Links to articles for setting up a relay or VPN to bypass CGNAT?

I have a friend that lives in farm country in Michigan, His DSL services has given him like 12 mbps services down and 1 mbps up and now T-Mobile has advertised that he can get 5G services from them that supposed to have better speeds and probably better reliability than what he is getting from the local ISP.

The issue is that right now he has ports opened for VPN access to his network and T-Mobile’s 5G networking option is CGNAT. I have done a lot of searching on how to do a VPS/VPN relay option but there doesn’t seem to be a really good article on this. My thoughts are to have his router behind the 5G gateway VPN into a VPS and have the VPS relay inbound connections to his network.

If there is any articles on this that you have used in the past as a guide can you please provide the links?


You might want to look at this

Luckily I’m not on a CGNAT but I thought you couldn’t easily port forward, if that’s the case can’t see how a VPN would work.

My thoughts are is to create a VPN tunnel from their home out to the VPN/VPS in the cloud, The router/or other device would have a VPN client connection to the sever at the hosting company that is two way and persistent. I would open a firewall rule to allow certain ports from the cloud VPN to route to their VNC and other services. The hard part is say if you are hosting Plex where the port for plex needs to be presented on the cloud VPS and then routed into the network via the VPN.

It’s basically the same thing I do with my family’s network, each of their routers VPN into my Untangle as a client and our networks are fully connected together. I then have router rules for split tunneling for services.

It sounds like that is similar to the VPN matcher from Draytek.

Now that you mention it I think QNAP have something similar, albeit, they had some security vulnerability related to that service recently.

Yes I seen QNAP and Synolgoy have this type of functionality with their private access tunnels that they create for remote access that requires no ports open. Here is a a rough diagram of what I am thinking of doing:

What about NGROK?

I use it to remotely access a Netgear R7000 flashed with DDWRT that my son uses in the apartment he lives for his studies. The R7000 is connected to the internet by tethering to his iPhone.

With the same concept there is also The Basics |

Thanks for the info, I will take a look at these two options.