Overlay Network and E-Mail Servers

I got a call from a friend that lives and runs a business outside of the rage of most ISP’s and had to settle with T-Mobile’s 5G offering. When he moved there he didn’t think that he would have issues with him running E-Mail and other self hosted services on his Synolgoy until he ran into the problem of CGNAT. Currently we have moved his network equipment into a closet at a friends Motel allowing him to keep things running until we can solve this.

I have been starting to look into overlay networking services that may help in some cases but looking for any examples of folks doing SMTP via a overlay.


Current overlay networks that I am aware of are not really the solution for this. What is needed is a tunnel from some hosted public IP from somewhere like Linode/Cloudflare and then a tunnel that brings the data back to the Synology.

Here are some options

Thanks I will take a look.

To add to Tom’s point: When you have a machine with a public IP somewhere, pretty much any tunneling solution can be used for the transport between it and the actual server. Overlay networks like Tailscale and ZeroTier are just a software configuration layer on top of a tunneling protocol (in the case of Tailscale it’s Wireguard).

In the case of outgoing email, especially if it’s used to communicate with clients, you might want to look into SMTP relays (“smart hosts”). Your mails may be classified as spam when the mail server’s IP address is not reputable.

Thanks @paolo, when I get some time this week I will continue research on the best method to keep his mail server running.

Does he run a business from his home to be able to prove to TMobile that he should be blessed with the business level connection? I think you might be able to get a static IP from them as well, but only if you are a business.
You can also then officially use your own device, like the Chester Tech Cheetah which is easy to connect external antennae:

I need to figure out how I can get the business plan, but even without I do have the Cheetah for the last few months, and I was able to make my connection much more stable with it. Antennae will happen eventually, just for that added signal, my house has aluminum siding which is no good for 5G through the walls!!!

Well he is using the T-Mobile 5G services as for the plan I haven’t asked him yet, if he is business vs. residential I will have him give T-Mobile a call to check availability of static IP’s. But from everything I read about T-Mobile 5G it’s CGNAT on that service.

Long thread, but worth a read:
Looks like having a federal business tax ID and being incorporated as a business is the key, anyone doing this under their personal social security number is going to be denied. I’ve also read that if you work for a company, you can get your company to create a letter of proof that you need to work from home.

And all this also suggests that the manager at the T Mobile store or on the phone isn’t a jerk. If you are paying for the service, does it really matter how you are using it? I definitely use more bandwidth at home than I do at work, even if I need to grab a bunch of OS ISOs to load up something new in my hypervisor.

Someone also mentioned IPv6 as a way to get through the CGNAT. This is something I have not investigated yet but on my list to look at.