Using VPN or Cloud VM to bypass CGNAT.

varkey

Regulars
Jun 11, 2006
631
215
@achaudhary997 So I tested ZeroTier with Miniupnpd (for automatic port forwards) on DO and it works.

I wrote a script (initial attempt, crude) that can be used as the DO user data script which automatically installs ZeroTier and configures miniupnpd -- Source

You still need to manually authorise the new ZeroTier member and add the default route through the ZeroTier console.

1. Create a new DO droplet (has to be Debian/Ubuntu as the miniupnpd package was available in the package repository, was not there on CentOS) using the above user data script.
2. Authorise the new ZeroTier member from the console.
3. Add a default route pointing to this new ZeroTier IP address.



4. On the client devices, enable "Allow managed" and "Allow default"



That's it, now your internet gets routed through DO and if you launch any upnp or NAT-PMP enabled services it would auto create the required port-forwards. Just uncheck "Allow default" when you want to disable routing traffic through the DO droplet.

To test the port-forwards which got created, I used upnpc

Code:
Viveks-MacBook-Air:bin varkey$ upnpc -m zt0 -l
upnpc : miniupnpc library test client, version 2.1.
 (c) 2005-2018 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://172.22.248.15:35713/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://172.22.248.15:35713/ctl/IPConn
Local LAN ip address : 172.22.122.186
Connection Type : IP_Routed
Status : Connected, uptime=1143s, LastConnectionError : ERROR_NONE
  Time started : Mon Apr 22 00:06:06 2019
MaxBitRateDown : 10000000 bps (10.0 Mbps)   MaxBitRateUp 1000000 bps (1.0 Mbps)
ExternalIPAddress = 68.183.86.250
 i protocol exPort->inAddr:inPort description remoteHost leaseTime
 0 TCP 57108->172.22.122.186:57108 'NAT-PMP 57108 tcp' '' 2556
 1 UDP 57108->172.22.122.186:57108 'qBittorrent/4.1.5 at 172.22.122.186:57108' '' 603756
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)
Viveks-MacBook-Air:bin varkey$


🎉
 
  • Like
Reactions: achaudhary997

achaudhary997

[OP]
Regulars
Apr 15, 2018
131
51
Finally, a usable bypass for dual nat with pmp :).
Thanks for going through the pain of setting it up. Now I can actually pay for do without worries (after my free credits expire).

I will extend/work upon the script you have given and will update it (if required or if I find something more interesting to add) and post here.
 
  • Like
Reactions: varkey

varkey

Regulars
Jun 11, 2006
631
215
No worries, I was curious myself and had to try it. :D Setting up miniupnpd turned out to be a bit hacky, the scripts in debian miniupnpd package as is didn't work very well with DO, and had to tinker a bit. (Still not liking it :LOL: )

Feel free to modify/add/tweak the script. 🚀
Perhaps automatically authorising the new ZeroTier member and adding the default route would be a good idea (ZeroTier API supports it), that way can easily launch a new DO droplet if you want go via a different DO region or something. Can create and destroy the droplets as needed. :D