Port Forwarding from VPS


This isn’t about WSERemoteApp but maybe someone here can refer me to an information source to solve my problem.

I currently use WSERemoteApp on Win Server Std 2019 with the WSEE installed. That works because I have a public IPv4 address from my ISP, Cox Cable. I hope to switch to T-Mobile Home Internet to cut the cost by more than half and double the speed, with no data limits.

The problem is that the T-Mobile network uses CGNAT. There’s no such thing as an IPv4 address, there is no port forwarding, and the router doesn’t do bridge mode. That means I can’t get access to my server from outside my private network.

I’ve read that I can create a low-cost virtual private server (<$5/mo) outside T-Mobile and forward ports through a VPN tunnel to my server through the T-Mobile network. Unfortunately, I can’t find info how to do that. Can anyone direct me to instructions?

  • You must to post comments.
Good Answer

Alas, I’m afraid that you’re completely outta my league on this one seeing as I’ve never attempted something like that before.

I doubt that you’ll get any outside help on such a question here… You’re probably much better off just omitting the reference to WSE RemoteApp from the question (i.e. just make it more generic) and then posting it over in Microsoft’s Windows Server Essentials support forum instead.

Best of luck!

  • You must to post comments.

I appreciate your having responded. It looks like I can accomplish what I need by combining TorGuard VPN with a router that supports WireGuard as a client. The router (in my case, possibly a GL-INet AR750S) has an always-open connection to the VPN and can limit use of the VPN to a single IP address, e.g., the server. All other clients of the router aren’t restricted by the VPN.

TorGuard provides a public IP address and forwards ports back to the WireGuard client. Connections to the public IP route through the VPN, sidestepping the T-Mobile IPv6 issue. Unfortunately, that does result in double-NAT and, since T-Mobile’s CGNAT is actually double-NAT, having the router behind the T-Mobile modem is actually triple-NAT. Speeds through the VPN may be limited more by the router CPU than by the ISP connection.

DDNS from the server goes out the VPN, reporting the TorGuard IP address. The last point is untested but is my interpretation of how it works.

  • Mike
    Glad to hear that you’ve managed to figure it out. Thanks for sharing how you got there. ; -)
  • You must to post comments.

It sounds like a VPS may be cheaper and more efficient (faster) but is outside the scope of my knowledge at this point. Forwarding ports, I understand.

A VPS involves setting up a tunnel between the server running in the cloud and my server running behind the T-Mobile gateway. Apparently a barebones VPS is available for < $3/month and Linux is free. What I don’t know is how to set up the tunnel and, since it would involve configurations on an OS I’ve never used, will take time. I’m particularly concerned about making unwitting errors and exposing my server to serious security problems.

  • You must to post comments.
Showing 3 results
Your Answer
Post as a guest by filling out the fields below, or you may to post using your existing user account (register to create a user account if you do not already have one). Guest's questions will be moderated before being posted. NOTE: Your email address will not be published, nor will it be used for marketing purposes, etc. (as per our privacy statement).
Answer Details*
File Name Size
There are currently no files uploaded.
Maximum number of files 4, maximum file size 5MB.
Supported file formats: gif jpeg jpg png

Featured Questions

Recent Questions & Answers

Q&A Toolbox