So I currently am in a pretty good place, I have gigabit internet with a public IP for my router (actually 2 publics but that’s not important). But I might be moving eventually and it seems like more and more apartments are doing managed wireless with either no wired connection or putting wired clients behind CGNAT. If I’m behind CGNAT, is there a way to host a VPN server so I can still get into my network? I have heard there is some way to do it with a tunnel that you pay a few dollars a month for, can anyone explain more details so I know what service to look for? I guess what I have in mind is a device on my LAN opens up a tunnel to the servers of whatever company I pay, and then I just keep that connection open and if I need to connect to the VPN I would connect to the company’s server and go through that tunnel to get into my LAN.
I have heard there is some way to do it with a tunnel that you pay a few dollars a month for, can anyone explain more details so I know what to look for?
People often use a cheap VPS as an external node, then connect outwards to that VPS from your network (which works fine) and create a tunnel, then connect to the VPS from the outside and use the existing tunnel.
outside —> VPS <— internal network
This is what you want. It can be done for free using the Oracle vps: https://github.com/mochman/Bypass_CGNAT
You have Tailscale and ZeroTier as free VPNs which will show you how to punch a hole from behind. If you do not trust your free VPN provider, you can use your VPN over this VPN, so your free provider does not see anything.
You can use Tor to connect to your OpenVPN.
Mamy VPN providers, like Mullvad VPN, offers port forwarding.
You can rent VPS which will be working like VPN server for your needs or just gateway, when you use HaProxy to reach OpenVPN behind it’s back.
Personally? I do have OpenVPN in TCP mode which works over Tor, ZeroTier or directly. OpenVPN allows you to configure few paths yo your server, so when i am in my home network i connect directly. When i am in civilized place, i go over ZeroTier. If all above fails for some reason, Tor with bridges is usually good enough with tricking firewalls, so it’s past resort.
And it’s free!
Another good option is Cloudflare tunnel. Works well behind my CGNAT/double NAT. and it’s free!
Using a jump host, e.g. a VPS, is definitely a solution. However with CGNAT you can still self host by using IPv6 only without needing a VPS in the cloud.
You’re looking for something like ZeroTier, TailScale and CLoudflare Tunnel.
I am behind cgnat and use ZeroTier. Really works great!
Yes that sounds like what I want. What service would I run on the VPS to handle this tunneling for me?
well you still need a domain.
Does it fix moderate NAT to being able to host jobs properly in GTA (p2p)?
A VPN service, e.g. OpenVPN or Wireguard.
WireGuard: https://github.com/mochman/Bypass_CGNAT