search

superczar / home-assistant

Configuration and setup details for Home-assistant
105 stars 6 forks source link

CGNAT Network Setup #2

Open dejab opened 1 year ago

dejab commented 1 year ago

Enjoyed reading the details of your HA setup. What I was most interested in was your solution and configuratioin for CGNAT. I live in a remote area and have few ISP options. T-Mobile Home Internet became available and I jumped on it. The good: Reliable Service and descent speeds for $50. The bad: CGNAT.

Can you share the details and steps you took to configure a port through the Lightsail. I truely think this is the path I need to follow.

Thanks in advance.

superczar commented 1 year ago

Thankfully, one of the biggest ISPs in my country extended their coverage to my house.. which means a gbe internet with a static ipv4 address .. yay.. However , setting up a VPN punchhole isn’t too difficult either - for your usecase.

You will however need either your router, or an always on linux machine on your network to set this up. I will assume you are choosing the latter path.

1) Setup an openvpn server on lightsail and an openvpn client on said linux machine (plenty of guideson the interwebs for this) - and assign it a fixed ipv4 address 2) enable ipv4 forwarding on the lightsail instance sysctl net.ipv4.ip_forward=1 3) add your desired port forwarding rules on the lightsail instance e.g. sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.8.0.2:3389 (replace 10.8.0.2 with the client vpn address and similarly for the port - which in this examplle is forwarding packets on public ipv4 port 443 to 3389 on the linux machine on your lan) 4) Enable NAT on lightsail instance iptables -t nat -A POSTROUTING -j MASQUERADE

Now you will have to repeat steps 2-4 on aforementioned linux machine so that packets forwarded to 10.8.0.2 are reforwarded to the LAN IP of your HA instance.. or if you are using a router as openvpn client, setup port forwarinf rules from the VPN client to the HA instance.

Do note that iptable rules are not persistent . To make thE. change survivE over reboots, you would need to :

5) Install the packages: iptables-persistent and netfilter-persistent on both lightsail and local forwarder 6) Save the changes netfilter-persistent save Hope this helps

dejab commented 1 year ago

Perfect - All done. Thanks so much for the Lightsail lesson. I had the same configuration on my routers already. After a few hours of searching for specific functions/program/commands, like saving iptables to survive reboots, its functioning perfect. I'm not a linux guy, but I can usually stumble my way through. I'm actually using two routers as the openvpn clients.

Thanks again for the help.