms 6.725 ms
So is it impossible for me to run any kind of active server on this network since I don't have access to their CGNAT or whatever device they have on their end ?
Technically in the fine print of most consumer ISP contracts, the customer isn't allowed to run an active public server on the line anyway, so you're not going to get any help from the ISP to do so.
There are ways you could pay a third party to expose a public IP and VPN tunnel it back to your house, but if you're going to involve a third party you could also just rent a server.
There may be a loophole if they offer IPv6 and they don't CGNAT it or block incoming connections.
True, but I am not running a public server, I am just trying to setup a private VPN tunnel that only I can access... so that I can connect to my local home devices from a non-local connection.
Absolutely...
They do offer IPv6 but I haven't been able to access it via my router, that's another issue though, perhaps I will create a new thread for it.
I just found more info about Jio Fiber on this reddit post:
Jio is using
Deep packet inspection
Carrier-grade NAT
Poorly configured stateful IPv6
(...)
WAN is assigned in a stateful manner, with only a /128 address being given to your router. Your LAN is by default configured to be stateless, with a /64 prefix length. However your LAN prefix is not assigned by the ISP, but is instead assigned from a reserved linked-local IPv6 range defined in an outdated RFC. So you literally get none of the benefits of IPv6, and all of the downsides of IPv4, as a NAT is involved in your connection.
Bridging mode is completely broken. You still need to configure your WAN interface even when you want to bridge the Jio router to your own equipment.
It looks like the ISP is worse than I thought... at-least I used to get a dedicated dynamic IP with raw ethernet via PPPoE with my previous ISP
I've found Zerotier very useful as an ad-hoc VPN for remote access to equipment. It is an OpenWrt package. It works even when there is CGNAT on both ends of the link. They have a free account for small usage. Of course you have to fully trust the Zerotier company...
I have an ONT modem for my FTTP also but the authentication with my ISP done via PPPoE with a username password, My ISP was CGNAT but i pay an extra £5 for a Static IP Maybe ask Jio ISP for Static IP if they do.
That doesn't seem to be the case with Jio, a few users have reported using their own ONT modem but couldn't get it to work, I guess it is because they might be using some proprietary method that they developed in-house.
I checked, there are no customer offerings for a dedicated or static IP on a residential level, an employee of the ISP said that it is only available to enterprise/business clients (it was an answer to a Quroa question).
I chose this ISP because of their cheap price and bundled streaming services offerings.