Jump to content

Remote access with double NAT

lucas-a
By lucas-a
in Networking
 Share
Posted

Hey there,

 

maybe there is somebody who can help me with my networking problems.

 

Ive got two Locations: One with my main Server behind a double NAT (I dont have access to the webinterfaces, no portforwarding possible) and a second location with public dynamic Ip-address.

I would like to create something like Teamviewer VPN oder LogMeIn Hamachi without using their servers but instead a Raspberry Pi at my second location to access my main server with mobile devices.

 

I got it kind of working with the Rpi acting as router (forwarding into a VPN Tunnel), but this limits the bandwith to the upload speed of my second location. Instead I would like to use the Rpi only to establish a direct connection to the server.

Is there a (free) software solution to this?

 

Thanks.

 

Link to comment
https://linustechtips.com/topic/1147933-remote-access-with-double-nat/
Share on other sites
Link to post
Share on other sites
Posted
5 minutes ago, lucas-a said:

Hey there,

 

maybe there is somebody who can help me with my networking problems.

 

Ive got two Locations: One with my main Server behind a double NAT (I dont have access to the webinterfaces, no portforwarding possible) and a second location with public dynamic Ip-address.

I would like to create something like Teamviewer VPN oder LogMeIn Hamachi without using their servers but instead a Raspberry Pi at my second location to access my main server with mobile devices.

 

I got it kind of working with the Rpi acting as router (forwarding into a VPN Tunnel), but this limits the bandwith to the upload speed of my second location. Instead I would like to use the Rpi only to establish a direct connection to the server.

Is there a (free) software solution to this?

 

Thanks.

 

Who in there right networking mind would have a network with a double NAT? CRAZY!

So for the Double Nat are you just looking for Like RDP access or more than that?

 

Internet Connection

My Rig: AMD Ryzen 9 3900X @ 4.3Ghz | Asus Prime X470-Pro | Corsair Vengeance RGB Pro 32 GB (4 x 8GB) DDR-4 3000Mhz OC'd @ 3400Mhz 16-20-20-38 |

EVGA RTX 2070 8GB XC Gaming OC @ 2145Mhz Boosted/ 1925Mhz Memory | WD SN750 500GB M.2 NVME | Gigabye 240GB SSD | 
XSPC EX 360mm | Corsair XC7 RGB CPU WB | EK-Vector RTX 2080 | Alphacool Eisbecher D5 150mm Plexi | XSPC Fittings | XSPC FLX Clear 7/16" ID, 5/8" OD |
Corsair LL120 x6 | Corsair RM750x White 2018 | Corsair Commander Pro | Corsair Obsidian 500D RGB SE | Corsair RGB LED Lighting PRO Expansion |
Corsair Strafe RGB MK.2 | Corsair Ironclaw RGB Wireless 18,000DPI | Acer 32" 4K 60Hz HDR600 Cert. ET322QK CBMIIPZX |

Passmark Score

3dmark Score

PC Parts Picker Link to Build

Network

Netgear LBR20 LTE Router | Verizon Unlimited Prepaid Hotspot Plan

HP 2530-48G-PoEP Switch

Rasberry Pi 4 Running Pihole

Linksys Velop 3 Mesh Wifi AP's

 

Link to post
Share on other sites
Posted

I recommend ZeroTier, it is virtual network app in which you can create a network and join that network in multiple devices (works in windows, macos, linux, ios and android), when you add devices to the network that you created it gives it an ip and you can access that device using that ip from other devices in the same network.

Link to post
Share on other sites
Posted
  • Author
1 hour ago, ddennis002 said:

Who in there right networking mind would have a network with a double NAT? CRAZY!

So for the Double Nat are you just looking for Like RDP access or more than that?

 

I could imagine its cheaper for the ISP because only one IP is needed...(And europe is out of ipv4 adresses) Around here arent any better ISP options. I would like to forward one port to the server then connect via OpenVPN/Wireguard/... into the local network.

1 hour ago, mtz_federico said:

I recommend ZeroTier, it is virtual network app in which you can create a network and join that network in multiple devices (works in windows, macos, linux, ios and android), when you add devices to the network that you created it gives it an ip and you can access that device using that ip from other devices in the same network.

Thanks for your suggestion. I already used Zerotier but if you want to access the devices on the local network you have to set dns manually on the client device (and forwarding rules on the server) and the client settings get resetted when you disconnect from the zerotier network. Thats the main reason I look for a new way.

Link to post
Share on other sites
Posted
2 minutes ago, lucas-a said:

I could imagine its cheaper for the ISP because only one IP is needed...(And europe is out of ipv4 adresses) Around here arent any better ISP options. I would like to forward one port to the server then connect via OpenVPN/Wireguard/... into the local network.

So your ISP is behind NAT as well?

Internet Connection

My Rig: AMD Ryzen 9 3900X @ 4.3Ghz | Asus Prime X470-Pro | Corsair Vengeance RGB Pro 32 GB (4 x 8GB) DDR-4 3000Mhz OC'd @ 3400Mhz 16-20-20-38 |

EVGA RTX 2070 8GB XC Gaming OC @ 2145Mhz Boosted/ 1925Mhz Memory | WD SN750 500GB M.2 NVME | Gigabye 240GB SSD | 
XSPC EX 360mm | Corsair XC7 RGB CPU WB | EK-Vector RTX 2080 | Alphacool Eisbecher D5 150mm Plexi | XSPC Fittings | XSPC FLX Clear 7/16" ID, 5/8" OD |
Corsair LL120 x6 | Corsair RM750x White 2018 | Corsair Commander Pro | Corsair Obsidian 500D RGB SE | Corsair RGB LED Lighting PRO Expansion |
Corsair Strafe RGB MK.2 | Corsair Ironclaw RGB Wireless 18,000DPI | Acer 32" 4K 60Hz HDR600 Cert. ET322QK CBMIIPZX |

Passmark Score

3dmark Score

PC Parts Picker Link to Build

Network

Netgear LBR20 LTE Router | Verizon Unlimited Prepaid Hotspot Plan

HP 2530-48G-PoEP Switch

Rasberry Pi 4 Running Pihole

Linksys Velop 3 Mesh Wifi AP's

 

Link to post
Share on other sites
Posted
1 minute ago, lucas-a said:

I could imagine its cheaper for the ISP because only one IP is needed...(And europe is out of ipv4 adresses) Around here arent any better ISP options. I would like to forward one port to the server then connect via OpenVPN/Wireguard/... into the local network.

Thanks for your suggestion. I already used Zerotier but if you want to access the devices on the local network you have to set dns manually on the client device (and forwarding rules on the server) and the client settings get resetted when you disconnect from the zerotier network. Thats the main reason I look for a new way.

What do you mean aet dns manually and the rules? are you using zerotier to access your location behind carier grade nat from a vps/rpi and then portforward in the vps/rpi or areyou using zerotier to access the server directly from the client (phone, laptop,etc)?

Link to post
Share on other sites
Posted
1 minute ago, mtz_federico said:

I guess he is behind Carrier grade NAT, basically NAT at carrier level between many customers

 

Yea, thats unfortunate, very tricky situation there.

 

@mtz_federico

Do you think running a cheap VPS on say google cloud console with OpenVPN Server configured then connect the server and clients to that VPN network. This will give them a common outlet with single NAT, dedicated IP, port forwarding ect.

Internet Connection

My Rig: AMD Ryzen 9 3900X @ 4.3Ghz | Asus Prime X470-Pro | Corsair Vengeance RGB Pro 32 GB (4 x 8GB) DDR-4 3000Mhz OC'd @ 3400Mhz 16-20-20-38 |

EVGA RTX 2070 8GB XC Gaming OC @ 2145Mhz Boosted/ 1925Mhz Memory | WD SN750 500GB M.2 NVME | Gigabye 240GB SSD | 
XSPC EX 360mm | Corsair XC7 RGB CPU WB | EK-Vector RTX 2080 | Alphacool Eisbecher D5 150mm Plexi | XSPC Fittings | XSPC FLX Clear 7/16" ID, 5/8" OD |
Corsair LL120 x6 | Corsair RM750x White 2018 | Corsair Commander Pro | Corsair Obsidian 500D RGB SE | Corsair RGB LED Lighting PRO Expansion |
Corsair Strafe RGB MK.2 | Corsair Ironclaw RGB Wireless 18,000DPI | Acer 32" 4K 60Hz HDR600 Cert. ET322QK CBMIIPZX |

Passmark Score

3dmark Score

PC Parts Picker Link to Build

Network

Netgear LBR20 LTE Router | Verizon Unlimited Prepaid Hotspot Plan

HP 2530-48G-PoEP Switch

Rasberry Pi 4 Running Pihole

Linksys Velop 3 Mesh Wifi AP's

 

Link to post
Share on other sites
Posted
  • Author
59 minutes ago, mtz_federico said:

What do you mean aet dns manually and the rules? are you using zerotier to access your location behind carier grade nat from a vps/rpi and then portforward in the vps/rpi or areyou using zerotier to access the server directly from the client (phone, laptop,etc)?

I used ZeroTier as VPN: I forwarded all local traffic into the zerotier network (the server acting as network bridge) and let zerotier client devices pick an IP in the local subnet. To resolve local domains I needed to set my local DNS Server as default in the clients. In contrast openvpn does this automatically if configured correctly. So all devices in the zerotier network would think they are connected to the LAN. (I wasnt using the rpi)

Link to post
Share on other sites
Posted
28 minutes ago, lucas-a said:

I used ZeroTier as VPN: I forwarded all local traffic into the zerotier network (the server acting as network bridge) and let zerotier client devices pick an IP in the local subnet. To resolve local domains I needed to set my local DNS Server as default in the clients. In contrast openvpn does this automatically if configured correctly. So all devices in the zerotier network would think they are connected to the LAN. (I wasnt using the rpi)

and that vpn routed all traffic or only traffic destined for the server?

I just added my server to zerotier and joined the same zerotier network in my phone and was able to access the server services using the zerotier ip, from what I understand you only want certain clients to access your server but not route all traffic to that network, am I correct?

Link to post
Share on other sites
Posted
1 hour ago, ddennis002 said:

@mtz_federico

Do you think running a cheap VPS on say google cloud console with OpenVPN Server configured then connect the server and clients to that VPN network. This will give them a common outlet with single NAT, dedicated IP, port forwarding ect.

Yes, OP could run an OpenVPN server in a VPS and route traffic going to the VPS on certain ports to go to a VPN client

 

I have not done this but I might try, I found this https://superuser.com/questions/927060/openvpn-server-to-forward-incoming-connection-to-client

Link to post
Share on other sites
Posted
  • Author
30 minutes ago, mtz_federico said:

and that vpn routed all traffic or only traffic destined for the server?

I just added my server to zerotier and joined the same zerotier network in my phone and was able to access the server services using the zerotier ip, from what I understand you only want certain clients to access your server but not route all traffic to that network, am I correct?

In the end I want access to the network, not only the server. And route only traffic going to the local subnet (or better route noting but establish instead a direct connection). 

I would like to focus on solutions without zerotier. I think I followed this path way to long... 

Link to post
Share on other sites
Posted
3 minutes ago, lucas-a said:

In the end I want access to the network, not only the server. And route only traffic going to the local subnet (or better route noting but establish instead a direct connection). 

I would like to focus on solutions without zerotier. I think I followed this path way to long... 

try the vpn solution

 

40 minutes ago, mtz_federico said:

Yes, OP could run an OpenVPN server in a VPS and route traffic going to the VPS on certain ports to go to a VPN client

 

I have not done this but I might try, I found this https://superuser.com/questions/927060/openvpn-server-to-forward-incoming-connection-to-client

 

Link to post
Share on other sites
Posted
4 minutes ago, lucas-a said:

This also routes all traffic through the vps instead of connecting the devices directly. 

You could set the server as a vpn client and modify the rules so that the servers outgoing traffic doesn't go through the vpn and it can only receive incoming traffic.

You could do that by only using the vpn to access the vpn subnet and the rest of the internet trough the CGNATed network

Link to post
Share on other sites
Posted
7 minutes ago, mtz_federico said:

You could set the server as a vpn client and modify the rules so that the servers outgoing traffic doesn't go through the vpn and it can only receive incoming traffic.

You could do that by only using the vpn to access the vpn subnet and the rest of the internet trough the CGNATed network

You could even set a route on the vpn server to send all the traffic to your lan via the one client.

For example: laptop on public wifi --->VPN Server ---> client in network ----> other devices on the network.

Link to post
Share on other sites
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×