Hi everyone. I have a problem im trying to find a solution for and I’m hitting a wall. Here’s the details
I have a location with an internal server that needs to be reached from the web.
The server cant be moved to another location or hosted on the cloud it MUST remain on site.
This site has a lack of good internet solutions, the only option was DSL or 5G home which is what we’ve been using.
I had this setup and working with the 5G home but the internet would get unberably slow once they are unprioritized for using too much data, so I just swithched to Starlink to test it and they are very happy with the speeds and performance.
My issue now is Starlik uses CGNAT so I can’t port forward and reach the internal server. Does anyone have any suggestions for getting around this or some solution I may not have though about?
Thanks in advance for any help.
Thanks for the quick reply, I wasn’t aware I could get a public IP through Starlink. I read that this wasn’t offered and couldn’t find a way to do it, but I might have been reading old information. I’ll look into this further. The second option won’t work as it’s not a person but a service that needs to access the internal server and I have no control over that resource.
Yeah they were on a residential account so that option wasn’t available. Thanks for your help, I’d not used Starlink before so wasn’t familiar. I haven’t used Tailscale either, that is very interesting. I’ll have to look into this and test it out.
Many of us that are forced into CGNAT use a VPS and setup a Tailscale or VLAN between the VPS and our home labs and other services. T-Mobile and AT&T for 5G internet do not offer a static IP for non-Business accounts and as stated above Starlink does the same.
The only issue I has with the VPS is that my inbound email to my personal E-Mail server had SPF checking turned on. And traversing the VPN tunnel uses NAT for inbound IP addresses thus any site that sent email and had a valid SPF record was being rejected due to the address being the interface of the host end of the tunnel. I had to turn off the SPF checking feature in my E-Mail server and things are back to normal minus the extra protection SPF checking provides.
So far, it’s costing me about $6/month for my DigitalOcean VPS that hosts HA proxy to route in web services , and native IP tables to bring in TCP apps such as E-Mail services and others.