Hello everyone,
I installed a 4G router in my secondary residence with an SFR subscription. I want to access my local servers (Gladys+, IP cameras, etc.) from the outside.
With the double NAT of 4G routers, it is not possible to do port forwarding directly.
The permanent solution (but not simple for me) is to go through a VPN and a VPS, for the moment, I have not succeeded and I have been struggling for some time!
I took a subscription with PrivateVPN and IONOS for the VPS, and my router is a Huawei 818.
Also, I am appealing to the Gladys community, if someone has network administration skills (and time to devote to me) I would be grateful.
Good evening.
jp@
I don’t have great networking skills, but indeed the issue with a 4G box is that you don’t have a fixed IP.
What I use at home: OpenMPTCProuter
Which can be used to aggregate internet accesses (ADSL / Fiber / 4G / …). At home, I installed it on a Raspberry Pi, and the service runs on an OVH VPS.
That way I can easily access my network from the outside 
If you prefer, you can use a dynamic DNS (dynDNS), where your local computer updates the IP on the DNS server.
Thanks @guim31 I tried this solution with OpenMPTCP which is indeed easy to implement, but I can’t do any aggregation as I only have one box and the installation on the RPI fails, (I couldn’t access the OpenMPTCP router at 192.168.100.1 to configure it). In your opinion, is the configuration possible with just the 4G box? Is this your case?
Thanks for your reply.
jp@
Thanks @AlexTrovato I do have dynDNS and I’ve tried this solution as well, but since the IP is shared with 4G routers, it seems it’s not possible, at least with SFR. Even if it worked, I couldn’t open ports directly on my router. Maybe I didn’t understand everything?
Yes, it’s quite possible, I started using this system with only my 4G box to have a fixed IP (as I host services on my NAS).
Aren’t you using Gladys Plus? I see that you’re a contributor
@pierre-gilles Hi PG, for now, no. I used it before (V3), but currently, I’m working on another project that has nothing to do with Gladys, but I do intend to get back to it soon. I’m just contributing financially for now. In any case, congratulations to the whole team, you’re doing a great job!
Ok! But for remote access, you have access to Gladys Plus since you contribute (plus.gladysassistant.com), and this gives you access to your home automation from anywhere without having to configure a VPN, open ports, or anything You’ll be able to see your cameras, your devices, etc..
Thanks for your contribution anyway!
Yes, I agree with Gladys+ and the IPCam, but I have a personal application running as a WebSocket client/server on an ESP32 and Nginx for real-time data + a Node-RED application on a Raspberry Pi for the graphics.
That’s why I was looking into a VPN, but there might be other solutions?
Well in that case you need to create your tunnel between your device (rpi) and your vps, then on the vps you need to set up a proxy (traefik or nginx) to access remotely from the vps’s IP.
Thanks @VonOx that’s exactly what I’m having trouble with, because I think I need to work with iptables on my vps and I must admit I’m a bit lost, or does the proxy exempt me from that?
Iptable isn’t meant (for) that and it’s the bearded method 
.
If I take up your problem and need.
You have a 4G box without Nat management and no fixed IP.
You need to access monitoring.
What I would do in your place, I store the data on the VPS, the rpi esp32 etc connect directly to the VPS.
Thanks @VonOx I’m thinking about your solution, stay tuned …
@VonOx You’ve summed up the situation well, and in this case, I can for example transfer my data with MQTT but my system is client/server, I need to be able to intervene from the outside (for example, to vary the rotation speed of a motor)
Everything works very well if I install my system in my main residence, where I have a (normal) box with a fixed IP: I use websocket (client/server) to interface the ESP32 code with my WEB page and with my node-red server.
Initially, I will try again the solution of @guim31 OpenMPTCP which had not worked for me, otherwise I will turn to your first solution, but I don’t feel able to do it alone!
Hi @jparbel,
I had the same issue as you and to solve it I had:
- Rented a small vps on scaleway ~2€/month
- Set up a Wireguard VPN between a VM at my place and the scaleway
- Installed the shorewall firewall on the scaleway
- DNAT rule on the scaleway to send this and that to my network
The Wireguard + Shorewall configuration isn’t too complex, I even saw recently that you can do geoip 
If you need a little help don’t hesitate 