I just realized there is quite a similar topic about wireguard and VPS, but I do have some more generic questions in order to understand that VPS approach.
So far I do have NGINX connected with my DDNS service and very comfortable able to access my Immich server as well as my Seafile fileserver at home. With CGNAT that is gone and I didn’t check that before
After some not really successful tries with Zerotier, Proton and other things I am coming to the conclusion that VPS might be the right approach.
Is that VPS the recommended tool to overcome the CGNAT issue more and more of us are facing cause ISPs are moving to CGNAT?
Are there any special requirements I should look for when searching for a VPS?
I see cheap VPS with only one CPU is that enough?
I checked that Oracle free VPS but this is only for 30 days so not useful I think.
How is that generally working, what do I need to setup on the VPS and on my router?
Is this a wireguard server what will run on the VPS and the router is connected there 24/7?
As far as I understand I will replace my DDNS with a VPS what offers me a fixed public IP,
is that correct?
OK I got he Oracle free tier VPS and changed to PayAsYouGo what won’t be charged in my case but offers the necessary settings when setting up the instance
Oracle VPS is up and running.
Had some trouble to get the Public IPv4 assigned but that is also available now.
I have installed Ubuntu and I can SSH into it.
Did sudo update and sudo upgrade, rebooted
What’s next?
I really need your help now to setup the VPS and connect my router to it to overcome the stupid CGNAT situation.
After almost two years on 1 Gbps fibre with CG-NAT (on IPv4) I found a solution by changing my VPN provider that includes 5 forwarded ports (not changing) and a DDNS for each. I think there’s only one that does that. I wonder why I haven’t found them before (AirVPN).
Which ISP is this, as there is no such thing link IPv6 CGNAT.
Do you have a need for accessing services with the legacy protocol, e.g., mobile network is also legacy protocol only or your corporate network is holding you up?
This is in Germany, ISP is freenet, selling in this case a telekom 5G unlimited access.
I am using a Zyxel 5G router set to IP-Passthrough to my OpeneWRT router.
Speed is perfect and stable as well.
I have checked already the IPv4 and 6, no chance to ping, IPv4 is CGNAT.
I also contacted them for the possibility to get a public IPv4 assigned - No Chance!
So I am on the VPS track … see I if can get that working
Thank you.
Ah, than you are on an IPv6-only network and IPv4 connectivity is provided by the Telekom NAT64 gateway.
Therefore, IPv4 is not available at all.
Yes, sadly mobile network are blocking incoming connections for IPv6.
You might get a static /64 IPv6 delegation with open incoming connections, but this is typically only available for buisness customer.
Then the VPS or a tunnel might be the only option for you.
Setup a WireGuard server and make a site-to-site connection with the OpenWRT router
This means that both sides have routes to each other by setting the opposite subnet as allowed IPs and for firewall settings both sides are setup as a "server" so allowing traffic and no Masquerading needed.
Then a simple port forward on your VPS to your nginx server on the openwrt router should do the trick
In theory dead simple in practice, well we will see
Well, that’s why it’s (they are) probably hard to find. All the WireGuard conf file are available for all their servers. I just had to import (one of) them in OpenWrt and it works. I had to add a traffic and a forward port rule for each forwarded port. And they don’t provide a tutorial for that. About the throughput : After less than a month of testing, I subscribed for 3 years. With SurfShark (and no incoming port) I had between 100 and 200 mbps (torrent seeding). Now, it’s more than average 600 mbps.
I have always needed a VPN since 2012. And now, even with CG-NAT I can enjoy close to my whole theoretical bandwidth while being able to receive 5 incoming ports.
NGINX is running on my home server in a docker container, not on OpenWRT.
What about setting up the wireguard server on the Ubuntu VPS is this a standard installation?
And what about firewall is this necessary or can I ignore that, don’t know what the Oracle VPS or Ubuntu standard setting is using.
Is there maybe any guide you know that I could use?
I followed this guide for the server config, setup was successful.
The only thing I couldn’t run was “sudo netfilter-persistent save” this command seems not to be available in Ubuntu 24.04 as delivered with Oracle free tier cloud VPS.
As said I only setup the server side, cause now the OpenWRT client side needs to be setup.
Can somebody support me here?
Just to mention I do have already a wgclient interface running 24/7 with proton VPN.
Do I need now to setup a second wgclient interface?
if your only concern is "how to access my home server that is behind CGNAT", I have very positive experience with Tailscale. I run it on my home server directly, not on the router. (and on other devices of course)
