Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Private WAN IP address

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
questlinq
Posts: 69
Joined: 2017-09-19 08:51

Private WAN IP address

#1 Post by questlinq »

Hello,

I have a dynamic Private WAN IP address assigned by my ISP. I use a USB dongle to connect to the internet - I can't establish remote connection to my Debian 10 box with DDNS since WAN IP comes in 100.xx.xx.255 form.
Would it be possible to resolve this problem by setting up a VPN tunnel (client) on my Debian box?
Last edited by questlinq on 2019-10-13 19:26, edited 1 time in total.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Privaate WAN IP address

#2 Post by p.H »

questlinq wrote:I have a dynamic Private WAN IP address assigned by my ISP.
You have my deepest sympathy.
questlinq wrote:WAN IP comes in 100.xx.xx.255 form.
100.0.0.0./8 is not a private range. Do you mean 10.xx.xx.255 ?
questlinq wrote:Would it be possible to resolve this problem by setting up a VPN tunnel (client) on my Debian box?
Yes, if the other end of the tunnel provides a public address, either assigned to the client (preferred) or through configurable NAT redirections.

questlinq
Posts: 69
Joined: 2017-09-19 08:51

Re: Privaate WAN IP address

#3 Post by questlinq »

100.0.0.0./8 is not a private range. Do you mean 10.xx.xx.255 ?
It's like this 100.53.174.102 - it always starts with same three digits. But, when I run wanip.info I see a Public WAN IP address which is different.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Privaate WAN IP address

#4 Post by p.H »

Maybe the ISP does some NAT or transparent proxy. But 100.53.174.102 is not a private address. It is assigned to Sprint.

User avatar
Bloom
df -h | grep > 90TiB
df -h | grep > 90TiB
Posts: 504
Joined: 2017-11-11 12:23
Been thanked: 26 times

Re: Privaate WAN IP address

#5 Post by Bloom »

Code: Select all

curl -s icanhazip.com

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Privaate WAN IP address

#6 Post by p.H »

What is this supposed to show ?

User avatar
Bloom
df -h | grep > 90TiB
df -h | grep > 90TiB
Posts: 504
Joined: 2017-11-11 12:23
Been thanked: 26 times

Re: Privaate WAN IP address

#7 Post by Bloom »

Your outside (WAN) ip address.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Privaate WAN IP address

#8 Post by p.H »

How it that different from wanip.info which the OP used ?

User avatar
Bloom
df -h | grep > 90TiB
df -h | grep > 90TiB
Posts: 504
Joined: 2017-11-11 12:23
Been thanked: 26 times

Re: Privaate WAN IP address

#9 Post by Bloom »

Wanip.info yields a brightly colored webpage with lots of information. Not suitable for processing the result in a Bash script.
The instruction I gave yields only the ip address and nothing else. That can be used for processing in a script.

OP can use a Dynamic DNS service to make his system reachable from the internet. He will need a dyndns-client or a service like that in his router in order to automatically update the DDNS address if his WAN ip address changes.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Privaate WAN IP address

#10 Post by p.H »

How does this difference matter to the OP ? I did not read that the OP wanted to process the result in a script.

Regarding the dynamic DNS, it is useless if the computer is behind a carrier-grade NAT (CGN) and does not have an IP address which is reachable from the public internet.

To the OP : what is the public IP address you see with wanip.info ? Is it always the same ?

User avatar
Bloom
df -h | grep > 90TiB
df -h | grep > 90TiB
Posts: 504
Joined: 2017-11-11 12:23
Been thanked: 26 times

Re: Privaate WAN IP address

#11 Post by Bloom »

OP should configure his router to enable a virtual link from the internet to the system he wishes to reach from outside his own home. A properly secured system, of course.

troffasky
Posts: 37
Joined: 2017-11-05 11:00
Has thanked: 1 time
Been thanked: 1 time

Re: Privaate WAN IP address

#12 Post by troffasky »

questlinq wrote: Would it be possible to resolve this problem by setting up a VPN tunnel (client) on my Debian box?
Yes. You would need to find somebody to terminate the VPN for you but I'm sure such services exist. If it's just for your use [ie you're not hoping to host public-facing services on it for anyone to access] you could use a service like Hamachi.

questlinq
Posts: 69
Joined: 2017-09-19 08:51

Re: Private WAN IP address

#13 Post by questlinq »

When I run
curl -s icanhazip.com

it returns the same IP address as when I run http://wanip.info/.

However, when I use HUAWEI 4G Dongle E3372 or NETGEAR LB2120 I see a different IP address (IP Address 100.91.208.174) under Status Details.
When I replace SIM card in my Android based phone and I use LanDroid app - it shows same IP address under Public IP section as when I run http://wanip.info/, while under LocalNet/Routes: I get IP Address 100.91.208.174.

I've opened ports and forwarded the traffic within my network and I still can't reach the box. I'll keep trying and report back the results.

questlinq
Posts: 69
Joined: 2017-09-19 08:51

Re: Private WAN IP address

#14 Post by questlinq »

I just found out that my ISP is using Private WAN IPs - I'll have to try with VPN tunnel next.

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: Private WAN IP address

#15 Post by reinob »

questlinq wrote:I just found out that my ISP is using Private WAN IPs - I'll have to try with VPN tunnel next.
do you need it to be transparent (all ports) or just for ssh/web/etc?

If you have a server (VPS) somewhere with a public IP you can set-up a VPN between your home computer and your server (I recommend Wireguard), and then configure a reverse proxy (if web) or an ssh jump host (if ssh) to forward the connection to the VPN address of your home computer.

so [internet client] -> { via VPS public IP } -> [VPS forward to home server VPN IP] -> { via home VPN IP } -> [ home ]

where [computer] and { address/route }

questlinq
Posts: 69
Joined: 2017-09-19 08:51

Re: Private WAN IP address

#16 Post by questlinq »

do you need it to be transparent (all ports) or just for ssh/web/etc?

If you have a server (VPS) somewhere with a public IP you can set-up a VPN between your home computer and your server (I recommend Wireguard), and then configure a reverse proxy (if web) or an ssh jump host (if ssh) to forward the connection to the VPN address of your home computer.

so [internet client] -> { via VPS public IP } -> [VPS forward to home server VPN IP] -> { via home VPN IP } -> [ home ]

where [computer] and { address/route }
I need it just for ssh, mail ..

Thanks for recommending Wireguard - so, I just need to set-up a VPN client on home server and VPN server on my VPS that has a Public IP address and open port on both ends?

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: Private WAN IP address

#17 Post by reinob »

questlinq wrote: I need it just for ssh, mail ..

Thanks for recommending Wireguard - so, I just need to set-up a VPN client on home server and VPN server on my VPS that has a Public IP address and open port on both ends?
Let's say your home server has IP 100.x.y.z and IP 10.200.0.2 for the wireguard interface.
At your VPS you have some public IP, say 1.1.1.1 and IP 10.200.0.1 for the wireguard interface.

Now you have a laptop somewhere with Linux and the openssh client.
In your ~/.ssh/config you should have something like:

Code: Select all

Host home-direct
        Hostname 100.x.y.z

Host vps
        Hostname my-vps-address-or-resolvable-hostname (e.g. 1.1.1.1)

Host home-via-vps
        Hostname wireguard-ip-of-home-server (e.g. 10.200.0.2)
        ProxyCommand ssh -q -W %h:%p vps
(the first entry is if you want to attempt a direct connection, in case it happens to work in a particular subnet, such as if your client is on the same ISP as your home server..)

I have not tested whether the above is correct (syntax should be OK), as I do have a real (dynamic, but real) IP.

Note that another "elegant" solution would be to install tor on your home server and setup a hidden service for ssh. Then all you need is a client running tor to connect to your hidden address (or use your VPS as a jump host with e.g. "ProxyCommand socat - SOCKS4A:localhost:%h:%p,socksport=9050").

But I'm not 100% sure that tor routing will work OK with your non-public IP address.

Good luck and report if it worked or, more important, if it didn't :)

Post Reply