Hi folks - Allow me to do my best to explain my use case…
I’m a Ham Radio operator (callsign N4NVD). I operate a system over Ham Radio that (amongst other things) stores and forwards ham radio related traffic (emergency and otherwise) via radio. The system also uses the Internet to provide backbone connectivity while/if the internet is available in the intertest of speed, recognizing that even when the internet is down, it’s not down everywhere.
In this scenario internet connection between the various worldwide “nodes” is almost universally accomplished by the use of a dynamic DNS service (to get a “static” address to point to), and the use of port forwarding services on the local router to create a link to another “node” (typically UDP) that carries this traffic. I’ve been operating my installation for almost five years now, and it’s worked very well until recently.
I have recently installed Starlink as my ISP. This is a problem because of Starlink’s use of CGNAT for their addressing - it is my understanding (supported by my personal experience) that dynamic DNS services do not work with CGNAT. I’ve been searching for a work-around, and the most commonly used method that I’ve been able to find is a scenario where a VPN is used with a “static” address that directs the traffic through the VPN to my location.
OK - so far so good. As I understand it, the typical ZeroTier implementation is where each user that wants to connect joins the same network, and as they say “Bob’s your uncle”. In a perfect world, all the operators I connect with would be willing to install ZeroTier and join my ZeroTier network in order to make the connection. However, in the real world it turns out that there is some pretty significant push-back to doing this.
So here’s the question - using ZeroTier, is there an option for me to be able to provide an internet address (IP or domain name) that allows the remote user to access services on my machine (without the necessity of installing the ZeroTier software) and bypasses all the trouble I’m having with Starlink’s CGNAT? If so, how would this be accomplished?
Thanks in advance for your consideration and assistance…
Charlie
I think that is a valid use case. In addition to ZeroTier you will need something that has a public IP address (router, VPS) and is a member of your ZeroTier network at the same time. That device will need to perform a NAT between the external public IP and internal private address of the server that needs to be accessed from the outside. You can have more than one incoming node for redundancy.
Hi Andrew, and thanks for the reply. I did forget to mention in my earlier post that participation in the service is entirely voluntary and also a hobby. I do believe that your solution is workable, but I’m really not keen on adding another recurring expense to the budget that’s purely hobby related, even given that it has a public service aspect.
Ideally what I was hoping to hear is that if a public address wasn’t already available from a ZeroTier node that a DDNS service might be contactable from the ZeroTier node and that a limited number of ports might be allowed to pass its firewalls. Short of that, I’m certainly open to other options like the one that you’ve proposed. I’m also prepared to hear that another scenario besides ZeroTier might better fit my particular use case as a zero dollar, very small or one-time expense.
For me, this is also a search for the best way a Ham whose internet connectivity is hampered by their ISP’s use of CGNAT might be able to participate in this effort with the least expense while allowing his peers to connect without making them need to take steps outside the norms. As solutions such as Starlink proliferate this need will only grow, and I want to help my fellow hams to find a good solution very quickly.
Think of ZeroTier as a pure transport, it can interconnect the nodes across the globe but it cannot provide Internet connectivity on its own. You can probably find dirt cheap VPS, even so called NAT VPS where only a few ports are available with the shared public IP address. Alternatively you can probably find someone from your community (and your future ZT network) who already have a Public IP.
DDNS alone cannot help, it can only simplify the access to a dynamic public IP address.