Hi all. I’m after some advice. I currently have Sky broadband (33mbps) and recently saw Youfibre being installed in my area offering upto 1000mbps!!! And for similar money to what I pay now. No brainer so i’ve pre ordered.
I usually do research before big decisions. But as I have time until install and can cancel I thought why not. I have however now stumbled upon the fact the Youfibre uses CGNAT rather than Dynamic IP that most other UK ISP’s use. I didn’t think this would be an issue but it seems that my Asus router which I use the remote app for will no longer work via DDNS and that I may encounter issues with Open Nat settings on my Xbox and even issues connecting to my smart home items like Hive, Ring and home alarm!!!
Does anyone else have a similar experience or resolution. At the moment it seems the only way around this is to pay an extra £5 a month for a static IP from Youfibre. It’s not a huge fee but I don’t know why it should be extra. Nor if it opens any other potential issues down the line. I know it ‘could’ be deemed less secure for a home network.
Any help or advice much appreciated. Thanks.
For reference I’m using an Asus RT-AC86U with Merlin software.
Easiest way to have your cake and eat it too is to just to bite the bullet and pay the extra £5 for a static IP. There is extra value in doing so, because you eliminate the bother of needing to update DDNS while opening up NAT for gaming and easy VPN setup in the future, and you get full fiber and the reliability that comes with it.
You could get around CGNAT by using a VPS middle man that you tunnel to and use as a “front” for you home network, but that’s going to be around £5 or more too, so why not just pay directly?
I suppose there could be some concerns with having a “permanent” IP Address as a fixed target, but I’m of the very strong belief that home users just aren’t an appealing target for any kind of hacking, because there just isn’t much reward for doing so.
Any truly skilled hacker will immediately switch to a real corporate or government target as soon as he realizes his current one is just some home user with a typical boring life. And the number of skilled hackers not employed by a government or are not self described “white hat” hackers might be less than a dozen in the entire world. The dangers to home users are entirely overblown, as evidenced by specific cases never being mentioned or discussed in detail in any kind of social media ever, including this sub.
Moving from broadband to fiber is massive. 30x more bandwidth is huge. CGNAT ranges from inconsequential to deal breaking, but it doesn’t sound like you have anything problematic. If you run into issues, fork over the five.
It’s a bit crap you have to pay £5 per month (I paid £5 one-off with Plusnet), but it will be the best way to avoid any headaches with hosting your own servers, port forwarding, open NAT gaming, etc
Your smart devices shouldn’t be affected by CG-NAT though as they establish an outgoing connection to a server and the apps on your phone connect to the same server, there is no direct connection between the app and your devices
Public IP addresses are expensive, even on a provider level.
They’re more than likely losing money on public IPS at $5 per month.
CGNat doesn’t really affect your connection unless you’re self hosting.
Al least in most ISPs i’ve been with, they are two separate services, one to get you out of cgnat, and another to get you a static ip. I think it doesn’t make sense to have a static ip behind cgnat, when you can’t open ports to the internet… In most cases is 1€ above your standard internet fee to get out of cgnat. That plus a dyndns service of your choice should be enough. Luck!
We upgraded to fiber a year and a half ago here in the states. Unfortunately the provider here also uses CGNAT. We’ve not had problems with our PS5 or computers whilst gaming.
You can always pay the provider for a static public IP address, or use a VPS as others suggested. You can also look into either ZeroTier, TailScale, or Cloudflare tunnels which may be free depending on your usage.
The address space for IPv4 addresses are all but gone, and IPv6 isn’t being adopted by providers as fast as I’d like, so providers came up with CGNAT, which is essentially what your Asus router is doing on a much larger scale - their entire customer base.
Thanks for the detailed response. I think so too to be honest. However I’ve heard of people getting IP’s in the 154 region I think it was which has been causing them issues. Although I don’t fully understand why at the moment I’m still trying to read up on it.
I agree the hacking risk is very small and to be fair I think I can set my router to only accept my IP for some kind of extra security.
I do already subscribe to a VPN so that was a thought. But I don’t want to implement that at router level as some devices do not like that at all. So as you say it may just be biting the bullet. It should sort all issues if I do and everything work as my set up does now?
And the number of skilled hackers not employed by a government or are not self described “white hat” hackers might be less than a dozen in the entire world.
You just gravely offended about a hundred thousand people.
They’re going to comment on this post as soon as they have an updated script.
It won’t be behind CGNAT apparently. It’s one or the other. Apparently there is no alternative until IPV6 is live everywhere. And we all know how that’s going. Thank you for your thoughts. Appreciated.
Thank you. I likely will. Just wasn’t sure if this Static IP was right for me but it sounds like it was. Although apparently my provider has bought a batch of US addresses which is causing some users issues and frankly is astounding that they didn’t foresee that!
I do already subscribe to a VPN so that was a thought. But I don’t want to implement that at router level as some devices do not like that at all.
When I mentioned VPN, I was talking about setting up your own VPN Server at home so you can access your entire home network securely from anywhere with an Internet connection, not a VPN subscription like Nord VPN or whatever you have. For example, I’m currently running Wireguard VPN on a Raspberry Pi inside my home, and can access my home NAS and any router or managed switch settings through it using an encrypted tunnel. This is a much better method than your current one of exposing the router interface directly through the WAN, as you must be “inside” on the LAN to access these settings through a VPN tunnel. You are the one actually hosting the VPN, and there is no subscription fee. It takes minutes to set up using a Raspberry Pi and PiVPN, which supports Wireguard.
So as you say it may just be biting the bullet. It should sort all issues if I do and everything work as my set up does now?
I believe it will be just like before, except you don’t need Dynamic DNS as your public IP Address won’t change. If you ever wanted to host a Minecraft Server or similar, it’d make it easier on your friends too.
I do encourage you to investigate using a VPN Server and tunneling into your home network and accessing the router configs that way instead of exposing the interface on the public IP Address through Merlin, though it’s a minor point if you do it through Merlin correctly. But having secure access to your entire LAN using a VPN Server is one of the true joys of having symmetrical fiber.
Not sure about other countries like the UK, but IPv6 usage is relatively high in the USA. Mostly thanks to mobile phones though, as many of the carriers run an IPv6-only network (using 464XLAT or similar technology to connect to legacy IPv4-only servers). Comcast have supported IPv6 for over 10 years, too.