• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Carrier grade NAT on 4G

Started by leifnel, February 21, 2017, 03:47:58 PM

Previous topic - Next topic

leifnel

Can the tunnel work through Carrier-Grade NAT?

I'm on a 4G modem, my public IP is dynamic, currently 62.44.135.xxx (http://ip4.me for instance)
The outside IP is 10.224.255.234

The 62.44.135.xxx is not pingable.

So can the tunnel be set up on a "Don't call me, I'll call you" protocol, because my router is not reachble.

I had a tunnel from sixxs which works through nat, but due to strange circumstances, I'd better have a plan B.

kcochran

6in4 doesn't have the typical IPv4 TCP/UDP headers, so most NAT implementations don't get enough information to determine a flow to pinhole permit the traffic.  As such, 6in4 tunnels almost never work through a CGNAT environment.  There's no initial handshake with a 6in4 tunnel, each end just flings the IPv6 traffic at the other side with an IPv4 IP header slapped on top.

tjeske

It can work if it's a 1:1 NAT or if they forward IP-Protocol (not port!) 41 to your home router. Protocol-forwarding is very unlikely to happen, and 1:1 CGNAT is very rare (my ISP uses it!).

The better way in this case is AYIYA (what sixxs is using). There's always the option of renting an IPv6-capable server and setting up your own tunnel service. Though I have to admit I'd like to see AYIYA support from HE :) (would be great for mobile phone use).

leifnel

> There's always the option of renting an IPv6-capable server and setting up your own tunnel service.

I have that, but unfortunately it only have a single address; I have tried getting a subnet, but they can't handle that yet.

I don't want to have to nat all my hosts through a single ipv6 address (if at all possible), because that defeats the purpose of having "all" my monitoring equipment available from outside.

But us the AYIYA/AICCU available anywhere else than sixxs?

tjeske

I know it's a lot of work, but there's also the option to take your server elsewhere, to a service, that offers a whole subnet. I wouldn't even think of IPv6-nat as well. Many devices probably won't even be able to work that way. At least you'd be the one controlling the port forwardings, so you wouldn't have to worry that much about your monitoring equipment.

And no, SixXS is/was the only service with ayiya.

leifnel

> I know it's a lot of work, but there's also the option to take your server elsewhere,

Not really an option, as it is my home network. ;-)