Overcoming double nat (ISP)

[o0Speaker0o]

My ISP has me behind a double NAT (its a 4g wireless modem remote- they wont offer static address or anything)
I was overcoming this by using a VPN server. My web server pc ran openvpn client, and server has port 8080 forwarded through the tunnel to the PC
I could access the external IP of the server, and it would forward the request through the tunnel and I would get my data.

NOW I'd like to do this with my router. I am able to connect the router to the VPN server. on the router, Do I forward the port 8080 to the inernal IP of the webserver, or would I have to set up routes?
my head starts spinning when I try to think of it.

 

[o0Speaker0o]

Found the answer
ssh into the router and add the routing in iptables like:

iptables -t nat -A PREROUTING -i tun+ -p udp --dport 8080 -j DNAT --to-destination 192.168.1.2

 

[o0Speaker0o]

Now for the next step.
How do I make this persistent??
I have to log in and enter this after each reboot.

 

[eibgrad]

The short answer is, follow the link below to learn how to make a NAT rule persistent.

Connecting NVR behind VPN Server

Hello Running Merlin with AC-88U and openVPN server. I have a NVR on my network which I toggled 'block internet access' in the client list to avoid unwanted comm out. I can connect/access the NVR from within my internal network, but when I try to access it VPN'd to my network from the outside...

www.snbforums.com

The long answer is, I assume what's going on here is that your ISP does NOT provide you w/ a public IP (NOT that you are double NAT'd; you may be, but that's irrelevant), so you established an OpenVPN server on some VPS (e.g., digitalocean.com) and are tunneling back into your home network from the server side.

Well if that's the case, you shouldn't have to port forward at all. Just establish another OpenVPN client on the internet side of the WAN to the same OpenVPN server. As long as you've configured that OpenVPN server to route your home network through the tunnel, that's all that's necessary to have all references to your home network automatically routed through the tunnel! There's no need for port forwarding on a case by case basis. That's a maintenance headache.

Only reason for port forwarding would be if the OpenVPN server was NOT your own server, but perhaps a commercial OpenVPN provider who offers port forwarding from their side of the tunnel. So you end up port forwarding twice; once w/ the OpenVPN provider, and secondarily w/ the OpenVPN client at home running on the router.

But you were too vague in your description for me to know which of those two scenarios applies.

 

[o0Speaker0o]

thanks.
That's great info. Your assumptions were correct. everything worked well while I just used the VPN client on my machine I wanted connected, but having the VPN on the router seemed.... cool.. so I tried it. Makes it easier, because I can assign certain traffic to different devices, then I hit the "it stopped working when I rebooted the router".
Before I found this site, getting help on the internet is very inconsistent on issues like this.
You've given me stuff to research and try.
I may be back for more help later