Port Forwarding from VPS
This isn’t about WSERemoteApp but maybe someone here can refer me to an information source to solve my problem.
I currently use WSERemoteApp on Win Server Std 2019 with the WSEE installed. That works because I have a public IPv4 address from my ISP, Cox Cable. I hope to switch to T-Mobile Home Internet to cut the cost by more than half and double the speed, with no data limits.
The problem is that the T-Mobile network uses CGNAT. There’s no such thing as an IPv4 address, there is no port forwarding, and the router doesn’t do bridge mode. That means I can’t get access to my server from outside my private network.
I’ve read that I can create a low-cost virtual private server (<$5/mo) outside T-Mobile and forward ports through a VPN tunnel to my server through the T-Mobile network. Unfortunately, I can’t find info how to do that. Can anyone direct me to instructions?
- SomebodyInGNV asked 3 years ago
- You must log in to post comments.
Alas, I’m afraid that you’re completely outta my league on this one seeing as I’ve never attempted something like that before.
I doubt that you’ll get any outside help on such a question here… You’re probably much better off just omitting the reference to WSE RemoteApp from the question (i.e. just make it more generic) and then posting it over in Microsoft’s Windows Server Essentials support forum instead.
Best of luck!
- Mike answered 3 years ago
- You must log in to post comments.
I appreciate your having responded. It looks like I can accomplish what I need by combining TorGuard VPN with a router that supports WireGuard as a client. The router (in my case, possibly a GL-INet AR750S) has an always-open connection to the VPN and can limit use of the VPN to a single IP address, e.g., the server. All other clients of the router aren’t restricted by the VPN.
TorGuard provides a public IP address and forwards ports back to the WireGuard client. Connections to the public IP route through the VPN, sidestepping the T-Mobile IPv6 issue. Unfortunately, that does result in double-NAT and, since T-Mobile’s CGNAT is actually double-NAT, having the router behind the T-Mobile modem is actually triple-NAT. Speeds through the VPN may be limited more by the router CPU than by the ISP connection.
DDNS from the server goes out the VPN, reporting the TorGuard IP address. The last point is untested but is my interpretation of how it works.
- SomebodyInGNV answered 3 years ago
-
Glad to hear that you’ve managed to figure it out. Thanks for sharing how you got there. ; -)
- You must log in to post comments.
It sounds like a VPS may be cheaper and more efficient (faster) but is outside the scope of my knowledge at this point. Forwarding ports, I understand.
A VPS involves setting up a tunnel between the server running in the cloud and my server running behind the T-Mobile gateway. Apparently a barebones VPS is available for < $3/month and Linux is free. What I don’t know is how to set up the tunnel and, since it would involve configurations on an OS I’ve never used, will take time. I’m particularly concerned about making unwitting errors and exposing my server to serious security problems.
- SomebodyInGNV answered 3 years ago
- You must log in to post comments.