Using EdgeRouter to bypass CG-NAT and connecting via a VPN server
Using EdgeRouter to bypass CG-NAT and connecting via a VPN server
Hello everyone! I’m trying to bypass my CG-NAT to reach two IP cameras from outside my home. First, I understand that my provider doesn’t provide public IP addresses—my service is via 4G and I can pick between two carriers, neither of which offers public IPs. My idea is to rent a cloud VPS that functions as a PPTP VPN server with port forwarding, and then link an EdgeRouter (which hosts the cameras) to it. Everything works fine: the VPN operates smoothly, port forwarding is functional, and I can browse normally through the tunnel. The tricky part is getting port forwarding to work on the EdgeRouter side. I’ve managed to connect to the VPN server and obtain an IP address, but when I try to expose a regular HTTP port (like 8080), I see SYN packets in WireShark without any response reaching the destination. It feels like the NAT configuration is blocking the traffic. I’ve attached a diagram of my network layout if that would help. Any suggestions would be greatly appreciated!
Security cameras connected via public ports pose serious risks. Tailscale or comparable solutions offer superior protection at no cost. Agent-DVR or iSPY work well on older Windows systems—DVRs can run in Docker containers, Raspberry Pi, Windows, x86 Linux, etc. Install Tailscale to link the devices you wish to monitor. Tailscale eliminates the need for port forwarding and functions perfectly with CG-NAT ISPs (like Starlink). It can be deployed on nearly any device. Agent-DVR serves as a user interface for networked or USB cameras, while Tailscale lets you securely access the DVR web interface over the internet without relying on an edge router.
right, then i can use ffmpeg + HLS behind password and only expose a secure HTTPS server running on the VPN Server, but still, even if i don't expose RTSP to the internet, i still need to open its port from the router towards the VPN server, so that at least i can access it when connected via VPN. Also, btw, i'm absolutely going to secure RTSP via password and account, it's not like i'm going to host a free password-less RTSP stream for anyone to see.
You're asking if this setup is necessary. There are alternatives like Tailscale that work without any setup or configuration, and you could even use Edgerouter. Using a VPN ensures everything stays encrypted, so there are no security issues. Just remember, this isn't sponsored and I have no connection to Tailscale.
It makes sense why you’re suggesting it, but this isn’t my primary residence—it’s my vacation home. I need something low-maintenance, dependable, and doesn’t require long trips to troubleshoot issues. I’m considering a VPN since I’m comfortable with it and already use Edgerouter.
Discussing VPNs through Tailscale or Cloudflare's zero-knowledge tunnels. https://blog.cloudflare.com/ridiculously...e-tunnels/
well if thatrs the case i cant fix the network packets not working for you, im no vpn expert, thats why i use tailscale to begin with. I have never had any problems with tailscale, ive set it up and its just worked, never had to recoonect anything or nothing, it just plain works. Heres a guide that get its up and running on edgerouter's. https://github.com/jamesog/tailscale-edgeos
Tailscale operates through peer-to-peer connections without relying on proprietary servers.