1

Goal: Establish a Site-to-Site VPN tunnel between an office and a remote-site behind a Double-NAT connection. (e.g 4G Hotspot with a CGNAT IP)

(Remote Site Setup)

LTE Modem:
e.g Sierra Wireless Airlink GX450 - 4G Verizon LTE Hotspot / GPS
- Outside Network: Operator Private IP range - Inside Network: 10.50.0.0/24

Linux Router A:
e.g Ubiquiti EdgeRouter ER-X
- With OpenVPN Client
- Outside Network: Public IP
- Inside Network: 10.50.1.0/24

(Office Setup)

Linux Router B:
e.g Ubiquiti EdgeRouter Lite
- OpenVPN Server
- Network: 10.0.1.0

Current Issue

At the moment, I have the Remote Site Router connecting to an OpenVPN server running on the Office Router B. Classic OpenVPN Client/Server scenario. I'm able to access the router B with no issue. However I am unable to access any other resources behind the router B network. I tried pushing routes in the OpenVPN client's configuration, but have had no success. But I didn't believe it was the correct procedure. The Remote site is connected over a Double-NAT because of the Mobile Providers Carrier Grade NAT the LTE Modem connects to. (e.g APN)

Ultimately I would like to create a site-to-site vpn (ipsec?) with the remote-side connecting out to the Office Router B Unfortunately, I'm having trouble finding information to accomplish such a task with the whole Double NAT Problem.

Any information regarding VPN clients connecting out behind a Double-NAT connection would be very helpful

Thanks in Advance

Darragh
  • 384
  • 2
  • 6
  • 18
James
  • 1,117
  • 3
  • 9
  • 16
  • Well damn. I guess my business isn't a business. – James Jul 01 '17 at 08:04
  • Your business is a business, but it's not being run on business-grade equipment. As long as you're using home user equipment and network connectivity, the people on this site will not have the right experience to be of help to you. – Jenny D Jul 01 '17 at 09:21
  • Most people here do not consider Ubiquiti consumer-grade. And the hotspot is a as commercial as it gets. Designed specifically for fire/ems fleets. Thanks though. – James Jul 01 '17 at 17:43
  • 1
    I beg your pardon; I should have been clearer. I meant the fact that you're stuck behind NAT, which, as I understand it, is the main problem here. – Jenny D Jul 02 '17 at 11:59

1 Answers1

1

$500 is too much for static IP, try another ISP. From what you are writing NAT is not your problem, but routing over the established tunnel. Try to use RIP to perform dynamic routing. You are not able to access router configuration on truck probably because there is a need to provide white list when accessing from WWW.

alexlev2004
  • 200
  • 1
  • 7
  • It's LTE. Static IP for a nothing but static connection is probably overpriced on purpose; we are offering this only if someone is really willing to pay this much. But it's also useless for the client side. – Esa Jokinen Jun 04 '17 at 15:50
  • @EsaJokinen A static IP address is useful even if the connection availability is less than 100% – kasperd Jul 01 '17 at 14:48