Port forwarding

Hi,

I am trying to open a port for a VPN service. This is critical as I work from home.

Device Type ZXHN H298A V1.0
Hardware Version V1.0.25
Software Version V1.0.25_HOP.1T7
Boot Version V1.0.2

My public IP is different to the WAN IP of my router. Therefore I believe my router is is not directly connected to the internet but to another router.


I am in a fairly new block of flats. Has anyone else experienced this issue and what did they do to resolve the problem? I am posting here before contacting Hyperoptic because I believe their support may not be able to help effectively.

I've read some forum post that suggest I need a static IP address from Hyperoptic. Will that provide the public IP I need to port forward?

Yes you need a real public IP for any service you run on your internal network which you would like to be reached from the outside, such as via a port-forward.

However for VPN you only need port-forwarding if you are the server,
you don't need that if you are the client connecting to a workplace service in order to work from home.

Indeed a workplace VPN that required changes the network to wherever you are currently staying or visiting to use your device would not be very practical !

The device details don't matter - it is what type of VPN and who is initiating the connection to where.

In reply to a post by Lum:

My public IP is different to the WAN IP of my router. Therefore I believe my router is is not directly connected to the internet but to another router.

That’s simply known as Carrier Grade NAT. It won’t at all stop you connecting (as a VPN client) to a VPN server hosted by your work.

As said above, you don’t need to open ports or muck around with port forwarding either.

My wife and I regularly connect to either her work VPN server or me to my home/work VPN server whether we’re working from home, or via third party internet connections or just from our mobiles using hotspots. Never had an issue connectivity wise if your VPN software is setup correctly on your end user device.

Different kettle of fish if your hosting a VPN server, but that doesn’t sound like what you’re wanting to do.

Edited by Pheasant (Thu 22-Jul-21 12:46:07)

Unless, of course, the Carrier Grade NAT's subnet clashes with the subnet at the VPN server's end.

It would be nice if all CSPs used the 100.64.0.0/10 shared address space specifically for CGNAT which should minimise any issues.

Edited by adrenalize_ (Thu 22-Jul-21 20:46:38)

That would be rather a rathe unfortunate and (hopefully rare circumstance). However still not the end of the world as they could allocate a fixed IP for the punter. Albeit at a cost of a fiver a month. In which case I would try to come to arrange my with my employer to cover the additional cost.

Need little more info.
Where are you running VPN from at "home" Router/Computer (what os)?
Port forwarding? Are you being the VPN client/server?.
There also a beng vpn reverse tunnel the only reasion why I mention this as your going on about port fowrding and being behind CNAT and that only comes in to play when want to be a VPN Server.