Running nodes getting past ISP CGNAT (ISP shared IPv4) by using VPN?

As the title says I have been trying to get past ISP CGNAT (ISP shared IPv4) by using a VPN from home. I have managed to connect nodes to the network and keep them coonected, but the nodes did not earn anything so don’t know if it is fully working.

Has anyone had succes running nodes from home with VPN, getting past a router to a VPN provider and that the VPN tunnel bypasses the CGNAT shared IPv4 problem?

Second question, tried to port forward the router and specified port range when launched nodes, but if the nodes goes through the VPN tunnel, is port forwarding needed? Tried to ask ChatGPT and got this answer.

“If the VPN client is configured to allow incoming connections from external sources and forward them to your local machine through the VPN tunnel, you may not need to manually open ports on your router. In this case, the VPN client acts as an intermediary, forwarding incoming connections from external sources to your local machine through the VPN tunnel.”

Is going through a VPN from home worth trying to get past ISP CGNAT or would it be better to ask ISP for a public IPv4 address or switching ISP provider to one which only hand out public Ipv4 IP’s.

1 Like

Tried now just running a node without specifying port or using the hole punch command.

The node is getting PUT’s and GET’s, when looking at the logs it gives some warnings about probably being behind a NAT because limited incoming connections or similar.

So now going to try the hole punch command when starting the node and see if that makes a difference.


Now when running the command for holepunching.

safenode --home-network --peer /ip4/

I still get warnings that the node is reported for probably being behind a NAT because limited incoming connections.

When reading about port forwarding on exmaple Nord VPN it seems that it is possible but also that they don’t support port forwarding. Makes me wonder if there are limitations on connections on the VPN service provider side. But just thinking out loud.

Proton VPN seems to be fine with port forwarding.

Seems you can port forward the VPN on 1 port by choosing a port in the .conf file, wonder if that would help connections port by port forward the VPN.

Correction because could not read the full error message in Vdash, forgot to expand the window, the exact error warning is.

“WARN sn_networking::event] Node reported as being behind NAT for not having enough incoming connections. This can be a false positive. Do nothing.”

So maybe everything is fine? Wonder what happens if starts like 10-20 nodes. Wonder if the error warning will effects the performance or not?

@Shu You had some problems with maximum incoming connections with your ISP, do you think that my problem could be similar?
That the VPN provider limits numbers of incoming connections?

I get a feeling from some reading that the VPN provider limits simultaneous incoming connections.

Possible solution might be to setup your own VPS on a cloud machine but I don’t know if I will be able too figure it out or that the cost will be high.

Cost is low just get a vps and you can set up wiregard:)

1 Like

You might be right, read now that Oracle has a free tier with like 20TB limit. If my little brain can follow the guide on setting it up then problems might be solved, also maybe avoiding possible ISP incoming simultaneous peer connection problem. Found these links.

I have an oracle free tier and have wiregard and shadow socks on it. It works a charm I think it is 10tb per month data cap

1 Like

That sounds nice, that also gives so I can trust trying to use the free tier.

Shadow socks, what is that? 10tb/month feels like it should be enough for nodes? Do you think simultaneous peer connections won’t be problem when running VPS on Oracle? I fried my brain, need to rest, be back tomorrow, thanks for the replies.

1 Like

It’s fine for running nodes shadow socks and wiregard never had an issue :slight_smile:

1 Like

I don’t use the --peer option in safenode-manager and I’d suggest safenode-manager is a great option. Easy to use and add more nodes and can query status and balance

safenode-manager add --count 1 --home-network

Node for earnings, it can take a while to see anything, especially if not in the timezones of the big uploaders in USA It took hours for any of my nodes to actually earn anything, and slightly less to even give a quote. But I am in the future and it often takes time for people to catch up, translated my timezone has me awake long before most people and thus uploading is scarce early on.

hole punching should not be overly concerned by the ISP CGNAT just like a vpn isn’t concerned since its your node that reaches out in the first place and ongoing. @Josh even had a node on a phone which has worse IP address hopping and then still worked when it switched to his WiFi


This topic was automatically closed after 60 days. New replies are no longer allowed.