Is DIRECT connection possible if my network is behind CGNAT?

warheat1990 · June 30, 2023, 2:11pm

I’m using OPNSense with Zerotier plugin. All good except speed is very slow.

I checked zerotier-cli peers and it looks like this

the b015 is the client (my phone)

So, is it possible to get a DIRECT connection if I’m behind CGNAT?

I also saw this link docs(dot)zerotier(dot)com/devices/opnsense/

ZeroTier clients behind OPNsense#
If you have computers behind an OPNsense router, they probably won't be able to make make direct, peer to peer ZeroTier connections. pf based routers use Symmetric NAT otherwise known as Endpoint Dependent NAT. This is unfriendly to any peer to peer protocol.

Here are some options:

UPnP/NAT-PMP#
ZeroTier will use UPnP or NAT-PMP if they are available.

Obviously UPNP will be useless as I’m behind CGNAT. Is there any other way?

mdr · July 2, 2023, 12:32pm

CGNAT introduces an additional layer of NAT. Try switching to IPv6 on both endpoints.

See also this link: Troubleshooting & FAQ | ZeroTier Documentation

system · August 1, 2023, 12:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.