you don't, you set up a really small system at the site which can run openvpn. In Linux terminology it would have three interfaces, eth0 (private IP space hardwired to your serial console/core router/POP management equipment), the LTE network interface, and tun0. Have it initiate, from inside the cellular carrier's NAT, an openvpn connection to a server you control on a static IP somewhere. tun0 would have a static IP in private IP range used by just the openvpn server and client. When you get to get into the OOB you SSH through your openvpn server to reach the client machine.
On Wed, Jan 31, 2018 at 4:25 PM, TJ Trout <t...@voltbb.com> wrote: > same as twilio which we use, problem is all LTE is NAT, how do i login to > a device behind nat when I cannot force the carrier to give me a port > forward? > > On Wed, Jan 31, 2018 at 4:16 PM, Lewis Bergman <lewis.berg...@gmail.com> > wrote: > >> Hologram network and set up their site to do it for you. Pretty slick. I >> also like that is really cheap if you don't use it. As a warning, don't let >> the MT put a default route in for it or you will pay huge if your primary >> goes down. Otherwise it is so close to free it is crazy. >> >> On Wed, Jan 31, 2018 at 2:30 PM TJ Trout <t...@voltbb.com> wrote: >> >>> Never, but it's not a bad idea to have out of band management? I can get >>> the LTE service for $2 a month + data used (ssh data = zero) >>> >>> TJ >>> >>> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett <af...@zirkel.us> wrote: >>> >>>> Um how often are you loosing contact with your sites to necessitate >>>> this LTE backdoor? >>>> >>>> Seems like a lot of overkill to make routing changes??? >>>> >>>> Am I missing something? >>>> >>>> -sean >>>> >>>> >>>> >>>> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout <t...@voltbb.com> wrote: >>>> >>>>> Does anyone want to trade a PPTP connection (prefer you are >>>>> multihomed) for the purpose of getting through LTE NAT? AKA I assign you a >>>>> PPTP account with a static IPV4 and you do the same, so that if either of >>>>> our networks go down we can use the others to tunnel back thru LTE to >>>>> preform OOBM functions? We can shape @ 1mbps? >>>>> >>>>> This is a simple was around paying high fees for a static IP from the >>>>> wireless carriers that even offer it... >>>>> >>>>> I don't really want to subscribe to some russian vpn service if I >>>>> don't have to, or pay some cloud based OOBM company which will both cost >>>>> way big$$$ >>>>> >>>>> TJ >>>>> >>>>> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett <dmmoff...@gmail.com> >>>>> wrote: >>>>> >>>>>> You can use PPTP through NAT on LTE. You can assign a static private >>>>>> IP to both ends of that tunnel. >>>>>> If PPTP won't pass something you need, you can run an EoIP tunnel >>>>>> using the PPTP IP's as the endpoints of the EoIP tunnel. You end up >>>>>> with a >>>>>> tunnel inside of a tunnel. It'll have a lowish real MTU, but you can >>>>>> pass >>>>>> 1500 bytes within the EoIP tunnel and it'll just be fragmented. >>>>>> >>>>>> >>>>>> ------ Original Message ------ >>>>>> From: "TJ Trout" <t...@voltbb.com> >>>>>> To: af@afmug.com >>>>>> Sent: 1/31/2018 12:51:40 PM >>>>>> Subject: [AFMUG] OOBE mikrotik >>>>>> >>>>>> I was wanting to add out of band management via LTE to some of our >>>>>> core routers, but I think most/all cellular networks are NAT now so you >>>>>> cannot access your LTE devices inbound unless you have it tunnel out to a >>>>>> public ip over VPN somewhere right? >>>>>> >>>>>> How is everyone handling OOBE? >>>>>> >>>>>> I'm half tempted to do it via VHF low throughput radios! >>>>>> >>>>>> TJ >>>>>> >>>>>> >>>>> >>> >
