Didn't see that in the packet description. It looks like they use a static IP address but do CGNAT to many customers on that one IP address.package has a free public static IP (not CGNAT'ted... IP belongs to me)
No its included, I verified it on phone plus did a ping test, I can ping it <1ms. My package is a premium one, just under business packages, free static IP is included even in standard packages.Didn't see that in the packet description. It looks like they use a static IP address but do CGNAT to many customers on that one IP address.package has a free public static IP (not CGNAT'ted... IP belongs to me)
Your outgoing IP address to the internet then will always be the same, but with CGNAT it is not exclusive for you.
<1ms. Looks like just a local ping. Try "tracert" trace-route.did a ping test, I can ping it <1ms
Yes its "local" as I stated its assigned in the antenna/router's interface, rather I want it in my router's WAN interface.<1ms. Looks like just a local ping. Try "tracert" trace-route.did a ping test, I can ping it <1ms
If you ping from the Internet, what device is responding to the ping ?
As WISP, I can reply to you:My question is, is there anything you think of legitimate reason behind their act? It should be a simple configuration change on their antenna/router... I'm gonna insist they do it but created this thread to gather information.
Antenna which they installed is a mikrotik router and I have mikrotik hap AC2. I dont want double nat, I want a single router in the network and thats my router.It could be that not all routers are flexible enough, so delivering single public IP address to them could mean wasting other three (for /30 subnet, which is standard and compatible with everything, but who can afford that nowadays). There are other ways like routing the address to private one (as mentioned by @rextended) or using point to point /32, but if customer has some simple home router, it may not be able to use that. Or there's PPPoE, but it's yet another things that ISP may not want to introduce into their network. So maybe NAT won as one common solution that works for everyone (if they don't really need the address on their router, that's the downside).
OP in his original post expressed frustration over double NAT. I don't know if the frustration is more or less philosophical or he actually encountered any problems because of that (e.g. increased delay as he's into gaming according to the gist of hist post or poorly/wrongly done double NAT). But if it's either the philosophical or added delay problem, then having VPN won't help much (in case of added delay it would probably even get worse). But then, he being customer of WISP, the delay introduced because of wireless hops likely largely exceeds whatever delay caused by a half-decent NAT device. So I don't think the problem is actually a real one.Set up a VPN connection and policy based routing (if you don't want all traffic always going across the VPN), that way you can have your own public IP address at the VPN's data center, piped directly to your router
Yesterday it was working.. now it gives error page. Sorry, I will upload on another site today.Both png:
You don't have permission to access /s12/1/1/G1656956126138986_x.png on this server.
This is a relatively good alternative but then I have to pay for it (extra), plus as you said it will introduce latency and speed loss maybe. I honestly think removing double NAT on WISP side is less work than this...If you absolutely must have an open connection, VPN does solve that problem because you will get the public IP address that is assigned to you by the VPN provider (assuming they give you one) and all connection traffic arrives at their DC location and tunnels to your router. For all intents and purposes your actual internet connection is invisible to the traffic. It will not double NAT
As I stated above, they give public static IP for free even on their standard packages. Problem is, my public IP is assigned on the router/antennas interface, not on my router. I opened this thread to gather information from other WISP operators to get knowledge on why they are refusing to do it because they didn't tell me why, plus I may get them on this thread later on.Yes it will cost you slightly
On the other hand you are asking the ISP to use one of their public IP addresses (which costs money) solely for you, and potentially set up additional routing just for you, for free
I changed my previous WISP due to that .. this WISP has its own.. but just my luck.And if its a case of your ISP being a reseller of another WISP's network,
Both png:
You don't have permission to access /s12/1/1/G1656956126138986_x.png on this server.
lol I'm aware of that. so does this configuration look hopeless in your point of view? I mean antenna has the public IP, what would my tracert look like if they put in the bridge mode? will I see the public IP's gateway or would it require network change on their end?Missing only 100.64.x.x for Poker... all 4 "private" pool addresses...
First link is about use case where ISP delivers internet via PPPoE ... and PPPoE can be terminated either on CPE or customer's own router. This works because PPPoE is entirely different protocol (a point-to-point tunnel) and IP address, associated with local tunnel endpoint can move according to tunnel termination point. So when CPE is configured as bridge, it mostly means that CPE itself doesn'tt start PPPoE session/tunnel, instead simply passes PPPoE packets between its WAN interface and its LAN interface. According to your vague description this case doesn't seem to apply to your setup. And, if you're concerned about latencies, PPPoE adds some latency just the same as any other tunneling would do (IPsec, Wireguard, ...).1) https://mum.mikrotik.com/presentations/ ... leeman.pdf Page: 51
2) https://community.ui.com/questions/Feat ... 747c000711 Some user is requesting for disabling NAT option to eliminate double NAT.
I understood the second approach. But in the first approach, can't I handle the PPPoE with my mikrotik router if they put CPE in bridge mode? Why doesn't it apply to my case?First link is about use case where ISP delivers internet via PPPoE ... and PPPoE can be terminated either on CPE or customer's own router. This works because PPPoE is entirely different protocol (a point-to-point tunnel) and IP address, associated with local tunnel endpoint can move according to tunnel termination point. So when CPE is configured as bridge, it mostly means that CPE itself doesn'tt start PPPoE session/tunnel, instead simply passes PPPoE packets between its WAN interface and its LAN interface. According to your vague description this case doesn't seem to apply to your setup. And, if you're concerned about latencies, PPPoE adds some latency just the same as any other tunneling would do (IPsec, Wireguard, ...).1) https://mum.mikrotik.com/presentations/ ... leeman.pdf Page: 51
2) https://community.ui.com/questions/Feat ... 747c000711 Some user is requesting for disabling NAT option to eliminate double NAT.
The second link is (in theory) usable in your case as it seems that your WISP uses all-IP network. However, if you disable NAT on your router, WISP will have to configure routing for IP address space of your LAN all the way between your CPE and their NAT router. Additional potential problem is if your LAN address space overlaps with another subnet address space (either of another customer like you or even WISP's own subnet) which makes it impossible for routing to decide which LAN should be target of packet with dst-adddress set to one of "problematic" addresses.
My impression is that the user asking for ability to disable NAT has also the upstream NAT device under his control (as well as the routing between), so disabling NAT in this case is a very feasible option indeed.
Perhaps I missed it, but I don't recall you mentioning PPPoE as being part of your internet access setup? Quite a few (W)ISPs run their networks without using PPPoE so the recipe is far from being universal.I understood the second approach. But in the first approach, can't I handle the PPPoE with my mikrotik router if they put CPE in bridge mode? Why doesn't it apply to my case?
Hey, I'm aware of that, didn't want to imply anything there but just stating that my current WISP *at least* uses very few routes than others, that's all.Seeing multiple private IP's means nothing whatsoever, it does not imply there's multiple layers of NAT going on