Linguafoeda Posted December 24, 2023 Share Posted December 24, 2023 (edited) Hi all - I recently changed IP addresses, routers & ISP and now none of my DuckDNS / Wireguard / NGINX Proxy manager external sites are working. This has broken ability of accessing Emby (which I was accessing via SSL port forwarding), VPNing into Unraid with Wireguard and other functionality that used external access. I previously had the Ethernet plugged directly from my TPLink Archer router into the 2.5gbe eth0 port on my Mobo --> now have Google Wifi puck feeding into a TP-link TL-SG1024S 1GBe switch that then feeds into the same 2.5gbe port. I set up DHCP reservation on my new router To keep the same LAN IP (192.168.0.xxx) and then forwarded the exact same set of 4 ports I had on my old Archer Router (see below for port forwarding in old vs. new setup). I checked the external IPv4 shown on https://www.duckdns.org/domains and it matches the server external IP shown via the "curl ifconfig.me" command. I checked https://www.canyouseeme.org/ and put in my public IP address:8096 (i.e. the IP shown in duckDNS.org/domains + the port forwarding for Emby SSL), and it gives error: "Error: I could not see your service on xxx.xx.xxx.xx on port (8096), Reason: No route to host". I'm a bit confused how to properly troubleshoot this - is it most likely my Google Wifi is just not forwarding ports correctly? Or does anyone have any other tips on how to get VPN/wireguard/my other external accesses working again Edited January 8 by Linguafoeda Quote Link to comment
Linguafoeda Posted December 25, 2023 Author Share Posted December 25, 2023 bump Quote Link to comment
dgaglioni Posted December 25, 2023 Share Posted December 25, 2023 Quote I checked the external IPv4 shown on https://www.duckdns.org/domains and it matches the server external IP shown via the "curl ifconfig.me" command What about the WAN interface on your router? Does it shows the public IP as well? Are you sure your new ISP modem is in router mode? Isn't the TPLINK your WAN router, why google wifi would influence on your port forwards? Quote Link to comment
Linguafoeda Posted December 25, 2023 Author Share Posted December 25, 2023 7 hours ago, dgaglioni said: What about the WAN interface on your router? Does it shows the public IP as well? Are you sure your new ISP modem is in router mode? Isn't the TPLINK your WAN router, why google wifi would influence on your port forwards? I'm not using the TPLink anymore, that was the old router in the old apartment. I'm now using just the Google wifi pucks -> TPLink 24 port switch -> 2.5gbe Ethernet port on server. I checked my WAN IP for the Google wifi puck themselves and they don't match the IP assigned to the system. My server IP is 170.xx.xxx.79 while Google wifi is showing that the puck the server is hardwired to (via the switch) is 100.xx.xx.116. ipv6 is disabled. Quote Link to comment
dgaglioni Posted December 26, 2023 Share Posted December 26, 2023 You are under a CGNAT network, ask your ISP to remove your connection from this pool and add to the pool of users that receive a public IP. https://en.wikipedia.org/wiki/Carrier-grade_NAT Quote Link to comment
Houmi Posted January 2 Share Posted January 2 @Linguafoeda If you're behind CGNAT, you need a Commercial VPN with port forwarding or a VPS with your own VPN with port forwarding setup. Once you find that provider and setup port forwarding on their page. You have 3 options 1) Setup VPN for the whole system on Unraid 2) Setup VPN for the docker containers only on Unraid (a hassle to pass other containers through it because of port sharing) 3) Setup VPN on a capable router that has port forwarding (I use a Glinet) Quote Link to comment
Solution Linguafoeda Posted January 8 Author Solution Share Posted January 8 (edited) On 1/2/2024 at 4:57 PM, Houmi said: @Linguafoeda If you're behind CGNAT, you need a Commercial VPN with port forwarding or a VPS with your own VPN with port forwarding setup. Once you find that provider and setup port forwarding on their page. You have 3 options 1) Setup VPN for the whole system on Unraid 2) Setup VPN for the docker containers only on Unraid (a hassle to pass other containers through it because of port sharing) 3) Setup VPN on a capable router that has port forwarding (I use a Glinet) @Houmi @dgaglioni so i called my ISP and had them give me a new IP address and now the IP address that shows up under the WAN IP of the main router is the same as the IP address of any device connected to that router (before they weren't matching per comment #1344275 above). so now https://www.duckdns.org/ is showing the same IP address of the router WAN IP. And when i try launch two of my active NGINX proxy manager apps i.e. https://emby.[SERVER].duckdns.org, it correctly works. success! What isn't working is my Wireguard VPN to be able to remote manage my server. When i connect to wireguard VPN on my iphone, it shows it "connected" but won't launch anything. DuckDNS is presumably working since that above emby link is now live (as well as my other one - https://tautulli.[SERVER].duckdns.org/). Do i need to reset up something in Wireguard to make this work? I tried both RTA and RATL on my iphone while connected to 5G to see if it works... no luck. EDIT: restarted server and it's working. Thank you all for the help! Edited January 9 by Linguafoeda Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.