On 16 September 2018 at 00:45, Chris Bennett
<cpb_m...@bennettconstruction.us> wrote:
> I get the same internal NAT'ed IP4 address every time, but my public IP4
> address differs over time.
>
> I don't like the idea at all of keeping an open ssh session going on
> without having my equipment on and me nearby.

I don't think you understand how ssh works (unless you have a belief
that the underlying cryptography is insecure, at which point, it's
unclear how any of this is then relevant to T-Mobile US).

It's irrelevant what IPv4 addresses you have, since it all has to pass
through NAT on your device as well as CGNAT at the carrier level, with
the state of the established connections expiring within minutes of
disuse.

The reason your SSH connections break is because the underlying TCP
connections must be kept alive for the CGNAT to work on a keep-state
basis; this can only be accomplished by either sending more packets
all the time to make sure the state never expires whilst you're still
using your session (e.g., the `ssh -oServerAliveInterval=240 …` and
such), or by getting rid of all types of keep-state NAT and ensuring
there's no stateful firewall in place (and, for this, I've already
confirmed that it works just fine over T-Mobile US IPv6 with TCP
connections remaining open for 1h and more, whereas the IPv4
connections indeed expire after only a few minutes due to the
state-based NAT).

C.

Reply via email to