[TriLUG] Getting around ISP port blocks with VPN?
David Both via TriLUG
trilug at trilug.org
Thu Jul 23 10:05:56 EDT 2020
I went this route a few months ago. I moved from Spectrum to AT&T
residential Gb fiber. It was nearly painless. The key for AT&T and the
Arris router is that the blocking is done by the router/modem and the
admin access information is on a sticker on the router. Do you have AT&T
fiber in your area or some other? Be sure to check with your provider.
The details here I have also posted on my web site at:
Network migration complete <http://www.both.org/?p=1544>
by David Both <http://www.both.org/?author=2> • January 21, 2020
The migration to AT&T fiber is now complete and everything went very
well. Of course that is not to say it was problem-free.
I have never been a fan of AT&T but my previous provider has been unable
to resolve issues with the network just dropping out and the
modem/router rebooting at frequent and inopportune times. But the speed
of fiber and the fact that it is symmetric with upload and download
speeds at 1Gb rather than uploads being so much slower as wih my old
provider, and the fact that it is significantly less expensive, I
decided to switch.
I wanted to go with residential service which is much less expensive but
I had some concerns about needing static IP addresses and with issues I
have seen with blocked ports like 25 for email. I run my own web and
email servers so that was important to me. After a chat session with a
fairly knowledgeable rep and talking with a sales person on the phone,
they both said that the static IP addresses were not a problem and that
the installation tech could help set that up as well as deal with
blocked ports.
They were right. Which was a surprise to me.
Scott, the installation tech called me the morning of the installation
to let me know he was on the way and he was delayed only slightly due to
traffic. We discussed my needs for a few minutes and he assured me that
we could do exactly what I needed. As a gamer, he was very knowledgeable
and understood what I wanted and why.
After doing the physical installation of running the fiber from the
street to my home office, we worked together to install the modem/router
in my desired location and get it and the ONT plugged into a UPS, cabled
together, and connected to the fiber. I would not let him into the
narrow space available to do that so we worked together on it.
He installed updates to the Arris modem/router and we were ready to go.
He showed my on his hand-held tester that the rates were both within a
decimal point of 1Gb. We easily got the static IP addresses configured
on the router.
I then reconfigured my own internal router. We did have some issues with
blocked ports. Although I could browse the web and SSH to remote hosts,
nothing was able to initiate connections to my router/firewall. After
calling around to various support systems inside AT&T, Sctt and I
figured out how to unblock the needed ports and everything was working
fine.
I did have some issues with speeds, but those problems were with my own
older Linux computer that I was using for my router/firewall. I moved
the hard drive from that machine to a newer one, installed the needed
network adapters, made a few configuration changes and all is now well.
It just took longer than I expected but everything seems to be working
very well now. Thanks for your patience and I hope you were not
inconvenienced by the outages during this time.
On 7/22/20 4:58 PM, Brian via TriLUG wrote:
> Hey Gang,
>
> I currently have business-class cable internet. I've been thinking
> about dumping it for residential fiber. What I'm trying to figure out
> is the best way to deal with possible port blocking that might be in
> place on the residential services. Having a secured tunnel to some
> public interface out in the cloud somewhere seems like a possible
> approach, but I don't really know what words to use to describe it to
> Google well enough to find people selling such a thing.
>
> Presently my home server/firewall simply has a public interface with
> ports open for the services I host. What I imagine is instead there
> being a VPN (or some other secure tunnel) to a server in the cloud
> somewhere through which all my server traffic (i.e. connections
> initiated from outside) would be routed, thereby sidestepping any port
> blocks on my local ISP.
>
> Is this a thing? What do you call it? Does anybody on the list
> already do something like this?
>
> Thanks,
> -Brian
--
*********************************************************
David P. Both, RHCE
He/Him/His
*********************************************************
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*********************************************************
The value of any software lies in its usefulness
not in its price.
— Linus Torvalds
*********************************************************
More information about the TriLUG
mailing list