• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Is remote access behind CGNAT possible?

Scheduled Pinned Locked Moved Virtualization
7 Posts 4 Posters 9.2k Views 4 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E Offline
    eiger3970 0
    last edited by eiger3970 0 Dec 4, 2023, 1:27 PM Dec 4, 2023, 1:26 PM

    Remote access on the home network used to work with VNC and Remmina on a remote laptop.
    However the ISP's CGNAT stops it working.

    From reading, a VPN or tunnel might be needed?
    Is there an easy setup using pfSense for remote access?

    I tried OpenVPN but it needs a public WAN IP.
    I've started looking at TailScale, but it's all new to me.

    Just a simple home network solution would be good if a free VPS or something is needed?

    1 Reply Last reply Reply Quote 0
    • B Offline
      bmeeks
      last edited by Dec 4, 2023, 2:33 PM

      For security reasons, any remote access should use a VPN!

      There are two ways to work this VPN access.

      1. The easy and free version is to configure the VPN server on pfSense and put a certificate on your remote clients (PCs, iOS devices, etc.). You would also configure an account with a dynamic DNS hosting provider (there are some free ones and ton of paid ones). Then you can securely remote into your home network. But this mostly free method will not work behind CGNAT.

      2. The method required to get around CGNAT is to host your VPN server on some public host. So far as I know, all of those require some payment, but shopping around can produce a very reasonable (as in low) fee. You set up your VPN server on the public host, then on your pfSense firewall you configure a full time VPN tunnel to your VPS (virtual private server). You create another public VPN server on the VPS and configure your remote clients to connect to that VPN server. The traffic is then relayed securely into pfSense and your home network.

      M 1 Reply Last reply Dec 4, 2023, 2:40 PM Reply Quote 1
      • M Offline
        michmoor LAYER 8 Rebel Alliance @bmeeks
        last edited by Dec 4, 2023, 2:40 PM

        @bmeeks
        Option 3 is to use Tailscale which works with CGNAT. Its available as an option on pfSense

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        B 1 Reply Last reply Dec 4, 2023, 2:46 PM Reply Quote 2
        • B Offline
          bmeeks @michmoor
          last edited by Dec 4, 2023, 2:46 PM

          @michmoor said in Is remote access behind CGNAT possible?:

          @bmeeks
          Option 3 is to use Tailscale which works with CGNAT. Its available as an option on pfSense

          Yes, I forgot about Tailscale.

          It's sort of a re-engineered and easier version of option #2 from my list. The Tailscale tailnet wraps the whole VPS thing the way I understand it. The setup is much easier and free for some basic amount of tunnels.

          1 Reply Last reply Reply Quote 1
          • P Offline
            Popolou
            last edited by Dec 4, 2023, 6:05 PM

            Cloudlare Tunnels are free and allow a single device to be routed out. Should work for this purpose.

            E 1 Reply Last reply Dec 10, 2023, 12:39 AM Reply Quote 1
            • E Offline
              eiger3970 0 @Popolou
              last edited by Dec 10, 2023, 12:39 AM

              @Popolou
              I'm trying TailScale for now, however whilst setup and connection was easy via pfSense and actually 'just worked'!, it's not clear how to view and control the GUI?

              OpenVPN failed as it needs a public WAN IP to issue a certificate.

              Might try WireGuard if I can't solve TailScale's remote viewing and control.

              E 1 Reply Last reply Dec 10, 2023, 11:05 AM Reply Quote 0
              • E Offline
                eiger3970 0 @eiger3970 0
                last edited by Dec 10, 2023, 11:05 AM

                @eiger3970-0
                Well I'm using a work around now with a remote access client and server.
                Bit confusing why I need a VPN or Tunnel, apart from security right?
                Even when a VPN or Tunnel is installed, I haven't been able to setup remote viewing, say with VNC and RealVNC on the phone.

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received