Shared IPv4 with Port Forwarding in Dual Stack or Dual WAN
Whether it's IoT, local servers, NAS devices, or many other applications, the external accessibility of local services is crucial for many of our customers. However, some of our customers face more complex challenges that make this external accessibility difficult. Customers with cable internet, who are not assigned their own IPv4 address, and those who need load balancing or failover due to weak connection performance are particularly affected.
For us, it is therefore essential to assign our customers their own IPv4 address independently of their internet provider and to enable port forwarding. This not only ensures the necessary accessibility but also provides the flexibility and reliability that modern network requirements demand.
Our concept is equally suitable for both private and business customers and, in our view, represents a cost-effective solution.
Why is a VPN a Useful Bridge?
To make a server externally accessible, the traffic must exit the local network and re-enter from the outside. For traffic from the internet to reach the local network, routing based on an IP address is required, and the relevant ports must be opened in the local firewall. However, if no unique IP address is available, a VPN can help.
With a VPN, it is possible to create a tunnel from the outside into the local network. We have tested several specialized VPN providers, such as Windscribe and Ivacy. These providers offer static IP addresses with port forwarding. However, we were not convinced by the concept and reliability of these solutions.
Static IPv4 and Port Forwarding:
Here's How It's Done!
Since the VPN serves as a bridge between the local and external network, a VPN is necessary for our project. There are various protocols; we often use OpenVPN. For better performance and higher bandwidth, however, WireGuard is recommended. Cloud servers have become so affordable that we can do this much cheaper than with commercial VPN offerings. However, the VPN must be set up manually.
Using an Nginx Reverse Proxy or IPTables NAT prerouting, the traffic on the cloud server can be routed to various devices within the VPN. The VPN profiles can then connect to the VPN server through various means, whether IPv6, IPv4, Dual Stack Lite, mobile internet, or Starlink. Once the devices are connected to the VPN, the traffic can be routed accordingly.
Our graphic aims to illustrate how we already have such a setup in operation. In our setup, we face two main challenges: Dual Stack and Dual WAN. That is, two independent internet connections, both without public IPv4 addresses.
Specifically, our setup consists of the following components:
- Cheapest cloud server from Hetzner
- OpenVPN server
- Own IPv4 address
- Synology router with failover and load balancing
- Various local devices and servers
We did not purchase any additional hardware or software for our configuration, making the cloud server the only cost-incurring component.
Synology Devices: Synology devices offer a user-friendly graphical interface for management, where a VPN profile can be set up as a network adapter. This VPN can then serve as the default interface while the NAS remains accessible in the local network via the router-assigned local IP address.
Other Servers: Our Portainer host runs on an Ubuntu 22.04 server that automatically connects to the OpenVPN server at startup. Similar to the Synology NAS, bridge mode is active here as well, making services accessible both in the local and VPN network. Each device receives its own profile from us and gets its own address in the VPN network. We can then use these addresses for port forwarding to ensure efficient and secure accessibility.
How to Set Up Port Forwarding with Dual Stack and Shared IPv4?
The installation of a cloud server, for example with Ubuntu 22.04 and OpenVPN, is manageable in terms of complexity. However, creating a step-by-step guide is difficult for us because the necessary steps can vary depending on local conditions. We are happy to assist you with advice to optimally adapt the installation and configuration to your individual requirements. Do not hesitate to contact us to benefit from our expertise and receive a tailored solution for your needs.
What Are the Advantages and Disadvantages of This Concept?
Our concept offers a good solution for our customers who do not receive their own IPv4 address. However, there are several points to consider. Remember to only open the ports necessary for your applications. Please use a firewall. Hetzner also offers a one-click solution to further secure your cloud server.
By renting IPv4 addresses independently of your internet service provider, you can release your services on the internet more flexibly. The regional location of a server is therefore not relevant. It is also possible to combine multiple services from multiple locations.
Depending on the hardware and software combination, using a VPN can significantly impact your internet bandwidth. Your ping will also increase due to the additional layers in your network configuration.
Hetzer Online - Very good prices cloud-servers ready in seconds
This is a referral link, I will get some benefits for new customers. Go To Hetzner