Air4141841 25 Posted ... I recently switched to a new fiber provider from cable internet. my pfsense router could run as many tunnels as I wanted and had no issues, on cable internet: since changing ISP's to a carrier grade nat system. my wan connection only stays up for 24 hours then my internet is down entirely. just curious if others have carrier grade nat + Pfsense + tunnel and issues Quote Share this post Link to post
NaDre 157 Posted ... If you have CGNAT then you probably also have IPv6? Are you connecting to AirVPN over IPv6? With CGNAT, the ISP will at some point change the external IP address the internet sees you coming from. Like it or not. Perhaps that is breaking an OpenVPN connection over IPv4/CGNAT? Quote Share this post Link to post
Air4141841 25 Posted ... ip4 is from ISP as of now... and only ip4 is enabled in pfsense the tunnels are not setup for ip6 Quote Share this post Link to post
NaDre 157 Posted ... So you have CGNAT for IPv4 but no IPv6? I would check that. Hard to defend downgrading your IPv4 without providing IPv6. I used to have a router for my LAN that went through another router provided by my ISP. My internal router had better WiFi and I didn't want my LAN to rely on equipment that was not mine. But as a result, my ISP began providing IPv6 and I was oblivious to this for several months. If you have a router from your ISP that your pfSense box goes through, then I suggest you get logged into that and check whether it has an IPv6 WAN address. And if it does, I think you should look into getting set up to use it for AirVPN. I can't find the post, but I recall Staff saying that one reason they were moving to provide IPv6 was that they had customers reporting problems using AirVPN over CGNAT. Quote Share this post Link to post
Air4141841 25 Posted ... I'll hardwire to the ONT tomorrow and see what is going on. appreciate the helpful post I enabled everything ip6. wan wise. and within the openvpn tunnel. wan and tunnel ip6 both show down as of now Quote Share this post Link to post
go558a83nk 364 Posted ... 17 minutes ago, Air4141841 said: I'll hardwire to the ONT tomorrow and see what is going on. appreciate the helpful post I enabled everything ip6. wan wise. and within the openvpn tunnel. wan and tunnel ip6 both show down as of now You probably can't connect directly to the ONT and get any network activity without doing some work The ISP router probably does vlan tagging and has some sort of username/password authentication. If you know what the settings are you may be able to replicate them on your pfsense box. But if you don't know the best you can do is either put the ISP router into bridge mode or do some other trick where you use a dumb switch and clone the MAC address of the ISP router to your pfense box. You let the ISP router get your connection up and running and then unplug it from the dumb switch and plug in your pfsense box with cloned MAC. Quote Share this post Link to post
Air4141841 25 Posted ... they do not offer IP6 yet. they replaced my modem, and removed me from the cgnat and set me up on a static IP. I am confident this will be resolved now Quote Share this post Link to post
OpenSourcerer 1442 Posted ... First time hearing an ISP allocating CG-NAT v4 addresses without providing native v6 UGAs. I thought it's done because of the fact there are not enough native unique v4 addresses left for a given provider. Also first time hearing CG-NAT "blocking" addresses. I imagine NAT as it is, not as a firewall. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
NaDre 157 Posted ... 57 minutes ago, giganerd said: First time hearing an ISP allocating CG-NAT v4 addresses without providing native v6 UGAs. I thought it's done because of the fact there are not enough native unique v4 addresses left for a given provider. Also first time hearing CG-NAT "blocking" addresses. I imagine NAT as it is, not as a firewall. A quick search found this:https://www.apnic.net/community/ipv6-program/about-cgn/ "However, SPs who do not deploy IPv6 services simultaneously with CGN/LSN ..." So I guess they see this happening in their jurisdiction. As far as using CGNAT for OpenVPN, how often the ISP forces IP changes would come into it I think. Do they allow you to keep an IP address for weeks (shared with others). Or do they want this to change often? I don't see what else could be the issue either. I still have full IPv4 with my IPv6, so I can't offer any insight based on personal experience. When the external IP address changes, the IP address given to you by AirVPN will change even if the OpenVPN client reconnects to the same server. So you would want to be sure your set up will correct for that. Since the OP said ".. could run as many tunnels as I wanted ...", relying on the default gateway to be updated may not have been good enough. Not all of these tunnels could be the default gateway at once. There would have to be some configuration done that specfiied the IP address of the VPN NIC, which would need to be updated. 1 OpenSourcerer reacted to this Quote Share this post Link to post
Air4141841 25 Posted ... CGNAT (at least this company) won't work reliably with Pfsense. very disappointed with this since I signed up for a static WAN address everything plays nice now. they confirmed ip6 isn't utilized yet, and they are not sure when it will be... Quote Share this post Link to post