Has anyone established tunnels over SpaceX's Starlink Internet service?
I recently transitioned to Starlink and static IPs are not availible.
Hank K1DOS
I recently transitioned to Starlink and static IPs are not availible.
Hank K1DOS
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
Good luck and let us know how it works out.
"...DDNS does not work if you are connected with Starlink because Starlink uses CGNAT. To unravel the acronyms, the purpose of dynamic DNS is to provide a URL which will always map to your external IP address even if your ISP changes your IP address from time to time as most do. With CGNAT (Carrier Grade Network Address Translation), you never have a unique external IP address. Your network is inside a larger Starlink network which has an external IP address you share with others. Cell phones work much the same way for data. Anyway, when something shows up at the top router of the Starlink network which is NOT a response to something sent from inside the network, that router doesn't know whom it is for so just throws it away..."
I think it is kinda like starlink is akin to using your neighbor's Wi-Fi to access the internet.
You cannot configure your neighbors router to port-forward 5525 to your tunnel server.
You cannot configure Starlink's router to port-forward port 5525 to your dynamic IP address.
Starlink will drop any packets addressed to you that were not 1st established as coming from your home-network.
You can request a web page from an external server:80 from your web browser:1025
When the page returns, Starlink knows that the remote web servers returning packet to your web browser:1025
was already established and related.
Clear as mud, eh?
73, Chuck
I am using a tunnel over Starlink. It sometimes works for several days, sometimes several hours.
Then it disconnects and will not reconnect. Rebooting the tunnel client sometimes gets it working again,
mostly not. I think perhaps when the tunnel server is rebooted then it comes back up.
Given that I've only had Starlink for a couple weeks, the causes are really not understood yet. I am
still troubleshooting.
I am running Tailscale in a docker container on a server attached to my 192.168.1.0/24 network. That
seems to work fine and allows me to VPN into my home network through Starlink. Tailscale is setup not
to advertise the 10.x.x.x/29 AREDN network to the VPN, just the 192.168.1.0/24 network and
192.168.100.1/32 (the Starlink web interface).
In limited testing that container is the only thing I can find that might be killing the tunnel. When it is
not running the tunnel seems to be stable (or maybe more stable).
All three or four times the tunnel crashed the Tailscale docker container was running. There's
not enough information yet to correlate this to the problem - it could be something else entirely. The
next step will probably be to install 3.22.6 release once our local AREDN network does some testing
and see if tunnel stability improves.
-- Tom, N5EG
There are a few of us here in Northern Virginia and Western Maryland that also have Starlink and will be wanting to do the same thing.
-Damon (K9CQB)
The advertisement of the client tunnel endpoint through the VPN was (manually) removed from the Tailscale configuration.
This seems to have stabilized the tunnel client through Starlink. It has been working for ~1 week without dropping (ver 3.22.1).
Then updating the node firmware to 3.22.6 it has been stable (about 5 days so far).
Thus, the tunnel client seems to work well through Starlink.
- Tom, N5EG
So, you would need a very expensive Starlink Business terminal somewhere in your network, but it seems like a promising capability.
-Damon (K9CQB)
Aredn offers many possibilities, but one of it's potential fail points is in the tunneling of nodes using terrestrial based internet services. When the hurricanes, ice storms or tornados strike; the power and internet goes out when the local terrestrial infrastructure becomes damaged. I know something about this, experiencing the 320 Kph Cat 5+ winds of Hurricane Patricia. A local hotel lost it's roof...and my breezeway was in the neighbours yard.
Starlink however, is 100% independent of the local terrestrial infrastructure. To that end, my Starlink now runs on Solar power, 12V DC 24/7. In this mode, the Ver2 (rectangular dish) with a third party TP Link router (Archer C80) consumes only 35 watts, while delivering over 200 Mbps throughput.... what's not to like? There is plenty of info on the net on how to do the mod, some commercial kits are out, and it's neither difficult to do nor expensive. "Just follow the instructions".
In a sense this is a proof of concept project...
So you can see where I am going with this, an Aredn node that is 100% independent of the local infrastructure that exists in a small Mexican pueblo, 225km south of Puerto Vallarta. I want to client tunnel via Starlink to a host near Nanaimo on Central Vancouver Island.
The possibilities here are significant.
I have a GL iNet 300M-Ext flashed with the latest Aredn firmware, and a modicum of networking experience, but if someone has done this successfully, in particular the process of interfacing the 300M to the net I would appreciate... step-by-step info would be helpful.. I have a third party configurable router.. by the way the the Starlink router is useless, you can't do anything with it... and it now sits in a cupboard.
Edit: if anyone has managed to do a host/server using a Starlink... that information would be highly useful... eg, do you need a VPN, or what ports to forward..UDP..TCP?... and how do you manage DHCP and the CGNat IPv4 that Starlink uses? Me thinks they sure as heck are not going to be offering up static IPV4 address to the unwashed masses... s'pose maybe if you paid big bucks.
Richard VA7AA Jalisco Mexico
To run as the server end would be more involved - likely quite a bit since you don't get a real public IP.
https://community.cloudflare.com/t/starlink-cctv-monitoring/488700
.... most of the discussion on here has been about running an AREDN server on Starlink... that's not my problem, rather I am a wannabe client with a GL-iNet 300M-EXT, am located in Mexico, use Starlink and I want to tunnel to a host server in Canada... tried most tricks but so far... no go. It appears port forwarding 5525 on Starlinks' CGNAT IP addressing is the issue... any workarounds?
One person mentioned they kinda got things going... what was the magic? How would you implement Tailscale if that is one option.. you need something to put on a router or on the device itself.
Richard
VA7AA
Setup: The "Starlink router" is in bypass mode and I have the Ethernet port adapter installed on the Starlink cable. I substituted a Mikrotik hAPac2 router running Mikrotik RouterOS firmware for the Starlink router The hAPac2 has port 5525 forwarded to a hAPac Lite running Aredn FW. The hAP ac Lite has its DHCP formatted "static" as shown in an attached image. A laptop computer, connected into a LAN port of the Aredn hAP, can see both the hAPac2 and the AC Lite as well as the Aredn node at the client end of the tunel. The client node is attached via commercial (TDS) internet. A lot of the details can be seen in the attached setup drawing.
Lee
kf7yrs