On Fri, Sep 21, 2018 at 2:20 PM secret.memail.com@gmail.com wrote:
It it certainly true that many home users are now behind firewalls and “NAT” devices that cause issues with many tunneling protocols such as IPIP. It’s worthwhile to mention that for a majority of these people it is possible to fix this issue with a third party device such as Ubiquiti’s Edgerouter X. I have seen a number of threads about this so it is clear that a majority of the participants in this mailing list are aware of this solution. The issue is with those who utilize an ISP that uses “Carrier Grade NAT” (often just “CGNAT”). In this situation, the user will often have no control over the firewall or “NAT” appliance and therefore no way to allow IPIP (or otherwise) traffic to travel to their 44net router. I am surprised that these have not been a significant number of threads about this issue before especially as there appears to be no good solution (not to say that there are not any solutions).
Bryce Wilson, AS202313
Note about NAT and NAT related terms being in quotation marks: I have been informed several times that the version of NAT found on most consumer hardware is in fact not NAT (Network Address Translation) but Stateful PAT (Port Address Translation). I use NAT above because that is the term that the majority of people would be familiar with. I aim not to use terms that are technically correct but not understood by the reader.
I often wonder how many people outside of mobile providers are behind carrier grade NAT. At some point I suppose its inevitable for IPv4. I am hoping if providers implement that, they are are least offering IPv6 too.
As for our purposes behind carrier NAT, John K9VE proposed a solution. And its to buy a cheap VPS (virtual host) and have a 44net subnet brought to it by BGP. From there you could use Openvpn which is a stateless (continuous handshaking to keep the outside connection open) so you don't need to worry about protocol/port forwarding from your home connection to the VPS.
I don't think you are able to bring in more than one IP address (per connection) with openvpn though. Where with ipip you can specify something other than a /32 to tunnel to you. I am sure there are other open source stateless VPN packages that I don't know about though.
The other thing is BGP requires nothing less than a /24 so you might end up with an allocation to your VPS that is bigger than you really need. So a group approach might be best.