[TriLUG] Getting around ISP port blocks with VPN?

David Both via TriLUG trilug at trilug.org
Thu Jul 23 10:05:56 EDT 2020 

I went this route a few months ago. I moved from Spectrum to AT&T 
residential Gb fiber. It was nearly painless. The key for AT&T and the 
Arris router is that the blocking is done by the router/modem and the 
admin access information is on a sticker on the router. Do you have AT&T 
fiber in your area or some other? Be sure to check with your provider.

The details here I have also posted on my web site at:


    Network migration complete <http://www.both.org/?p=1544>

by David Both <http://www.both.org/?author=2> • January 21, 2020

The migration to AT&T fiber is now complete and everything went very 
well. Of course that is not to say it was problem-free.

I have never been a fan of AT&T but my previous provider has been unable 
to resolve issues with the network just dropping out and the 
modem/router rebooting at frequent and inopportune times. But the speed 
of fiber and the fact that it is symmetric with upload and download 
speeds at 1Gb rather than uploads being so much slower as wih my old 
provider, and the fact that it is significantly less expensive, I 
decided to switch.

I wanted to go with residential service which is much less expensive but 
I had some concerns about needing static IP addresses and with issues I 
have seen with blocked ports like 25 for email. I run my own web and 
email servers so that was important to me. After a chat session with a 
fairly knowledgeable rep and talking with a sales person on the phone, 
they both said that the static IP addresses were not a problem and that 
the installation tech could help set that up as well as deal with 
blocked ports.

They were right. Which was a surprise to me.

Scott, the installation tech called me the morning of the installation 
to let me know he was on the way and he was delayed only slightly due to 
traffic. We discussed my needs for a few minutes and he assured me that 
we could do exactly what I needed. As a gamer, he was very knowledgeable 
and understood what I wanted and why.

After doing the physical installation of running the fiber from the 
street to my home office, we worked together to install the modem/router 
in my desired location and get it and the ONT plugged into a UPS, cabled 
together, and connected to the fiber. I would not let him into the 
narrow space available to do that so we worked together on it.

He installed updates to the Arris modem/router and we were ready to go. 
He showed my on his hand-held tester that the rates were both within a 
decimal point of 1Gb. We easily got the static IP addresses configured 
on the router.

I then reconfigured my own internal router. We did have some issues with 
blocked ports. Although I could browse the web and SSH to remote hosts, 
nothing was able to initiate connections to my router/firewall. After 
calling around to various support systems inside AT&T, Sctt and I 
figured out how to unblock the needed ports and everything was working 
fine.

I did have some issues with speeds, but those problems were with my own 
older Linux computer that I was using for my router/firewall. I moved 
the hard drive from that machine to a newer one, installed the needed 
network adapters, made a few configuration changes and all is now well.

It just took longer than I expected but everything seems to be working 
very well now. Thanks for your patience and I hope you were not 
inconvenienced by the outages during this time.



On 7/22/20 4:58 PM, Brian via TriLUG wrote:
> Hey Gang,
>
> I currently have business-class cable internet.  I've been thinking 
> about dumping it for residential fiber.  What I'm trying to figure out 
> is the best way to deal with possible port blocking that might be in 
> place on the residential services.  Having a secured tunnel to some 
> public interface out in the cloud somewhere seems like a possible 
> approach, but I don't really know what words to use to describe it to 
> Google well enough to find people selling such a thing.
>
> Presently my home server/firewall simply has a public interface with 
> ports open for the services I host.  What I imagine is instead there 
> being a VPN (or some other secure tunnel) to a server in the cloud 
> somewhere through which all my server traffic (i.e. connections 
> initiated from outside) would be routed, thereby sidestepping any port 
> blocks on my local ISP.
>
> Is this a thing?  What do you call it?  Does anybody on the list 
> already do something like this?
>
> Thanks,
> -Brian

-- 


*********************************************************
David P. Both, RHCE
He/Him/His
*********************************************************
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*********************************************************
The value of any software lies in its usefulness
not in its price.

— Linus Torvalds
*********************************************************

More information about the TriLUG mailing list