Recently my ISP changed how they route their traffic and instead of having a public IP I can ping from anywhere on the internet, my home router (pfsense) now sits on a “Shared address space” IP in the 100.66.0.0/24 range. (think double-NAT) My web server, my IPV6 tunnel (ping back from HE.net), OpenVPN (for me to get back on my home network) and the github integration with my build server have all stopped working. Dynamic DNS tools and ip chicken find my IP address to be in 207.47.175.0/24. However, because of this extra NAT, no communications can be initiated from the outside…
I appreciate that IPv4 addresses have run out and that such routing is necessary for many ISPs and won’t impact most residential users, however, it does affect me. The cost to get a static IP address with my ISP provider is much more than setting up a small cloud server for VPN and routing the traffic back home.
Most VPN are setup for “privacy” or for hiding your true IP address:
Home Computer -> pfsense -> isp -> internet -> OpenVPN on Ubuntu in linode -> Internet
My problem is the reverse… I want a public IP address so that I can ping back home…
Home Web Server <- pfsense <- isp <- internet <- OpenVPN on Ubuntu in linode <- Internet
Inspired from the videos on pfsense, OpenVPN and using Linode as a VPN “provider”, I am thinking of setting up a VPN server on a small cloud VM and configure it so that any “desired” traffic coming from the internet on the VM would be routed to my pfsense router and forwarded to the appropriate server/service in my home lab (Web, VPN, webhook for github, etc).
So far, I have created a small server on linode, installed Ubuntu 18.x. configured OpenVPN server (as per the video here, configured my pfsense router OpenVPN client, configured the rules on pfsense for forwarding port 80 to my webserver. I also created entries in the linode iptables to forward port 80 to the tunnel.
Pfsense successfully connects to the VPN. Unfortunately, whatever I try to get the traffic flow the other way fails. I don’t think I have everything set correctly for forwarding traffic from the public IP to pfsense.
What tools/methods should I use to test each leg and troubleshoot routing/forwarding?
If you know of a tutorial/page on how to set something like this, let me know. I tried to find something without much success.