Cgnat port forwarding, ip4, ip6

micks_address · 23-05-2023 10:14pm #1

Hi folks,

I'm running home assistant on raspberry pi and want to set up remote access to the server. Followed few guides which use duck DNS and I got it working but only when I'm on my lan. Isp is using cgnat so my router IP does not match my ISP IP...I can see it's different on whatismyip.com

When I try access from outside my network it doesn't work.

I enabled ip6 on my router (orbi 850) and I can see the ip6 address on the router but again on whatsmyip the ip6 address is different to the one on my router.

I've seen few suggestions to user IP tunnelling or vpns to get around port forwarding but I thought with ip6 my address would be unique and wouldn't be any cgnat in play?

Isp is starlink

What would happen if I set my router IP to the ip4 address from whatsmyip?

Cheers,

Mick

Glaceon · 23-05-2023 10:20pm

CGNAT means that the IPv4 address is shared. You can’t port forward on it unfortunately. A VPN with a dedicated IP should work. IPv6 would be fine as this isn’t shared.

micks_address · 23-05-2023 10:27pm

https://www.boards.ie/discussion/comment/120633351#Comment_120633351

Why is my ip6 on the router different to the one on whatsmyip? (I used auto config on the router for ip6)

Thanks

Mick

Glaceon · 23-05-2023 10:52pm

IPv6 works differently to what we’re used to these days. There’s no NAT whatsoever. So every device has its own public IPv6 address.

micks_address · 24-05-2023 9:15am

https://www.boards.ie/discussion/comment/120633452#Comment_120633452

yep im just a bit confused about the ip6 address assignment on my router - i kinda expected it to be the same as whats displayed on whatismyipaddress.com

my ip4 address on the router is 100.x.x.x and 145.x.x.x on whats... and for the ip6 the first 8 characters are the same on both the router and whats but the rest are different..

Glaceon · 24-05-2023 9:22am

https://www.boards.ie/discussion/comment/120634129#Comment_120634129

That's normal on IPv6. On IPv4 you have a single public address that is shared among all of the devices in your network. On IPv6 this isn't necessary because the address pool is so large. So every device gets its own IP. The IP that you see in the web browser should match what is shown by ipconfig (Windows), ifconfig (Mac) or "ip a" (Linux) on that device. The firewall still controls what ports are open on that IP.

IPv4 addresses from 100.64.0.0 to 100.127.255.255 are CGNAT so that would confirm that you can't use IPv4 for port forwarding.

micks_address · 24-05-2023 9:45am

https://www.boards.ie/discussion/comment/120634160#Comment_120634160

Thanks so if i want to use something like duckdns for domain lookup - i should use the ip6 from the router page?

on ipconfig i see temp ipv6 address matches the one on whatsmyip - windows laptop there's an ip6 address value thats different..

in theory i should be using the ipv6 address from my router in duckdns and port forwarding would work to my home assistant.. more toying around to be done

Glaceon · 24-05-2023 10:16am

If DHCP issues the IP address of the router as the DNS server then yes, use the router IP in Duck DNS.

micks_address · 24-05-2023 10:32am

https://www.boards.ie/discussion/comment/120634357#Comment_120634357

thanks for being patient.. when you say DHCP - you mean for the lan setup? on the router i have ticked 'Use Router as DHCP' server. All local devices are being assigned 192.x.x.x addresses.. either way its still not working.. i have put the router 'wan ip6' address in duck dns.. and in the duckdns plugin on home assistant but it still wont router when i try to connect outside of my lan..

Glaceon · 24-05-2023 10:53am

No problem, when you run ipconfig /all on one of the local devices, what IPs do you see under DNS Servers? Does it match the router or is it something else?

micks_address · 24-05-2023 11:03am

https://www.boards.ie/discussion/comment/120634521#Comment_120634521

two dns listed.. 192.1.168.1 and an ip6 which different from the ip6 address of the router

micks_address · 24-05-2023 11:23am

ok so i put the ipv6 address from my rasperry pi in duck dns and i am able to access home assistant via the duckdns url.. but not when i leave my home network it times out.. it must be using ipv6 as there's no ip4 listed in duckdns

theBOFH · 24-05-2023 12:19pm

Not directly related to the cgnat issue/question but more on the home assistant side incase it helps.

if you subscribe to the home assistant cloud it will not only support the project but also allow remote access even being cgnat.

Exposing any system directly does have its downsides though ( https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/)

The Tailscale add-on allows for a straight forward way to get connectivity back to the HA instance

Another option to get around cgnat might be Cloudflared

https://github.com/brenner-tobias/addon-cloudflared

micks_address · 24-05-2023 12:25pm

https://www.boards.ie/discussion/comment/120634863#Comment_120634863

yes im thinking about the home assistant cloud option. just have so many subscriptions at the moment didnt want to add another.. to be honest i dont really need remote access.. its just a nice to see working option..

micks_address · 25-05-2023 9:38am

I give up the chase and bought a home assistant cloud subscription for the year.. working remotely now without any faffing around

Cgnat port forwarding, ip4, ip6

Comments