How to connect to my Home Network Using VPN on Fibre?

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › How to connect to my Home Network Using VPN on Fibre?

1 | 2

djtOtago

1190 posts

Uber Geek
+1 received by user: 614

#2185760 23-Feb-2019 10:43

I don't know much about Trustpower, so hopfully some one else here will know if they use a CGNAT setup for their network.

If they do us CGNAT, you will have to request a puplic static IP address from them. There will most likely be a cost for this, assuming they can do it at all.

RunningMan

9326 posts

Uber Geek
+1 received by user: 4968

#2185763 23-Feb-2019 10:57

barrynz:

How do i manage to browse the web then?

You don't need a public IP to browse the web. Their connections are CG-NAT by default, so you have another level of NAT. The WAN IP of your router is not a public IP, so you will never be able to connect from outside.

nzkc

1638 posts

Uber Geek
+1 received by user: 1043

#2185766 23-Feb-2019 11:09

As you dont have a public facing IP your options are limited.

One possible solution is something like this: https://www.dataplicity.com/

You will be putting your trust into them as the way it works is you have a host (Raspberry Pi in this case...but doesnt have to be) that holds a session option to Dataplicity. You then connect to your host through Dataplicity - its essentially a (very limited) proxy. I have used this in the past, but have since moved to a full VPN set up.

RunningMan

9326 posts

Uber Geek
+1 received by user: 4968

#2185767 23-Feb-2019 11:13

Or request a public IP from TrustPower, or move to an ISP that provides public IPs by default.

Gordy7

gordy7
2010 posts

Uber Geek
+1 received by user: 505

ID Verified

Lifetime subscriber

#2185769 23-Feb-2019 11:23

A possible way to check if you are behind a CGNAT is explained here:

https://superuser.com/questions/713422/how-would-i-test-to-see-if-im-behind-carrier-grade-or-regular-nat

Gordy

My first ever AM radio network connection was with a 1MHz AM crystal(OA91) radio receiver.

cyril7

9075 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#2185771 23-Feb-2019 11:28

If you stay with this service with CG-NAT you could resort to using something like Chrome remote desktop and connect to a machine inside your network.

Alternatively, I recently helped a mate with a similar issue get around this problem, used a cheap linux machine in aws that I had setup for other purposes, used reverse ssh tunnels to connect and jumped through the nat, all sorted in a few minutes, although with that exact solution it assumes you are happy with simple ssh tunnels (simple but fast). You could do a similar thing with more complex ipsec or other vpns and use the aws machine as the hub and dailin from both your home and remote machines and route between.

Cyril

Mighty Ape

Shop now at Mighty Ape (affiliate link).

vulcannz

436 posts

Ultimate Geek
+1 received by user: 136
Inactive user

#2185772 23-Feb-2019 11:44

You need to check if Trustpower are provisioning you with a real world IP address or CGNAT. CGNAT gives you a private IP address, so you still get out but setting up VPNs and web servers cannot happen.

I can't tell if they run CGNAT (see posts above to check your IP), but they do offer static IP's for $5 a month: https://ask.trustpower.co.nz/app/answers/detail/a_id/185/~/static-ip

Also make sure you setup 2 factor authentication (aka One Time Passwords on the Sonicwall), it's free and worth doing.

barrynz

39 posts

Geek

#2185794 23-Feb-2019 12:39

vulcannz:

You need to check if Trustpower are provisioning you with a real world IP address or CGNAT. CGNAT gives you a private IP address, so you still get out but setting up VPNs and web servers cannot happen.

I can't tell if they run CGNAT (see posts above to check your IP), but they do offer static IP's for $5 a month: https://ask.trustpower.co.nz/app/answers/detail/a_id/185/~/static-ip

Also make sure you setup 2 factor authentication (aka One Time Passwords on the Sonicwall), it's free and worth doing.

Yeah i think they are using CGNAT - hence the wan port is getting this range of RFC 6598 states that 100.64.0.0/10.

I think i got the answer, CGNAT feature is limiting us to be accessed from outside home net, i think i have to go ahead with static IP then, which is 5$ :).

barrynz

39 posts

Geek

#2185801 23-Feb-2019 12:42

barrynz:

vulcannz:

You need to check if Trustpower are provisioning you with a real world IP address or CGNAT. CGNAT gives you a private IP address, so you still get out but setting up VPNs and web servers cannot happen.

I can't tell if they run CGNAT (see posts above to check your IP), but they do offer static IP's for $5 a month: https://ask.trustpower.co.nz/app/answers/detail/a_id/185/~/static-ip

Also make sure you setup 2 factor authentication (aka One Time Passwords on the Sonicwall), it's free and worth doing.

Yeah i think they are using CGNAT - hence the wan port is getting this range of RFC 6598 states that 100.64.0.0/10.

I think i got the answer, CGNAT feature is limiting us to be accessed from outside home net, i think i have to go ahead with static IP then, which is 5$ :).

This is from their site:

NAT type

How can I resolve my NAT type issues?

NAT (Network address translation) is the ability of a modem to translate a public IP address to a private IP address and vice versa.

Gaming consoles often encounter NAT related issues which result in a poor gaming experience. If you are experiencing issues with a "strict" NAT type, please contact us and we can make sure CGN is turned off for your connection, this should resolve most NAT type issues.

If this doesn't help, you may need to port forward, and change your NAT type to either moderate or open. This is not a function supported by the Trustpower technical support team, you will need to use the Port Forward website.

RunningMan

9326 posts

Uber Geek
+1 received by user: 4968

#2185805 23-Feb-2019 12:52

barrynz:[snip] If you are experiencing issues with a "strict" NAT type, please contact us and we can make sure CGN is turned off for your connection, this should resolve most NAT type issues.

This is what you need to do. You need a public (i.e. non NATed) address. Having a static address will make it easier, but this is not required. A dynamic public address with a dynamic DNS resolver will work fine.

vulcannz

436 posts

Ultimate Geek
+1 received by user: 136
Inactive user

#2186614 25-Feb-2019 07:17

Note if you do get a dynamic public address the Sonicwall also supports dynamic dns services (like DynDNS).

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

taneb1

553 posts

Ultimate Geek
+1 received by user: 231

ID Verified

Trusted

Mercury

#2186656 25-Feb-2019 08:50

Hi @barrynz

As others have mentioned, Trustpower can provide a dynamic public IP for free or a Static IP for $5 per month.

If you would like either option, you should be able to contact our Webchat team via trustpower.co.nz to sort this out for you.
Alternatively if you want to PM me your account details, phone number and best time to call and I can organize someone from our Tech Support to give you a call to sort this out as well.

Thanks,

Tane

Any comments made are my personal views and does not represent those of my employer

1 | 2