Kareem wrote
potato wroteYour having the same problem i had a year ago. Port forwarding is blocked since as you said we dont have public ip. ipv6 is not a solution since we dont have a static ipv6 provided by ogero even if they gave us ipv6... we need a better solution
I've seen in one of your threads that you managed to run IPv6 with internet connection. Can you tell me how ? Support is not collaborating. Was there a special request to have this feature enabled?
All i did was enable ipv6 within the settings assuming it would work and it worked :/ however they only assign dynamic ipv6 even if you dont restart your router next day you will have different IP for whatever reason (as far as i remember) another problem is that the connection became unstable for whatever reason browsing, gaming, streaming would lag many times within a session in all of connected devices.

And finally my host apps are still in ipv4 and not compatible with ipv6 and doing some workaround would be hassle and not optimized.

So all i did was fall back to dynamic ipv4 and lag is solved and install google remote chrome desktop app and when i need any app i just login to my host. its all i can do.

If you want home automation you still need a static ip to have a direct connection with your devices. In my case i did many workarounds to have some direct connections (but still not satisfied) and some not important left with the above solution.
There's no way to overcome GCNAT even with VPN it's pain in the ass and what I did notice lately is that your external IP address does change even if your PPPoE connection didn't restart.

I'm currently testing reverse tunnel over SSH. Will post my findings.
15 days later
You could always go with L2TP and a manually setup European VPS. Supported by nearly every platform, even routers.
I'm using Arubacloud, 1$/mo for a server in Italy, latency with fast path is around 60-70ms to google.com, ~50ms to euro servers. (w/o 45ms)
My fear is that having a dedicated IP address makes it more prone for security breaches compared to a dynamic one, especially if the VPS/IP is billed to you. (e.g third party illegal activities on your could be a trouble) Not the most anonymous setup.
Works well here with no carrier NAT issues.

I used the following "auto" script: github(dot)com/hwdsl2/setup-ipsec-vpn
Elitism Guru wroteYou could always go with L2TP and a manually setup European VPS. Supported by nearly every platform, even routers.
I'm using Arubacloud, 1$/mo for a server in Italy, latency with fast path is around 60-70ms to google.com, ~50ms to euro servers. (w/o 45ms)
My fear is that having a dedicated IP address makes it more prone for security breaches compared to a dynamic one, especially if the VPS/IP is billed to you. (e.g third party illegal activities on your could be a trouble) Not the most anonymous setup.
Works well here with no carrier NAT issues.

I used the following "auto" script: github(dot)com/hwdsl2/setup-ipsec-vpn
The price I found was 2.79 euro /month can you please pm me your plan's link?? thank you:)
a year later
OK so I'm connected now to a VPS. I successfully finished setting up everything and I have a working LT2P/IPsec connection. My plan has a dedicated static IP.

When I connect to the VPN service, indeed I get a real IP. Now the problem is how to perform a port forward ? it simply won't work. I've been up all this weekend trying to find a solution to this. I need my network to be accessible on the internet.

Current setup : Lan IP : 10.0.0.0/24

VPN setup :

Usage of /: 14.1% of 18.18GB IP address for eth0: 80.2X.XX.XXX
Memory usage: 16% IP address for tun0: 10.8.0.1
Swap usage: 0% IP address for ppp0: 192.168.42.1


When I'm connected to the VPN, I get a dynamic private ip from the 192.168.42.X pool




Now I understand that there' are two machines with the same real IP. The VPS server and my PC. Firewall is disabled for testing purpose but still I can't remote desktop or connect to anything outside the network.

Any idea ?
You need to do port forward twice... on VPS AND on router with vpn.
Make sure VPS have necessary port opened (many have firewall).
nuclearcat wroteYou need to do port forward twice... on VPS AND on router with vpn.
Make sure VPS have necessary port opened (many have firewall).
It's very complicated. I mean very very complicated. The VPS has open ports but when a connection is is established on VPN, a new interface is created ppp0 where eth0 is the real IP interface ( network / gateway ).

A portforward is not possible between Eth0 and ppp0 because ppp0 has a subnet of 255.255.255.255 ( one IP as u know ) and it's dynamic.

iptables has many configuration options but then it's not about portforwarding anymore. I need to change the default route. If I do change the default route, the server won't be accessible anymore.

I however noticed that Ogero is now giving me an IPV6 address.



I am not familiar with IPV6 but what understand is that NAT is no longer needed so router doesn't do any NAT for IPV6 addresses.

karimt@ubiquity:~$ ping ipv6.google.com
PING ipv6.google.com(mrs09s08-in-x0e.1e100.net (2a00:1450:4006:80a::200e)) 56 data bytes
64 bytes from mrs09s08-in-x0e.1e100.net (2a00:1450:4006:80a::200e): icmp_seq=1 ttl=54 time=136 ms
64 bytes from mrs09s08-in-x0e.1e100.net (2a00:1450:4006:80a::200e): icmp_seq=2 ttl=54 time=42.9 ms
64 bytes from mrs09s08-in-x0e.1e100.net (2a00:1450:4006:80a::200e): icmp_seq=3 ttl=54 time=42.7 ms
64 bytes from mrs09s08-in-x0e.1e100.net (2a00:1450:4006:80a::200e): icmp_seq=4 ttl=54 time=42.9 ms
64 bytes from mrs09s08-in-x0e.1e100.net (2a00:1450:4006:80a::200e): icmp_seq=5 ttl=54 time=42.8 ms

It's getting interesting because according to my router documentation, no translation is happening hence no port forward needed. Every IP on the network is accessible from the internet which is not logical.

So to conduct a test, does anybody know any free VPS that does have IPV6 connectivity ? I need to test RDP and webserver as mine has only IPV4.

The below website is able to reach my PC behind the router and is telling which ports are open.

http://www.ipv6scanner.com/cgi-bin/main.py


Also IPv6 on my network seem to be working great :

Update.... Ok I found a terrific website where i can use a virtual machine ( https://www.onworks.net/programs/putty-online?amp=0 ) online and test whatever the hell i want. After 10 hours of testing a configuration.. .TADAAAAAAA !!!! one of the best news.... My home automation, Plex server, RDP and basically everything hosted on my network is now accessible from my internet. bye bye NAT. ( iknow IPV6 is not widely implemented but at least it is in Europe and USA so no more headache when abroad and for the cherry on top, I got 5 free dynamic DNS so that I won't have to memorize the IPv6 of every computer on my network.



One last question, a bit off-topic but does Alfa support IPv6 ? because it looks like Touch does not. When I force IPv6 there's no connection to the internet.
Man you complicated things for yourself why did u get into ipv6 it's barely supported here, just do create your vpn and forward all the ports from Vps to the private ip you got from VPN server then do same thing on your vpn router or put your pc in dmz.
DNA wroteMan you complicated things for yourself why did u get into ipv6 it's barely supported here, just do create your vpn and forward all the ports from Vps to the private ip you got from VPN server then do same thing on your vpn router or put your pc in dmz.
Actually I tried the VPN thing, i got an account on Arubacloud but how are you port forwarding from VPS to VPN ? The VPN gives you a dynamic private IP.

I also thought IPv6 is barely supported but found out that it's widely adopted. I got free DDNS ( dynv6 ) and every machine on my network has a different public IP now. so I can reach my server, media center, PC and router.

Looking at this, I can see Touch and Alfa both having already IPv6 subnets but I have no clue if they are adopting this anytime soon.

https://www-public.imtbs-tsp.eu/~maigron/RIR_Stats/RIPE_Allocations/Allocs/LB.html#lb.libantelecom

Btw, sooner or later, IPv6 is the future so complication is coming soon.
5 days later
Ok I sorted this out. Almost everything on the internet wasn't really helpful it turned out I need to configure SNAT.

For reference if anyone needs it :

iptables -t nat -A PREROUTING -d <public IP> -p tcp --dport <port you want to forward > -j DNAT --to-dest < vpn client Ip>:port

iptables -t nat -A POSTROUTING -d <VPN client IP> -p tcp --dport <port you want to forward> -j SNAT --to-source <VPN Server IP>
Man we already told you to port forward your public ip on vps to your vpn IP....
you are using a linux VPS so iptables is how you port forward i assumed it is a simple "how to port forward on linux" google search for you.
if anybody needs it on windows it is: netsh interface portproxy.
Glad it worked out in the end, i hope ipv6 will become more adopted it really makes life easier and cheaper.


edit: sorry man haven't seen your reply for some reason i may have clicked new posts on the forum and never read it. what VPN server are you using, you can configure it to provide a static IP if necessary.
DNA wroteMan we already told you to port forward your public ip on vps to your vpn IP....
you are using a linux VPS so iptables is how you port forward i assumed it is a simple "how to port forward on linux" google search for you.
if anybody needs it on windows it is: netsh interface portproxy.
Glad it worked out in the end, i hope ipv6 will become more adopted it really makes life easier and cheaper.


edit: sorry man haven't seen your reply for some reason i may have clicked new posts on the forum and never read it. what VPN server are you using, you can configure it to provide a static IP if necessary.
I'm using Arubacloud.. It's a EUR 2.7 /month, 2T quota, 1Gbps internet connection.


ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400
inet 192.168.42.1 netmask 255.255.255.255 destination 192.168.42.10
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 45 bytes 8003 (8.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27 bytes 8087 (8.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


Problem is that even with SNAT, what's happening is that when my ogero disconnects / reconnects for some reason, the VPN server will assign you a new IP ( 192.168.42.11 ) and so on....

I'm using LT2p Ipsec VPN... My only option was to configure the Ipsec file to allow only one connection to the server

conn xauth-psk
auto=add
leftsubnet=0.0.0.0/0
rightaddresspool=192.168.42.10-192.168.42.10 <-------------
modecfgdns="8.8.8.8 8.8.4.4"
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
ike-frag=yes
cisco-unity=yes
also=shared

I can't seem to find way to force a static IP without an external authentication server.
SNAT has nothing to do with that you may even omit it altogether in any case you didn't tell what vpn server are you using?
DNA wroteSNAT has nothing to do with that you may even omit it altogether in any case you didn't tell what vpn server are you using?
Man it's either you're not reading what I'm posting or something else. I already said it's an L2TP/ IPsec VPN server with PSK ( xl2tpd strongswan )

OpenVPN is not an option.

If SNAT has nothing to do with that how do you forward ports from VPN gateway to VPN client? ( It's the nth time i post this question)

In my case SNAT did the trick....
I am asking about the server software and all you are replying is l2tp ipsec how am i supposed to help you provide static Ips if i dont know if you are using ipsectools libreswan openswan etc etc enough about that.
and snat isn't what forwards your ports Dnat is. source nat will Nat your vpn clients packets as if coming from the vpn server itself which Can be omitted if you have the correct routes and linux is correctly masquerading all the output packets for the client the default gateway is always the vpn server and it should automatically Nat your packets and if it doesn't the OS will with correct routes and masquerade rule which should be set by default. in any case if you had to tell it to do that manually it doesn't hurt
2 years later
Hello, is it still no way to host on shared ip?
a year later
Got a new ogero connection and stumbled across this thread, I have the same problem with no way to host a vpn server.

I need to read about L2TP
for the next person that comes across this, check out cloudflare tunnels