Bypassing CGNAT for GGC traffic
This post covers option to exclude CGNAT for the Google’s GGC cache traffic
CGNAT
Self hosted open source mesh VPN with IPv6 support!
A rather long title but the post is about self-hosted open-source mesh VPN with IPv6 support and works with nodes behind CGNAT!
This will be a long post documenting the concept of mesh VPN, the problem it is solving as well as a working demo. If you are not planning to deploy it right away, you can skip the post after the “Configs and setup” section.
Problem
I am running a site-to-site VPN for a long time between various servers located far away from each other. Originally these used to be on OpenVPN and later I moved to wireguard. These were not mesh but rather in a linear topology. I would have a home node here in Rohtak connected to two different servers in Mumbai over two different ISPs (via policy-based routing), those two Mumbai nodes would maintain the site-to-site VPNs with a few servers in Europe & those servers further connect to a few servers in the US. This setup ensured private network connectivity with encryption so that I can have GitLab runners spread around based on available CPU load and those runners would speak to database/storage servers securely without having to deal with encryption on per project/app basis. This also gave me basic features like running cameras are home which feeds into the Frigate instance in Mumbai for motion detection-based recording, monitoring these cameras & other device uptime using the uptime-kuma instance in Ashburn etc.
Airtel 3G running CGNAT
Yesterday I was driving and radio was pretty boring. Next, I connected cell phone to car’s stereo (I use a PT-750 to wirelessly connected my devices to car’s audio system). Next I tuned into Gaana.com app and experience was overall good. The way whole setup was working itself is a wonder - wireless profiles keeping layer 3 link (IP address of device) consistent and handovers happening on layer 1. On top of that a while world of backbone routing across AS9498 backbone the hosting provider’s network of the app. Now an interesting thing in this setup was the IP allocations. I that IP allocated by Airtel was 100.92.215.253.