How to access SOHO when provider gives private IP address on 4G/LTE network Modem

0

I have a new connection that has been working for 6 months at my SOHO. This connection is on 4G LTE at about 45M/12M. Before that I had a DSL with a fixed IP running at about 10M/1M but I want to stop this.

The problem is that my Provider is giving me an A class IP address 10.x.x.x on the 4G/LTE Modem, so the NAT on my firewall is not working anymore! I can't access my services (Mail, caldav, carddav, RDP, ...) when I'm outside my home and office.

I also have got a VPS in a data centre with a fixed IP. This VPS is a Ubuntu LTS based web server. Ports 80/443 and 25 needs to stay available for Apache and Exim.

enter image description here

I think the solution is maybe to make a connection between my VPS working as a "NAT VPN proxy"?

My idea is to create a port range on my VPS listening for example 30000 to 39999 and when we catch this range the VPS will redirect my traffic to my PFSense in a VPN tunnel. So, VPS would be the VPN server and PFsense is the VPN client permanently connected to the VPS.

Example of ports and corresponding services :

VPS port   PFSense NAT          LAN devices IP   Description

30143      30143 ->  143   TCP  192.168.10.100   IMAP to Synology NAS
35000      35000 -> 5000   TCP  192.168.10.100   Web access to NAS
33389      33389 -> 3389   TCP  192.168.10.20    MS RDP to VPS
35060      35060 -> 5060   TCP  192.168.10.10    Asterisk Server
...
  1. What do you think ?
  2. Maybe I can make a PPPOE beetween my VPS and PFSense ?
  3. Or is it possible with OpenVPN ?
  4. Is existing another solution ?

Meloman

Posted 2017-05-05T08:07:34.210

Reputation: 101

This is not because "of a class A network", network classes have been replace by CIDR for ~20 years. It's because the ISP uses private addresses and carrier grade NAT. – Sven – 2017-05-05T08:25:46.603

Yes, I know that 4G networks are on private addresses ! I see this and that's the problem. Ok, my vocabulary is old :D ! Is my title better like this @Sven ? – Meloman – 2017-05-05T08:28:48.537

Answers

0

You’re apparently already using VPN. What you need to do is very simple:

  • Make VPS the VPN host
  • Make pfSense VPN client

Optionally, you could bridge your VPN to the local (red in your picture) network. You can also go with a routed setup, allowing you to easily create firewall rules between the VPN and the local network.

Your pfSense box would then connect outbound to your new VPN “anchor”: your VPS. The road warrior would do the same.

Don’t use port forwardings over VPN, they are tricky to get right because the response traffic will by default not go into the VPN. Also, why even bother when you can just go “full VPN”.

Daniel B

Posted 2017-05-05T08:07:34.210

Reputation: 40 502

Problem is that some ports like 80 and 443 are reserved to the VPS which is a web server too. So, maybe I need to install a Firewall on the VPS first like shorewall ? And make NAT on this and redirect some range to the VPN ? – Meloman – 2017-05-05T08:44:14.963

So what if those ports are in use? A VPN wouldn’t usually run on these ports. You can set OpenVPN to use any port. The “default” port is 1194. – Daniel B – 2017-05-05T08:48:32.927

can we chat @Daniel B ? – Meloman – 2017-05-05T08:50:15.347

2

Sure, I created a channel here, but I may not always be able to respond right away.

– Daniel B – 2017-05-05T09:00:48.017

Asked: 2017-05-05T08:07:34.210

Viewed: 753 times

Active: 2017-05-05T09:01:04.347