CGnat and the pitfalls Anyone suggest a good UK VPN?

[Gremlin]

For some time I have experienced issues with my ISP and upload speeds. In the course of looking into this for myself, I noticed that my ISP-provided router (full FTTP - Fibre To The Premises) was no longer showing my public internet IP address (or DNS, gateway, etc). Rather it was showing what are referred to as BOGUNs. These are blocks of IP addresses allocated to ISPs etc for internal routing.

It took a long time for the ISP (Gigaclear in the UK) to acknowledge what I was telling them and get an explanation of what was going on. It seems they (along with other isps) took a decision to implement CGNAT. {Carrier Grade NAT: https://en.wikipedia.org/wiki/Carrier-grade_NAT } This allows them to allocate (putting it simply) a single public IP address to multiple customers. The ISP did not consider it necessary to advise customers, since

95% of customers won't notice

I guess that puts me in the 5% bracket!

One minor effect is that customers can NO LONGER USE PORT FORWARDING on their router {effectively my router would be behind a 'double nat' and all that encompasses, especially as it is ISP controlled.

So, if you want @TMSupport to look at your NAS, you are out of luck.

There are ways to overcome this but, for now, I have chosen the cheapest, which is to ask to go back on a dynamic IP address direct to my router. I could get them to put me on a static IP, but I have no guarantee that they won't try it on again. No doubt the intention is to put all their customers on CGNAT. One possibility is to use a VPN to bypass CGNAT and use the VPN address to access my site, but that obviously will incur expense in one way or another. Cannot readily change supplier ISP either as Gigaclear is the only Fibre supplier in the area. (Not even FTTC - still in 20th Century here, or maybe 19th)

So, can anyone suggest a reasonable way to implement a 'proper' VPN for my internal network to the outside world? (and back again)

[pgreenland]

Hey,

Just wondering if you've made any progress on this, the returning to a dynamic IP or getting a static IP from gigaclear?

I had a dynamic IP from them last night and appear to be behind CGNAT this morning. Spent half an hour trying to trace why my VPN packets weren't reaching the server anymore. Looking at the IP reported by the router, vs the IP reported by the internet I'm suddenly in the 5% club too.

In terms of a different approach, it looks like I'll have to do what I did for the LTE backup I've been using all day (which like most mobile operators uses CGNAT too). I have my VPN server reach out to a node on the internet (an AWS server in my case), thereby punching a hole through the NAT, which it maintains 24x7 to a server which has a static IP. I can then use that to forward my still encrypted VPN traffic back to my real VPN server behind all this NATTy nastiness. It's horrible but functional.

Thanks,

Phil

[Gremlin]

Last Friday I was promised action on the IP address and ..... nothing. More concerning at the moment is the 3-8Mbps upload speeds. Been ongoing for months and they don't seem to have a clue. (Gigaclear customer service sucks, big time.)i

[pgreenland]

I've not heard all that many good things about them tbh.

We had ours installed, the chaps were very nice but managed to put a 90 degree bend in the fibre, so it failed the next day.

Took them a week to get an engineer out to look at the new install. He was very helpful, worked directly for gigagclear and not their installer. Found and fixed the problem in the space of 30 mins. Gigaclear did compensate us with a first month free after a lot of complaining.

So far, an outage a month seems to be the order of business.

Speed wise, we've not had any issues. It works great, until it doesn't work at all.

With BT....despite it being slow and expensive, it very rarely went down.

Now I've had to take out a separate SIM contract for a random junk box 4G modem just to make sure I'm able to get online during working hours (I work from home so getting out and getting in are key).

Today appears to be CGNAT day....kinda missing the 70mb plod of BT now (spoken in hush tones).

I'd be interested to hear how you get on with the IP. I'll be calling them myself shortly. Although I'll feel bad breaking a support monkey by knowing more about networking than them.

I tried to look on their support site a moment ago. The support link on the main menu of their website takes you to their version of a 404....kinda fitting really .

[Gremlin]

Thought I should update this thread regarding Gigaclear.

After much telephone bashing (me, in frustration) I spoke to someone in another department (some fancy name I cannot recall) designed to try and keep customers. Now, I was well out of contract by this time and not really interested in entering another contract but I did finally agree since I was promised "an upgrade will fix the problem". Would it ****! But, now I'm under contract again, might I actually get some service?

Anyway, part of the agreed upgrade would be a fixed IP address - never did figure out a regrade to dynamic ip. In the end I thought, if I had gone that route, it was more than likely I would be put back on CGNAT without a 'by-your-leave'. Fixed IP makes me feel happier for a small "no cost" option in this case. They agreed an upgrade to 500Mbps, fixed ip and Linksys router provided at no extra monthly cost to me. Funny thing is they sent me TWO linksys units in separate shipments. (I was also returning another linksys device they had erroneously sent me before, so the DPD driver was a bit perplexed.)

Speed issue was resolved after more phone bashing! After much discussion phone tech tried to bridge my (old) router (remotely) and that didn't help, then when he 'un-bridged' it found out he had hard-reset it and all my settings were gone. Speedily arranged visit from an "engineer" who actually phoned and asked if he could come a day early as he was "in the area". This chap was a bit more 'in the know' but spent an (inordinate) amount of time trying to solve the problem after the proverbial "This WILL fix it" ......er didn't. This included fitting a new modem (twice) and directly connecting a PC to the modem to run speed checks. (After he suggested hard resetting the Linksys modem I had spent several hours setting up )

Surprise, surprise - The fault was in the cabinet 500m away. Went away for 10 minutes, unplugged/plugged something and all was fixed. The moral is don't accept the "the fibrre optics are clean and/or check out OK". It doesn't matter if the equipment is broken. Apparently someone else was also plugged into that device, so goodness knows if they will fix their network as well.

In the end I took the Linksys router out of the system. Just seemed more trouble than it was worth having data stored at some Linksys site, faffing with mobile app(s) and not seeing much improvement in Wifi compared to my established quasi-mesh system. Also there were issues, for me, in how Linksys handled DHCP. Replaced it with an old Netgear WAC124 (of which I have a pair). The WAC124 can run 3 separate wifi radios each with 2.4+5Ghz - all highly configurable.

Currently running a comfortable 500Mbps Up and Down - makes Google drive etc a viable option now

[Gremlin]

Until we lost internet connection early Thursday morning! Just had the same 'tech' return. Apparently the NEW 'box on the wall' (modem) can be temperamental . I watched the 'fix' very carefully - slide box off mounting plate, power off, wait short period, power on, return to wall plate, give it a 'tap'. Taking care not to dislodge the cover on wall plate.He did it twice before it was working again. (much conferring with the office to make sure nothing else was wrong/disconnected/broken.) Anyone wishing to try this is ON THEIR OWN

[Gremlin]

This has become more of a blog about Gigaclear, UK. Never mind, hope it serves a purpose.

In light of recent internet failure, I looked into some sort of backup. Had to be relatively cheap and 'stand alone'. Finally (for now?) I decided to install a Netgear LM1200 4G LTE Modem. Found one on Amazon in 'as new' condition for about 10% off retail. Neat little device that allows you to set failover/operational options:

So far I have tested an old GiffGaff payg sim and that worked straight off (having selected the correct APN). I have dumped the Giffgaff acount though as it is far too expensive @10p/Mb for a temporary backup.. Waiting on 1pMobile to deliver a new SIM. (1p/Mb) If I ever decide to go mobile only I would look at a contract sim.

Anyway, that little digression brings us full circle. Mobile broadband is inevitably CGNAT

[Gremlin]

Just a bit of an update: (Gigaclear related)

Got the 1p mobile sim installed in quick order. Also obtained written confirmation from 1p that it is OK to Use a cellular modem on their circuits (Some operators don't like it for some reason). The signal via the modem is ok for email, (slow) browsing and the odd chat session. We are just in a bad signal area, so would need to take some fairly drastic steps to improve things.

The 'odd' chat is down to Gigaclear (obviously!). The line has been up and down like the proverbial. Went out again on the weekend (of course). Anyway have an 'engineer' visit booked for tomorrow (Tuesday) which I regard as something of a miracle as I only managed to get in touch with them on Sunday morning. Line was out again this morning after a brief period of connectivity and having got through early* managed to elicit response that this is a "patching issue" in the cabinet. I interpret this to mean they fixed another problem by switching my line to defective equipment.

We'll see.

*If you need to contact Gigaclear by Chat, but it say's 'Chat Is Off', scroll down the support page to the bottom and click on the 'Chat with the team' link. It has worked twice for me, as they responded. (presuming it is in their 'working hours'). Saves messing about on phone.

[Gremlin]

Again, "our regular tech friend" called ahead and came a day early for his visit. This time (after much, metaphorical, head scratching and pre-visit chat on the phone) first checked the external connection in the 'pot' in the road. Surprisingly, this was in excellent condition. [Never touched since initial install and despite being located in the gutter (single track road, grass verges) where it regularly gets driven over and rain water, debris collect.]

Then he decided that he would replace the wall mounted modem (DKT). Job done and fingers crossed. Have to comment that the led indicators on new box appear brighter than the old one.Should also comment that I switched back to my old Netgear AC2000/WAC124 router. Still not sure about the Gigaclear/Linksys provided device. Will have to give the modem a chance to prove itself "as installed" before I change anything again.

[Gremlin]

About 4 weeks now and the line has been up without any interruptions or failures. Seems pretty obvious (if only to me) that there was an issue with the modem or the Linksys router that I switched back in to the system after about 10 days. Now I still have to sort out the resulting rat's nest of cables ....