Can I Use VPN To Expose Service Through Double NAT
-
As the title says, I want to access my Emby server remotely, but the cellular modem doesn't allow port forwarding. I have a VPN service, and read that you can use the VPN to get through a double NAT situation, but I'm not sure where to start.
Any help would be appreciated...
Thanks!
-
@wormuths What VPN Service is it? Some few allow to forward a port.
Also there is Tailscale for pfSense. -
Can you provide more information on your double NAT situation? Typically, people are double NAT'd because their ISPs gives them a combo modem/router, and then they connect another router behind it (like pfSense).
In this case if you can get into the ISP modem/router and disable services or set it to pass-through mode if it supports it you will no longer be double NAT'd.
If you are double NAT'd upstream of your house, then your ISP sucks. That's for sure.
If you use a VPN like PIA which I use and is OK (not amazing but OK) it does support port forwarding and static IP addresses.
The down side is when your Emby server is connected to the VPN 1.) it will be on the internet with no hardware firewall and 2.) you probably won't be able to get to your Emby server locally when the VPN is connected.
If you do this I would recommend you turn on a software firewall on the machine and allow w/e ports Emby needs.
-
@bjd223 My VPN is Express VPN.
As for the double NAT, it’s because I switched to cellular service from T-Mobile. They give you a cellular modem and then I have to connect PFSense to a port on that. Their modem has no configuration option to add a forward or a DMZ or anything.
If you all can think of a use case where it may make a difference, I have an unused Wi-Fi card on the PFSense box. Maybe if there was a way to connect Emby through that? It’s just there not being used for anything…
It’s not the most urgent of issues, but I would like to be able to watch my media on vacation or something. It’s more important to watch it locally though. This is just something I’d like to have working if possible.
Thanks for any ideas you might have…
Steven -
@wormuths said in Can I Use VPN To Expose Service Through Double NAT:
I want to access my Emby server remotely, but the cellular modem doesn't allow port forwarding. I have a VPN service, and read that you can use the VPN to get through a double NAT situation
This requires that your VPN provider gives you an IP and a port, which he would forward to your VPN virtual IP. Is this given already or do you have an option on this?
I have an unused Wi-Fi card on the PFSense box. Maybe if there was a way to connect Emby through that?
Why not a cable?
pfSense doesn't work well with wifi in recent versions.If pfSense makes the VPN you should put between the Emby and the upstream router. Doing so and configure pfSense properly access from both, the VPN and local should work well.
-
@bjd223 said in Can I Use VPN To Expose Service Through Double NAT:
The down side is when your Emby server is connected to the VPN 1.) it will be on the internet with no hardware firewall and 2.) you probably won't be able to get to your Emby server locally when the VPN is connected.
Na, pretty sure we are talking about pfSense being on that VPN, not his server alone...
But I don't know if the mentioned service allows this and also what your upload is in general. -
@wormuths
So what you actually have is called CGNAT.
Google it, there are ways around it, not free but cheap.
You can ask T-Mobile if they will put you on an IPv6 address instead. They might, probably won't, -
@bob-dig Yeah they could configure it on the pfSense box but wouldn't all their traffic go over the VPN? In my experience that can cause some serious performance issues especially with anything latency dependent like gaming. Even if you set the encryption on the tunnel to none latency on all the VPN providers I have tried has been pretty poor even under the best circumstances.
I guess if you could route only the Emby traffic/machine over the VPN that would be more ideal I am just not familiar if you can do that on pfSense.
-
@bjd223 said in Can I Use VPN To Expose Service Through Double NAT:
I guess if you could route only the Emby traffic/machine over the VPN that would be more ideal I am just not familiar if you can do that on pfSense.
But you asked in the pfSens forum so... and yes, it is possible.
