Got T-Mobile 5G Home Internet

NollipfSense

@stephenw10 said in Got T-Mobile 5G Home Internet:

to use some external static server that both pfSense and external client connect to.

This is what I am realizing...one thing I noticed checking the supposed T-Mobile gateway out is that I am given both IPv6 and IPv4 address...what a great way to brush away my IPv6 mental resistance despite my stomach protesting dual stack...

stephenw10

Ha. Well if they give you a public IPv6 that solves the problem. Mostly at least.

Of course it won't work if you're trying to connect from somewhere that doesn't have IPv6....

JKnott

@nollipfsense

IPv6 is where the world is moving to, so you might as well get used to it. I've had it for almost 13 years.

I don't know what T-Mobile hands out, but I get 2^72 addresses from my ISP. This seems to be fairly typical.

JKnott

@stephenw10

Back when I used a tunnel to get IPv6, I set up my notebook to get a single address, as well as the /56 on my home network. I wonder if he.net offers something similar, so that you can access IPv6 over IPv4.

stephenw10

Yup, you could probably do that if you had to. I can pretty much guaranty that if you're using remote access OpenVPN then at some point you're going to end up trying to connect back from somewhere that's IPv4 only.

Dobby_

It all depends also where are you living!

In Germany you could get a Fritz!Box LTE router that is
able to use with T-mobile, they have a choice (service)
that is called My!Fritz so you may able to connect to
the inside of your network with VPN then.

The second chance is you get a small business contract
from them (T-Mobile) with an static public IP address
and all is fine for you and the vpn.

The third way may be more independent from all others but you must set up a so called "jump host" elsewhere in the internet and over that host you "vpn" home.

NollipfSense

Here is an interesting statement from my SIP service provider, Voip.ms: "The SIP request would come from a public IP address and port assigned to your modem from the ISP side. There's no issue when using cg-NAT with our service as most of our residential internet users are behind a cg-NAT."

Are they blowing smoke up my rare end?

SteveITS

@nollipfsense Connections out to a service don't matter. Connections in to you do matter. So it depends on what connects to whom. We're a 3CX partner and the connection is made from 3CX out to the SIP provider.

*rear ;)

stephenw10

Mmm, if you have external VoIP phones connecting to your PBX behind the CG-NAT that's going to fail.

Dobby_

@steveits said in Got T-Mobile 5G Home Internet:

@nollipfsense Connections out to a service don't matter. Connections in to you do matter. So it depends on what connects to whom. We're a 3CX partner and the connection is made from 3CX out to the SIP provider.

*rear ;)

If you are using a PBX appliance it would be perhaps good
to place them in a DMZ. Or plain a switch where the phones
will be connected. Will this solve the problem?

SteveITS

@stephenw10 Yes but phones connecting out to "the cloud" would succeed. Looks like VoIP.ms has both services.

JKnott

@nollipfsense said in Got T-Mobile 5G Home Internet:

Are they blowing smoke up my rare end?

Maybe it needs to be cooked a bit longer.

In order to use VoIP behind NAT, STUN is used. This provides the public address of wherever you hit the Internet. Also, I don't know that most residential users are behind CGNAT, though many are. Cell network connections usually are.