Ok look. I'm tired, stupid and tipsy and I can't get this flipping thing to work.
I'm trying to reach my home security system (old, 2013) which uses a web interface through my 4G uplink. It's the only gateway I've got and I'm happy with it otherwise.
(Setup is Netgear WNDR3800 and Sierra Wireless modem, 800MHz double biquad - if interested)
Obviously, 3 UK uses carrier grade NAT like all sensible providers that serve so many clients.
However, that means I can't port forward because I'm effectively sharing the IP address with other people.
I've bought a VPS and installed SoftEther Server and I've got a client that connects using the OpenWrt client - however that's where I'm stuck.
Ideally the goal is to be able to log into my local device (CCTV server box) through the VPS's IP address. Second to that, a second VPN server client that could reach my local device (CCTV server box.)
Either way, I know I need a static route from my local device to the SoftEther virtual interface.
Thirdly and finally, I have an ubuntu install running on a Raspberry Pi in the wilderness, also with a Sierra Wireless modem. I would ideally like to receive an RTSP stream from it. If I want to traverse the CG-NAT there too, is the setup similar? (using the same VPS.)
I just decided SoftEther because I heard it was faster and now I'm invested - would you be willing to point me in the right direction with it or should I just be less stubborn?
I can't speak to anything with SoftEther -- both performance and configuration since I haven't ever used it. However, I can say that WireGuard is really quite performant!
I believe that WG is super easy to configure and it is very fast... but follow whatever path you believe is best... maybe don't spend too much time/effort on SoftEther if you run into issues, and then instead pivot and try WG. You don't have to scrap your SoftEther efforts, too... they can theoretically co-exist.
Ok - just installed the client directly on the windows machine I'm using, no problems, internet access through the VPS. This is a route configuration issue as far as I can deduce and any further help is appreciated.
To make the TV box accessible from the Internet you'd port-forward back to it from the VPS IP. Although this means that anyone on the Internet can hit that port on the box and it probably isn't secure enough for that.
The other way would be to run a VPN at your remote location then route through two VPN tunnels that relay at the VPS, i.e. from wherever you are to the VPS to home LAN where the TV box is. This can be expanded to a hub and spoke system of several remote locations, and since all the remotes are outgoing connections to the VPS, they can be behind CGNAT.
That's ok, the risk outweighs the benefit. I've got a 2006 car with the 7" TFT in the dash. That'll never catch on. Thick and thin of it is if there's 4G reception at the car, I can open web streams on there on an x86 in the boot. whilst driving. That would just be too cool not to do. I also speed excessively. I routinely reach 110MPH. The outer lane is for CRIME.
That is far more secure, the spokes you speak of as multiple clients to that VPS. I like that and I'll do it.