Unraid VPN on Starlink

[AKS_Adrian]

Hello,

 

So I recently abandoned my crappy DSL internet connection and got Starlink. It's so much quicker and I'm really happy with it apart from one thing: I can no longer use the VPN I set up on my unraid server.

I set up the VPN within unraid back when I still had the DSL service and it worked with no issues, I was able to access my shares and network externally, like you would expect.

I've done some research, but there's not much information out there for my particular want.

 

Starlink uses CGNAT which means port forwarding doesn't work. Also, Starlink doesn't officially support IPV6 yet, I'll be getting on to why this is important later.

I have replaced the router with a TP-Link AX5400, this brings back the ability to apply port-forwarding rules and also IPV6. Enabling IPV6 on a third-party router works with no problems whatsoever.

Of course the port-forwarding still doesn't work at all. The WireGuard software cannot connect, the handshakes fail.

Now I saw on Reddit someone briefly mention that you can use IPV6 to work around the Starlink service using CGNAT, but that was all, I looked into this and saw nothing that would help me.

I attempted to configure unraid to use ipv6 only for the VPN connection but nothing changed.

 

So that's about it, everything I have tried so far has not worked and I really need to get this working again.

I've hit a wall so if anyone has any solution to this I would be grateful.

 

Thanks for taking the time to read my post!

[Cameron559933]

Hello,

 

Since you cannot port forward using Starlink I've been looking into these ideas.

 

https://di-marco.net/blog/it/2022-01-01-lte_and_starlink_isp-access_to_your_lan_from_outside/

 

and this

 

https://billysoftacademy.com/how-to-setup-pfsense-version-2-4-5-on-the-amazon-web-services-aws-cloud-computing-platform/

 

I like the idea of still using OpenVPN with pfsense, so perhaps it would be possible to setup a pfsense firewall on a Virtual Private Server. Then have my home pfsense router (behind Starlink) connect to the vps pfsense firewall as a VPN client.

 

Then you could have any external devices, laptops, smartphones connect to the VPS pfsense as VPN clients and the traffic could be routed over the VPN link between the two pfsense firewalls and onto the internal lan for accessing any internal resources.

 

I'm still looking into it, so pfsense might not be the best way to do a secure VPN solution for Starlink.

 

It also does add additional cost, in VPS hosting, data usage from the VPS server traffic.

 

Alternatively splashtop would probably allow remote access of any machines and resources, just in a different way.

 

 

Edited January 29, 2022 by Cameron559933
Wanted to make it clearer what I mean.

[Cameron559933]

I think openvpn server hosted on a VPS is a better solution, as then you only pay for the VPS hosting. Amazon Web Services offer 12 months for free, but there are others. 

 

 

https://github.com/angristan/openvpn-install

It helped to read through the script used after watching the videos and installing openvpn server. It also helped me understand how to use easyrsa to generate additional client certificates for more users.

 

Another option is openvpn access server, but you have to pay for a license if you need more than two users connected.

 

 

 

 

 

[Alex Atkin UK]

Wireguard is probably the best option, its much more stable over links prone to latency and packet loss.

 

I have no idea what VPS providers support it though.