VPN between offices in China

tr0910 · Jun 10, 2016

I have an office in China and my internet using dynamic IP addressing there doesn't want to allow a VPN connection into the office either with OpenVPN or PPTP into my dd-wrt router. I get no connection, and various other errors that seem to be related to no connectivity. Yet from the China office I can use my laptop to connect to another OpenVPN server in America without issue. How can I troubleshoot??

Possibly related issue
Background: My China office dd-wrt router is setup with PPOE and gets a wan IP address that is different from the actual external IP address reported from whatismyip.org, or http://ipecho.net/ Since this usually means a dual nat caused by another router in the modem, and could block VPN connectivity, I had China Telecom change out the fiber modem for another one, but still get this same 2 different WAN IP problem. They insist that the different IP problem is not from the modem. Is the 2 different WAN IP issue normal for PPOE connections in China?

Likely I am missing something very simple and completely different. This is fiber here in China, and our offices connected with fiber in the USA always have the same IP address reported to the router even if we aren't using static IP addresses.

Someone Somewhere · Jun 10, 2016

CG-NAT is increasingly common on low-cost connections. You won't be able to get any inbound connections. Your ISP does it to save costs, because then they don't need to buy as many IPv4 addresses.

See if you can get IPv6 connection. If not, you'll need to talk to your ISP about getting a globally routable IPv4 address.

tr0910 · Jun 10, 2016

AHAA, thanks...

Makes sense. Static IP addresses are available but they triple the costs of the internet here in China.

tr0910 · Jun 10, 2016

Is there a technology, or kind of address that is globally route-able without going all the way to static IP??

Someone Somewhere · Jun 10, 2016

You need to either connect in the other direction (to a connection with a public IPv4 address), have both connect to a server in the middle with a public address, or use IPv6 - but your ISP needs to support this.

tr0910 · Jun 10, 2016

Yes, I can connect in the other direction as a client to an OpenVPN server in the USA.

re IPV6, China Telecom says no.....

Is there a clean way to confirm the presence of CG NAT?

My router says my WAN IPv4 address is 100.64.xx.xx
But http://ipecho.net/ claims my IP is 219.130.xx.xx

Thanks for the pointers, much appreciated...

Someone Somewhere · Jun 10, 2016

Different internal and external IP is a very big hint. They're also suggested to use 100.64.0.0/15, but it doesn't look like they are for whatever reason.

But really, it doesn't matter much whether you're on CG-NAT or they drop all unsolicited incoming traffic; the effect is the same.

You might be able to rent a cheap-ish virtual server somewhere; I'm not sure what the going rate on those are.

No other providers with IPv6?

tr0910 · Jun 10, 2016

You are right, 100.64.xx.xx is what my router gets for an address. I've corrected the earlier post.

We've just paid for a year's worth of internet. But yes, we will be going shopping for IPv6.

tr0910 · Jun 11, 2016

Team Viewer seems to be able to break through, Skype works and BT Sync transfers slowly. I want to see if this will be reliable?

We are proceding with this for now...

A complete VPN is desirable, but not workable for now.

Thanks for the expert advice.

Someone Somewhere · Jun 12, 2016

TeamViewer and Skype both go through a central server that accepts inbound traffic - though I think Sykpe uses other uses with an open net connection to be the server.

Don't know about BT Sync.

Search

VPN between offices in China

tr0910

Commendable

Someone Somewhere

Someone Somewhere

Titan

tr0910

Commendable

tr0910

Commendable

Someone Somewhere

Titan

tr0910

Commendable

Someone Somewhere

Titan

tr0910

Commendable

tr0910

Commendable

Someone Somewhere

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page