I have a standalone proxy running and am wondering if there is a way to get unrestricted NAT running for it if my ISP enforces Carrier-grade NAT (CGNAT) and doesn’t allow opt out for residential customers? If there is a way, what would the steps be? I have an ISP router, OpenWrt router, and OPNsense firewall.
As the name “NAT type” implies, it depends of the NAT type of your carrier.
There is nothing you can do behind CGNAT.
I think with CGNAT you will not be able to get unrestricted on the snowflake proxy.
Try this test if it will be successful. You need both NAT Mapping Behavior and NAT Filtering Behavior to be : “endpoint independent”
https://github.com/pion/stun/blob/master/cmd/stun-nat-behaviour/README.md
Hope this helps. Good luck!
Not quite. Mapping needs to be endpoint-independent, but filtering can be either endpoint-independent or address-dependent for the NAT to be considered unrestricted. See this table in the Snowflake paper.
I was told that Go would first need to be installed for that tool’s installation command to work and to use it. For now I’ve just rented a VPS and run a snowflake on both my home network and the VPS.
Yes that’s correct on the snowflake paper, however on my end sometimes I have this weird experience with the stun-nat test even with the correct & permanent port forwarding settings. (My WAN IP does not change).
I execute the stun-nat test 10 times in a row and 7 of them would be both “endpoint independent” ( Mapping & Filtering) the other 3 would only say “address-dependent” only on the (Filtering)
If I get both (Mapping & Filtering)" endpoint independent" I start my snowflake proxy and get the NAT type unrestricted but when I get “address-dependent” only on (Filtering) my NAT type is restricted.
Sometimes the Raspberry-pi needs to be rebooted because of some update to the OS then I repeat the above test. This is what I’m experiencing on my Raspberry-pi snowflake proxy even to this day.
I 'm also saving the snowflake proxy logs and will submit an annual traffic by the end of the year.
Yes that is correct. You need to install GO to be able to execute the stun-nat test. Congrats and good luck on your VPS and home snowflake proxy.