OpenVPN server on pfSense behind Starlink router in bridge mode
-
@lawri said in OpenVPN server on pfSense behind Starlink router in bridge mode:
@chpalmer no client is not behind CGNAT
Could you make the client side the server side instead? I don't know your particular circumstance there so just throwing the idea out there.
-
@chpalmer said in OpenVPN server on pfSense behind Starlink router in bridge mode:
Could you make the client side the server side instead? I
If the client is using something like TMO home internet the routed IP will change regularly. Had that trouble at a friend's business last week when his FTTP broke.
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate Wouldn't dynamic DNS work for that?
-
@chpalmer No because the routing IP on cellular networks almost never remains the same for more than a few seconds. If you think CGNAT is bad, this is 1000x times worse. DynDNS might be one 1 IP on moment and another the next.
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
I do know that a customer of (at least Verizon) can get a public IP address assigned to their number.. This may now only be for commercial accounts but this might be a solution available from any of the carriers..
But according to LawRi> "no client is not behind CGNAT"
thus my comment that he could possibly put the server side on the "client" side.. and make his side the "client" side of the connection. Not sure why that couldn't work for him as I do it here for one of my radio sites..
-
Thanks for all answers but I stopped using OpenVPN cause CGNAT.
Now I made cloudflare tunnel so client can connect directly to services it needs.
Client is me in office, server is me at home
. -
@lawri said in OpenVPN server on pfSense behind Starlink router in bridge mode:
Thanks for all answers but I stopped using OpenVPN cause CGNAT.
Now I made cloudflare tunnel so client can connect directly to services it needs.
Client is me in office, server is me at home .I’m going to be relocating (soon) to an area with no cable and very spotty cell phone coverage and planning to use Starlink for internet access since it’s really the only option and is expected to be available sometime this year. I use the OpenVPN server builtin to pfsense a lot to connect my iPhone back to my home network when I’m at work. Could you describe how you setup the cloudflare tunnel to access your network?
-
@wgstarks I watched a few videos on YT and made a tunnel for myself. There is free plan to sign for. You need a domain, if you don't have one you can buy one from them (10$ a year). Then you make new tunnel, you need local machine that is always connected to internet and install client on it. As I understand that client connects tunnel to Cloudflare. After that you expose some services to that tunnel, like NAT. You can protect your tunnel with few options, I used mail protection on each service. I watched this two videos
NetworkChuck
Lawrence systems -
@lawri
Thanks. I've seen that but I really need something I can run Plex through. It's my understanding that the Cloudflare ToS doesn't allow streaming through the tunnel.Thanks for the video links though. I'm sure the process is basically the same for any endpoint.
-
@wgstarks I don't use Plex for home streaming, and generally I didn't expose my home cinema server to tunnel. I looked at Cloudflare Tos but can't see where it says that streaming services are not allowed.
