What's new

Options when behind cgnat

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ludespeedny

Regular Contributor
So I am behind a cgnat and looking at what my options are before just throwing money to my isp to give me a static ip. Could I use a tunnel broker and go ipv6?
 
Doesn't matter if you have CGNAT *unless* your concern is for remote access. Is that the case?
 
Yeah, mainly because wifi calling on my devices doesn't work, and some wifi cams aren't reliable when off network.
 
CGNAT in itself will not break CGNAT. I am behind 464XLAT for IPv4 and wifi calling works without issue. Your WiFI calling issue is likely caused by something else. Strange that your provider doesn't already supply you an IPv6 address.
 
CGNAT are typically deployed, when the ISP is short of IPv4 addresses. Those ISP who are short of IPv4 are really pressed to complete the IPv6 deployment. That's why it is very strange that you don't get native IPv6. IPv4 through CGNAT + IPv6 is not bad at all.

Issues you're describing are not usually caused by NAT of any type - I can only imagine WiFi calling being an issue if you are completely off carrier data network.
 
Yeah, the local cell towers near me are not working properly so I have no call ability at all via cell. My ISP charges like $20 for a static, so I think they don't want to roll out ipv6 since it is easy money for them.
 
Show/Tell your ISP that you're smarter than they are and set up a DDNS tunnel. I generally recommend tunnelbroker.net, but I've recently been made aware of route48.org...whichever is closest to you is probably the best, with (IMO) the newer one possibly taking a slight lead if their server is closest to you AND offers BGP Peering.
 
Yeah, the local cell towers near me are not working properly so I have no call ability at all via cell. My ISP charges like $20 for a static, so I think they don't want to roll out ipv6 since it is easy money for them.

There are plenty of ISPs who have rolled out IPv6 when they can charge for static (FIOS and Xfinity being two big ones), so it is probably more just they haven't had the time or resources to do it. You sure they definitely don't support it at all? Obviously if you had that then you could just use a DDNS provider that supports IPV6 and be good to go, though you may not even need DDNS if all you're looking for is ability to access cameras remotely as they typically initiate the connection out to the server so their IP can change without issue.

As far as wifi calling, as others have said, CGNAT shouldn't break that, unless your ISP has deployed something wrong. Your home router does the same thing (hide NAT). Have you tried one of the phones on someone else's network/ISP?

Your two best options (again as others have already said) would be a VPN provider (especially if you want to use IPv4), though many charge for a static IP and/or inbound NAT/PAT ability, or an IPV6 tunnel from tunnelbroker or one of the others which is free and they give you a static IPV6 subnet. As long as all the devices in question support IPV6 that should give you remote access and no need for DDNS in that case. Of course a VPN or tunnel can add latency and jitter which may impact your call quality but it likely isn't going to be an issue as they have servers all over the place and from my experience with tunnelbroker, plenty of capacity.

Probably best to first figure out if IPv6 is fully supported by your camera provider, if so you can look at which option is best, if not then you're sort of stuck with the IPv4 options.
 
So right now it is definite my isp doesn't support ipv6 at all. For wifi calling, all my phones work fine when on another network/isp, but not on this one. I do use dns encryption and have cloudflare set up for that, but that shouldn't be effecting anything. Plus I have tried on a fresh setup w/ the same results.

Is there a good write up on how to set up a tunnelbroker for our devices somewhere?
 
There is more than CGNAT going on here as CGNAT alone won't break WiFi calling. In addition, you really don't need a tunnel broker unless you are trying to add IPv6 support. If you are just trying to fix WiFi calling, a tunnel broker is not needed. I would first get a trial of any number of VPN providers out there and test it on a device with the issue. You will wan't to pick one that also allows manual OpenVPN configuration so that you can eventually implement a connection on your router.
 
So right now it is definite my isp doesn't support ipv6 at all. For wifi calling, all my phones work fine when on another network/isp, but not on this one. I do use dns encryption and have cloudflare set up for that, but that shouldn't be effecting anything. Plus I have tried on a fresh setup w/ the same results.

Is there a good write up on how to set up a tunnelbroker for our devices somewhere?

As long as the DNS encryption is only between your router and internet DNS it shouldn't hurt anything. If you're trying to encrypt between LAN devices and router, might be something there.

Don't suppose you'd be open to doing a factory reset on your router, staring with just barebones config and seeing if things work? Usually the best way to find issues, then add features one at a time. If it doesn't work with just basic config, then it is your ISP, and you can just restore a backup file (though may not be a bad time to reconfigure from scratch if you haven't done so recently).

If it turns out to be your ISP then using a VPN or IPV6 provider is going to probably be your only option.
 
There is more than CGNAT going on here as CGNAT alone won't break WiFi calling. In addition, you really don't need a tunnel broker unless you are trying to add IPv6 support. If you are just trying to fix WiFi calling, a tunnel broker is not needed. I would first get a trial of any number of VPN providers out there and test it on a device with the issue. You will wan't to pick one that also allows manual OpenVPN configuration so that you can eventually implement a connection on your router.

Yeah it seems like it is ISP related, the main reason for suggesting something like HE.net tunnel is it is free, high capacity, and they give you a free static IPV6 range. Whereas many of the traditional VPN providers will have bandwidth limits or require paid service, and if you need inbound connections you have to pay for that too (and it can be kind of a pain to configure). Would also want to probably try it "day 1" configured on the router itself rather than the devices since it is impacting multiple devices, cameras, etc, and you won't be able to install the VPN client on the cameras, and depending on the VPN provider, may not even have an Android/IOS client.

But agreed, a simpler first step may be to do a trial of an IPv4 VPN provider that supports openVPN and configure it on the router. Probably need to either set rules so that only cameras and phones use it, or just use it for brief testing then shut it down, otherwise you'll chew through your trial allocation pretty quickly.

At that point they'll need to decide if they want to pay the yearly fee for VPN or go with an IPV6 tunnel which can be gotten for free.

I guess if I was in this position I'd probably just start day 1 with the HE.net IPv6 tunnel knowing I'm not going to want to pay a yearly fee. I'd test and if the IPv6 tunnel latency isn't much worse than direct (and full throughput is achievable), just let it stay in place for all IPv6 traffic, otherwise, set up rules so that only the phones and cameras use that and everything else uses the direct IPv4 connection.

Of course that assumes that the cameras will talk IPv6, hard to believe anything these days won't but they may prefer IPv4, in which case you just have to block them from getting an IPv4 address. Phones should all be IPv6 compatible these days, again not sure which ones will prefer IPv6. The spec is that any device with dual stack SHOULD prefer IPv6 but that doesn't mean everything follows that.
 
But agreed, a simpler first step may be to do a trial of an IPv4 VPN provider that supports openVPN and configure it on the router. Probably need to either set rules so that only cameras and phones use it, or just use it for brief testing then shut it down, otherwise you'll chew through your trial allocation pretty quickly.
But a tunnel broker may very well not fix your WiFi calling issue. It depends who your cell phone provider is. Not all cell companies have IPv6 connections to their WiFi calling servers. When I had AT&T a couple of years ago they didn't.
 
So right now it is definite my isp doesn't support ipv6 at all. For wifi calling, all my phones work fine when on another network/isp, but not on this one. I do use dns encryption and have cloudflare set up for that, but that shouldn't be effecting anything. Plus I have tried on a fresh setup w/ the same results.

Is there a good write up on how to set up a tunnelbroker for our devices somewhere?


It really is not that difficult. Unfortunately, 6in4 use a non-common IP protocol number 0x29. Depending if and how well your ISP NAT tracks 6in4 packets, it might not work either. Consult RFC 7059, section 5.

If that's the case, your only best would be something that establishes the tunnel over TCP/IP or UDP/IP - exp. OpenVPN. But I don't know anybody who offers such tunnels free or even paid, or if you get a delegated prefix. There was Sixxs, but it is shut down now for a few years.
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top