On 22/09/18 05:57, Steve L wrote:
I often wonder how many people outside of mobile providers are behind carrier grade NAT. At some point I suppose its inevitable for IPv4. I am hoping if providers implement that, they are are least offering IPv6 too.
Depends where you are, I know people in some countries have struggles with CGN for as long as 15 years (someone in India comes to mind), and some fixed wireless ISPs were using it 10-15 years ago too.
As for our purposes behind carrier NAT, John K9VE proposed a solution. And its to buy a cheap VPS (virtual host) and have a 44net subnet brought to it by BGP. From there you could use Openvpn which is a stateless (continuous handshaking to keep the outside connection open) so you don't need to worry about protocol/port forwarding from your home connection to the VPS.
That would work, at the cost of suboptimal routing, but better than nothing.
I don't think you are able to bring in more than one IP address (per connection) with openvpn though. Where with ipip you can specify something other than a /32 to tunnel to you. I am sure there are other open source stateless VPN packages that I don't know about though.
Yes, you can, and with careful setup, that can be done on a connection by connection basis (based on the ID of the connecting system). I have done this in a commercial situation, mixing single IP endpoints with VPNs to remote subnets on the same OpenVPN server. Currently, I am routing a /29 (non amprnet) via OpenVPN to my LAN to get more public IPs.
The other thing is BGP requires nothing less than a /24 so you might end up with an allocation to your VPS that is bigger than you really need. So a group approach might be best.
Yes, that would be best.
As I said, however, the routing would be suboptimal, because you don't have the benefit of the ipip mesh that normal tunnel endpoints have. All traffic would have to be routed through the OpenVPN server. Choose your VPS host location carefully! Also, the VPS will need to be on the ipip mesh as well as directly connected.