With cgnat no Incoming connections will work including incoming vpn so the normal hub web interfaces will not work. Only connections initiated from inside your network will work.
How does the hub admin work ? Is a connection initiated and maintained Active by the hub?
Yeah it's pretty much relayed from their cloud servers.
I think you can also get through CGNAT using a Tailscale "VPN". I have not used it, but I did some reading on it after someone suggested it on here. Seemed sort of convoluted to me so I stuck to my normal VPN server on my router, but if regular VPN wont work maybe that will?
Ya i can get to the router by initializing a reverse ssl tunnel from the router. Same as tailscale does but that does mot solve getting acces to the rest of the network.
Jist looked more on there docs so thayt wont work anyway. Nothing in there docs about cgnat.
Except tailcale WILL let you get to the rest of your network if you make the node installed on your network an "exit node". That is the only remote VPN I use, and can get to every device in my network with just installing tailscale once in a VM.
But back to your original question - I'm not sure.
Yes with any regular vpn yiu can do that but they do not work over cgnat.
I know. My point is that tailscale DOES work over cgnat AND will allow you to connect with the rest of the devices on your network (without installing something on every single node) if you specify an exit node in the tailscale config.
You mentioned earlier it would not, so I was just clarifying that tailscale can do this out of the box.
That's all.
I can confirm this - TailScale works with CGNAT out of the box.
That's what I thought I had read somewhere, hence why I suggested it, thanks for confirming.
Ya did some more reading and it apparently is a customized version of watchguard. I asked them for more info but i got watchguard working in that way also but it basically takes over the entire network and relays all packets out the active vpn connection. Not Tenable ...ie.slow as molasses.
Will see what they say.
It isn't. It is a customized version of WireGuard. And in my experience is much faster than OpenVPN. There is a slight increase in latency relative to WireGuard itself. But this is very marginal.
ya i meant wireguard.. yes the vpn istself is fast, but have you tried it where you redirect your whole network through the router that is running it.. that is what i belive tailscale does with exit mode.. this slows everything down to a crawl..
I have. It is pretty damn fast.
weird no on mine.. will have to test again.. i guess it depends where you are connecting to.. mine had a outgoing limit of amount 10 meg that slowed everything down
Ah ..... that would do it.
If you only want your LAN traffic, but not internet traffic, to go through Tailscale then set your local LAN tailscale node as a subnet router, instead of an exit node. It is all in the docs.
I didn't think of mentioning that option earlier as I prefer using an exit node for privacy.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
Download the Hubitat app
