Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Private WAN IP address
Private WAN IP address
Hello,
I have a dynamic Private WAN IP address assigned by my ISP. I use a USB dongle to connect to the internet - I can't establish remote connection to my Debian 10 box with DDNS since WAN IP comes in 100.xx.xx.255 form.
Would it be possible to resolve this problem by setting up a VPN tunnel (client) on my Debian box?
I have a dynamic Private WAN IP address assigned by my ISP. I use a USB dongle to connect to the internet - I can't establish remote connection to my Debian 10 box with DDNS since WAN IP comes in 100.xx.xx.255 form.
Would it be possible to resolve this problem by setting up a VPN tunnel (client) on my Debian box?
Last edited by questlinq on 2019-10-13 19:26, edited 1 time in total.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Privaate WAN IP address
You have my deepest sympathy.questlinq wrote:I have a dynamic Private WAN IP address assigned by my ISP.
100.0.0.0./8 is not a private range. Do you mean 10.xx.xx.255 ?questlinq wrote:WAN IP comes in 100.xx.xx.255 form.
Yes, if the other end of the tunnel provides a public address, either assigned to the client (preferred) or through configurable NAT redirections.questlinq wrote:Would it be possible to resolve this problem by setting up a VPN tunnel (client) on my Debian box?
Re: Privaate WAN IP address
It's like this 100.53.174.102 - it always starts with same three digits. But, when I run wanip.info I see a Public WAN IP address which is different.100.0.0.0./8 is not a private range. Do you mean 10.xx.xx.255 ?
Re: Privaate WAN IP address
Wanip.info yields a brightly colored webpage with lots of information. Not suitable for processing the result in a Bash script.
The instruction I gave yields only the ip address and nothing else. That can be used for processing in a script.
OP can use a Dynamic DNS service to make his system reachable from the internet. He will need a dyndns-client or a service like that in his router in order to automatically update the DDNS address if his WAN ip address changes.
The instruction I gave yields only the ip address and nothing else. That can be used for processing in a script.
OP can use a Dynamic DNS service to make his system reachable from the internet. He will need a dyndns-client or a service like that in his router in order to automatically update the DDNS address if his WAN ip address changes.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Privaate WAN IP address
How does this difference matter to the OP ? I did not read that the OP wanted to process the result in a script.
Regarding the dynamic DNS, it is useless if the computer is behind a carrier-grade NAT (CGN) and does not have an IP address which is reachable from the public internet.
To the OP : what is the public IP address you see with wanip.info ? Is it always the same ?
Regarding the dynamic DNS, it is useless if the computer is behind a carrier-grade NAT (CGN) and does not have an IP address which is reachable from the public internet.
To the OP : what is the public IP address you see with wanip.info ? Is it always the same ?
Re: Privaate WAN IP address
OP should configure his router to enable a virtual link from the internet to the system he wishes to reach from outside his own home. A properly secured system, of course.
Re: Privaate WAN IP address
Yes. You would need to find somebody to terminate the VPN for you but I'm sure such services exist. If it's just for your use [ie you're not hoping to host public-facing services on it for anyone to access] you could use a service like Hamachi.questlinq wrote: Would it be possible to resolve this problem by setting up a VPN tunnel (client) on my Debian box?
Re: Private WAN IP address
When I run
it returns the same IP address as when I run http://wanip.info/.
However, when I use HUAWEI 4G Dongle E3372 or NETGEAR LB2120 I see a different IP address (IP Address 100.91.208.174) under Status Details.
When I replace SIM card in my Android based phone and I use LanDroid app - it shows same IP address under Public IP section as when I run http://wanip.info/, while under LocalNet/Routes: I get IP Address 100.91.208.174.
I've opened ports and forwarded the traffic within my network and I still can't reach the box. I'll keep trying and report back the results.
curl -s icanhazip.com
it returns the same IP address as when I run http://wanip.info/.
However, when I use HUAWEI 4G Dongle E3372 or NETGEAR LB2120 I see a different IP address (IP Address 100.91.208.174) under Status Details.
When I replace SIM card in my Android based phone and I use LanDroid app - it shows same IP address under Public IP section as when I run http://wanip.info/, while under LocalNet/Routes: I get IP Address 100.91.208.174.
I've opened ports and forwarded the traffic within my network and I still can't reach the box. I'll keep trying and report back the results.
Re: Private WAN IP address
I just found out that my ISP is using Private WAN IPs - I'll have to try with VPN tunnel next.
Re: Private WAN IP address
do you need it to be transparent (all ports) or just for ssh/web/etc?questlinq wrote:I just found out that my ISP is using Private WAN IPs - I'll have to try with VPN tunnel next.
If you have a server (VPS) somewhere with a public IP you can set-up a VPN between your home computer and your server (I recommend Wireguard), and then configure a reverse proxy (if web) or an ssh jump host (if ssh) to forward the connection to the VPN address of your home computer.
so [internet client] -> { via VPS public IP } -> [VPS forward to home server VPN IP] -> { via home VPN IP } -> [ home ]
where [computer] and { address/route }
Re: Private WAN IP address
I need it just for ssh, mail ..do you need it to be transparent (all ports) or just for ssh/web/etc?
If you have a server (VPS) somewhere with a public IP you can set-up a VPN between your home computer and your server (I recommend Wireguard), and then configure a reverse proxy (if web) or an ssh jump host (if ssh) to forward the connection to the VPN address of your home computer.
so [internet client] -> { via VPS public IP } -> [VPS forward to home server VPN IP] -> { via home VPN IP } -> [ home ]
where [computer] and { address/route }
Thanks for recommending Wireguard - so, I just need to set-up a VPN client on home server and VPN server on my VPS that has a Public IP address and open port on both ends?
Re: Private WAN IP address
Let's say your home server has IP 100.x.y.z and IP 10.200.0.2 for the wireguard interface.questlinq wrote: I need it just for ssh, mail ..
Thanks for recommending Wireguard - so, I just need to set-up a VPN client on home server and VPN server on my VPS that has a Public IP address and open port on both ends?
At your VPS you have some public IP, say 1.1.1.1 and IP 10.200.0.1 for the wireguard interface.
Now you have a laptop somewhere with Linux and the openssh client.
In your ~/.ssh/config you should have something like:
Code: Select all
Host home-direct
Hostname 100.x.y.z
Host vps
Hostname my-vps-address-or-resolvable-hostname (e.g. 1.1.1.1)
Host home-via-vps
Hostname wireguard-ip-of-home-server (e.g. 10.200.0.2)
ProxyCommand ssh -q -W %h:%p vps
I have not tested whether the above is correct (syntax should be OK), as I do have a real (dynamic, but real) IP.
Note that another "elegant" solution would be to install tor on your home server and setup a hidden service for ssh. Then all you need is a client running tor to connect to your hidden address (or use your VPS as a jump host with e.g. "ProxyCommand socat - SOCKS4A:localhost:%h:%p,socksport=9050").
But I'm not 100% sure that tor routing will work OK with your non-public IP address.
Good luck and report if it worked or, more important, if it didn't :)