OpenVPN with Starlink?

JimS

Senior Member
Just got my Starlink antenna and got it set up.  Now I find some complication with OpenVPN.  With DSL I just bridged the modem and it worked.  Starlink makes this more complicated.  Not sure I can even describe all the details right so will leave it at that.  Anyone done this or can provide some pointers on this?
 
Curious what you want to use OpenVPN for?
 
Here using OpenVPN / Wireguard clients on my Ubuntu laptops via PIA (Private Internet Access). 
 
Noticed lately that many websites block these VPN servers in the cloud connections.
 
Using a TOR OS or TOR client for surfing works well and are not blocked by web sites.
 
You can install a TOR proxy server or OpenVPN client directly on to PFSense if you want.  
 
The above written here only use VPN clients external to home connected clients to the PFSense VPN servers.  (IPSec, OpenVPN or Wireguard - have all three running now).  (Homeseer, HA, Zoneminder, BI, OmniTouch Pro Snaplink running on clients).  IE: Windows, Android, iOS clients on the WAN.
 
Here my T-Mobile CPE also uses CGNAT.  The CPE modem does not let me bridge the LAN to the WAN port.  Will test it today for my VPN client access by shutting down the XFinity ISP connection (PFSense is using the T-Mobile CPE as failover).  The CPE modem also has built in VPN server and DDNS which is not enabled at this time.
 
I have a PFSense VBOX running on my Ubuntu laptop and will connect it to the Ethernet interface on my CPE (which has batteries) and test out my Android client to said VPN server running on the VBOX.
 
 
Have a look here:
 
OpenVPN client traffic to Starlink (CGNAT)
 
There are also discussions about this on Reddit and the OpenWRT forums.  
 
My understanding of the issue is that with CGNAT the IP4 address doesn't just point to your network but is at a higher level so may include many other networks.  So the conventional ddns method of putting your IP on a static site doesn't work.  I have seen some things about getting a cheap static site and then doing a constant tunnel between your network and the site so the VPN can connect to the static site.  I may not have all the details exactly right.  Here's a site that gives a way to do that.
https://di-marco.net/blog/it/2022-01-01-lte_and_starlink_isp-access_to_your_lan_from_outside/
 
Thanks Jim.  I had read about using a VPS to do this. 
 
Will be testing here with a PFSense VBOX (laptop) directly connected to the LTE CPE combo router.  
 
 
Will copy my configuration to the VBOX and use the CPE as a primary gateway.
 
There is a DDNS client on the combo LTE CPE that I am using with No-IP dot com.
 
I see an IPv4 address on No-IP dot com and an IPv6 address on the CPE gateway status.  
 
I read some place that T-Mobile is only using IPv6 these days.
 
Tinkering some yesterday with IPv6 on the T-Mobile CPE.  I cannot bridge the WAN to the LAN interface on the CPE.  Might be able to do that if I used a GliNet CPE for my T-Mobile access.
 
Sort of a PITA that I am using double NATing at home and the ISP network is NAT'd before it gets to me.
 
I got the T-Mobile IPv6 correctly configured yesterday using SLAAC (Stateless Address Autoconfiguration).  I read that the OpenWRT folks are passing IPv6 thru the interface using IPv6 relay proxy.  Note T-Mobile only uses IPv6 on their network these days.  Someone also mentioned changing the MTU from 1500 to 1253 on the CPE PFSense WAN interface.  Note RTT now is 4.7ms for this connection.
 
There are many forum posts on many forums relating to the T-Mobile "trash can"  (Nokia 5G home gateway) and the new Starlink router and network.
 
I read too that there is a "business" T-Mobile 5G home gateway configuration that allows for inbound VPN access (static Internet IP)...not sure if Starlink will be offering this).  Bridge mode is currently in the future for the new Starlink router.  See too that folks were just using their own routers with first generation Starlink Ethernet cable.
 
Having trouble getting to cocoontech site via Starlink.  Works fine through dsl.  Error says cloudflare Chicago timed out connecting to cocoontech.com.  Hmmm.
 
Having trouble getting to cocoontech site via Starlink.  Works fine through dsl.  Error says cloudflare Chicago timed out connecting to cocoontech.com.  Hmmm.
 
Testing today via XFinity and T-Mobile CPE and PIA and TOR.
 
This is the same issue I have using Firefox for Cocoontech for many years now.
 
It is documented over here.  I have always had this issue running Firefox.  So use Chrome (hate it).
  FireFox browsers do not function - Error 522
 
TOR browser running on Ubuntu 20.04 works fine with Cocoontech.
 
I still have an OpenWRT microrouter configured with TOR OS and it works fine today.
 
Chrome works fine with Cocoontech.
 
Weird!  Edge works.  Firefox works if I use my DSL internet connection.  The exact same FF browser on the same PC fails if I connect through Starlink.  
 
Set up a VPS with Oracle that is free.  Set up OpenVPN on that - that's working.  Now working though setup and link back to pfsense box at home.  Lot's of web pages that are somewhat close but haven't found a detailed write up of what needs to be done so it is slow going. 
 
That looks like the same thing.  Here is one of the pages that led me there:
https://blogs.oracle.com/developers/post/launching-your-own-free-private-vpn-in-the-oracle-cloud
 
I didn't have to do the scripting stuff. Apparently that is done automatically now. I am to the point were I can connect to the oracle site with my android phone.  I have the openvpn app and generated an ovpn (think I got the letters right) file that you import into the app that sets up to connect.  Still need to do the pfsense end and set up routes, etc to tie things together. but I am a little lost.  If you have any good links on how to do that it would be very helpful.
 
Back
Top