Access to Syncloud server behind CGNAT IP address

I am using StarLink. What I found is that StarLink provides CGNAT IP address and not public IP address. From my research appears that more and more ISPs are going this route due to the limited availability of IPv4 addresses and not wide enough adoption of IPv6. My question is can Syncloud handle this situation and how? I would assume, I am not the first and only one who is in such situation.

What is a recommended solution? I have found so far couple of suggested approaches: using VPS with public IP, or VPN service that can provide public IP. What are your thoughts on those approaches? Is there a better solution for Syncloud? I noticed now Syncloud provides OpenVPN app. Could the VPN app be used to create a tunnel to the Syncloud server and be used to bypass the CGNAT IP issue? If so, is there a How To on configuring Syncloud with OpenVPN app for such purpose?

Thank you very much for your help and guidance.

Tailscale worked for me.

The lack of ipv6 on Starlink is really frustrating and I had to switch back to old school broadband because of that. I hope it will come eventually :frowning:

@janseta if you have done something like this could you share a bit more details on high level procedure?

@janseta please share some more details on what did you do. How are you using Tailscale?

Thanks a lot!

My advise is:
1 - make a gmail account specially and only for sigin in tailscale.
For example:
2- Get in Tailscale and make an account using that gmail account.
3 - Install Tailscale in raspberry
4 - install Taiscale in Windows, android devices, mac, etc

You can find many tutorials about installing Tailscale.
This is one, well explained:

and this is another:

Thanks a lot @janseta! These are nice guides. I will try to implement Tailscale in my case and will report here my achievements and findings.

Hi @boris, I am still struggling to bypass the CGNAT but meanwhile seems StarLink started assigning IPv6 address along the IPv4 CGNAT address. I see now my Router shows this IPv6 address: 2605:59c8:400:5cc8:4262:31ff:fe08:5b1b/64 as assigned through DHCPv6 by the provider (StarLink).

I do not know enough about IPv6 yet. Is that a good, legitimate IPv6 address that could be used for accessing my Syncloud server? If so, could you point me to a Wiki or provide some guidance how to setup my Router (OPNSense) and Syncloud server to work with IPv6. I am not sure if this IPv6 address would be changing regularly over time as the IPv4 Dynamic addresses do or it is more like a static address? Any help and guidance in this direction will be greatly appreciated.

Thanks a lot

Great, ipv6 is always static public ip and you usually get a range of them for you to use.
Try to enable ipv6 support on your router if it is not already enabled, you can google opnsense (I never used it myself). Then check Syncloud - Settings - Network if you have ipv6 address there. Also enable external access Settings - Access and check ipv6 only.

If not secret which country are you from? Last time I checked In UK starlink was not giving ipv6.

Thanks @Boris! I am in USA and noticed the IPv6 address just a few days ago. Before I was getting only something called “IPv6 link-local” address but not the actual “IPv6 address”. It must be a new thing and I have not heard anything official, just see it in my router info. Not sure even if it is officially supported yet. This is why I asked if it looks legitimate. :slight_smile:

On the configuration side of things. Do I still have to configure the Router to forward the port 443 to the Syncloud server? Is the concept of ports same in IPv6 as in IPv4? I guess also need to configure the local Router DHCPv6 to assign IPv6 address to the Syncloud server, right? Anything else that I need to take care in regard to the IPv6 beyond what you already mentioned above?

I hope, I will be able to play with that over the weekend and will report here any results and findings.

Thank a lot for your help!

Nothing special on device as long as router assigns ipv6 to Syncloud device it should be enough.

But again I do not have ipv6 to test right now, but last time I had everyhting was working ok. I think many users actually have ipv6.

Hi @boris, I think I have a break through but still some issues.

  1. After a lot of fiddling and reading on internet I think I managed to get the router configured sufficiently to access the Syncloud device over IPv6. Now I can ‘ping -6’ it and access the syncloud home page using the IPv6 address from my own network as well as from outside over Internet.
  2. I was able to successfully set the Syncloud access to IPv6 only.
  3. Here come the issues. Seems something is still not quite right with the name resolution or the activation. I did re-activate my device two times and after reactivation the browser that I used for the reactivation seems to have access to the device and the Nextcloud but no any other browser or device. Neither my Nextcloud app on my phone nor the Nextcloud desktop app, nor other browsers. Also, seems after some time the browser that have had the access looses it too.

When I try to access Nextcloud in another browser I get: NET::ERR_CERT_COMMON_NAME_INVALID and then if I say ignore the error and continue I get: “404 page not found”.

Then I tried to “ping -6” the names and this is what I get:

$ ping -6
ping: Address family for hostname not supported


$ ping -6
PING (2600:1f14:a96:4d03:ef04:d13c:7344:26bf)) 56 data bytes

The IPv6 “2600:1f14:a96:4d03:ef04:d13c:7344:26bf” that the nextcloud name seems to get resolved to is not my Syncloud device IPv6 address.

Not sure, what all that means but seems to me the name resolution does not work correctly in my case.

Do you or anybody else who uses IPv6 have any advise on what may be wrong? BTW I have had no access to my Syncloud for several months now. Wonder if some information got stale over that time? Please, let me know if you need logs or any other information.

Thanks a lot!

this is actually itself ip.

for your domain you have no v4 no v6 address, did you save external access with ip v6 only enabled?
Can you try saving again to see if there is no error?

If it is not clear send logs from Settings - Support so I can check.

Thanks @boris for the reply. When I turn off IPv4 support and select only IPv6 support under Settings–>Access there is no toggles or anything else to select/enable external access. How should I enable external access for IPv6 only?

I just tried to send logs. Not sure if it worked. I got Error message but hope they went through. Please let me know if you got my logs. If not, I will try to send them again.

Thanks for your help!

I’ve got your logs, they are a bit not clear the only error is about sending logs :slight_smile:

Did you get any error saving ipv6 access? can you show me the screen before you save it?
Can you also show the screen of error message when you get it either from saving the access or from sending logs please?

I think I found the problem, let me do a quick test

Just pushed the fix which allowed your ipv6 dns to update, could you check if you can access your device by name now from ipv6 enabled network of cause?

Hi @boris, the access to the Syncloud device and Nextcloud appears to work now. Yahoo!!!

Thanks a lot! After so many months I have again access to my server. Wow! That’s exciting :slight_smile: