On 16 September 2018 at 00:45, Chris Bennett <cpb_m...@bennettconstruction.us> wrote: > I get the same internal NAT'ed IP4 address every time, but my public IP4 > address differs over time. > > I don't like the idea at all of keeping an open ssh session going on > without having my equipment on and me nearby.
I don't think you understand how ssh works (unless you have a belief that the underlying cryptography is insecure, at which point, it's unclear how any of this is then relevant to T-Mobile US). It's irrelevant what IPv4 addresses you have, since it all has to pass through NAT on your device as well as CGNAT at the carrier level, with the state of the established connections expiring within minutes of disuse. The reason your SSH connections break is because the underlying TCP connections must be kept alive for the CGNAT to work on a keep-state basis; this can only be accomplished by either sending more packets all the time to make sure the state never expires whilst you're still using your session (e.g., the `ssh -oServerAliveInterval=240 …` and such), or by getting rid of all types of keep-state NAT and ensuring there's no stateful firewall in place (and, for this, I've already confirmed that it works just fine over T-Mobile US IPv6 with TCP connections remaining open for 1h and more, whereas the IPv4 connections indeed expire after only a few minutes due to the state-based NAT). C.
