21 Sep
2018
21 Sep
'18
6:02 p.m.
On 22/09/18 05:57, Steve L wrote:
I often wonder how many people outside of mobile
providers are behind
carrier grade NAT. At some point I suppose its inevitable for IPv4.
I am hoping if providers implement that, they are are least offering
IPv6 too.
Depends where you are, I know people in some countries have struggles
with CGN for as long as 15 years (someone in India comes to mind), and
some fixed wireless ISPs were using it 10-15 years ago too.
As for our purposes behind carrier NAT, John K9VE proposed a solution.
And its to buy a cheap VPS (virtual host) and have a 44net subnet
brought to it by BGP. From there you could use Openvpn which is a
stateless (continuous handshaking to keep the outside connection open)
so you don't need to worry about protocol/port forwarding from your
home connection to the VPS.
That would work, at the cost of suboptimal routing, but
better than nothing.
I don't think you are able to bring in more than one IP address (per
connection) with openvpn though. Where with ipip you can specify
something other than a /32 to tunnel to you. I am sure there are
other open source stateless VPN packages that I don't know about
though.
Yes, you can, and with careful setup, that can be done on a connection
by connection basis (based on the ID of the connecting system). I have
done this in a commercial situation, mixing single IP endpoints with
VPNs to remote subnets on the same OpenVPN server. Currently, I am
routing a /29 (non amprnet) via OpenVPN to my LAN to get more public IPs.
The other thing is BGP requires nothing less than a /24 so you might
end up with an allocation to your VPS that is bigger than you really
need. So a group approach might be best.
Yes, that would be best.
As I said, however, the routing would be suboptimal, because you don't
have the benefit of the ipip mesh that normal tunnel endpoints have.
All traffic would have to be routed through the OpenVPN server. Choose
your VPS host location carefully! Also, the VPS will need to be on the
ipip mesh as well as directly connected.
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com