Error with LetsEncrypt

ā„¹ļø Support šŸ“¦ Appliances (Docker, Snappy, VM, NCP, AIO)
,
21

You are behind CGNAT (Carier Grade NAT) which means, your ISP are not providing you with public routable IP address and therfore port forwarding is not possible unfortunatly.

22

Hello, @bb77 .

Iā€™m not sure.
I just saw that my routerā€™s admin console is showing one ip address: 100.100.201.146
whereas, the DuckDNS console is showing a different IP address: 147.236.146.216.

When I check https://whatismyipaddress.com/ I see a IP address: 147.236.146.216 (same as shows on DuckDNS).

Screen Shot 2021-05-11 at 14.48.02
Screen Shot 2021-05-11 at 14.48.021552Ɨ692 82.5 KB

23

Unfortunatly I am pretty sure.

https://en.wikipedia.org/wiki/Reserved_IP_addresses

100.64.0.0/10 100.64.0.0ā€“100.127.255.255 4194304 Private network Shared address space[5] for communications between a service provider and its subscribers when using a carrier-grade NAT.

24

What does this mean?
Is there anything I can do to fix it?
Maybe contact my ISP?

25

That would be the easiest solution if they would do that. IPv4 addresses are scarce nowadays, so you often need a good reason to get a public IPv4. But itā€™s definitely worth a tryā€¦

26

Other options are discussed starting here and below: Accessing nextcloud from anywhere - #39 by Johnscaban

1 Like
27

Thank you, @bb77 and @szaimen :pray: :pray:
I will check with my ISP if I they can allocate me with a public IP or a static IP to test if that solves the problem.
Iā€™ll let you know if that solves the issue.

2 Likes
28

@bb77 @szaimen
Is it possible to configure NextcloudPi to use an IPv6 address instead of the IPv4?
Maybe that could solve the problem without me having to pay my ISP for static IP.

29

A dynamic public ipv4 address isnā€™t something they can offer for free?

1 Like
30

Yes, at least partially if all parts involved support IPv6 correctly.

In general, if your server only has an IPv6 address, you can only access it from infrastructures that fully support IPv6. Unfortunately there are still many mobile providers, but also public Wi-Fi networks, hotel Wi-Fi networks, corporate networks etcā€¦ that do not really support IPv6 yet. It is certainly better than nothing, but it depends a lot on how you want to use your Nextcloud and especially from where you want to access it, how good it will work out for you.

This!

Ask explicitly for a dynamic public IPv4 address. If they are reluctant, say you have some alarm system or some other mandatory thing, for which you need to do port forwarding in order to reach it from outside. This is said to have worked with some providers, at least thatā€™s what Iā€™ve heard :wink:

31

When I talked to my ISPā€™s tech support representative, he said their system donā€™t support dynamic public IPā€™s for cable based connections, due to limitations of their system.
However, he said, they can offer dynamic public IP when using ADSL based connections.

I will try them again tomorrow giving the alarm system excuse. Maybe it will stir them to give a different answer.

32

Sorry for the question, but is there a tutorial explaining how to configure NextcloudPi to work with IPv6?
I could not find such a tutorial on neither NextcloudPi documentation page or the Nextcloud documentation page.

33

I donā€™t think itā€™s technically impossible. My cable provider also only gives out DS Lite, i.e. IPv4 only via CGNAT to its customers. But when I set the router into bridge mode, I still get a public IPv4 address, which is ok for me, because I want to use my own router anyway. But itā€™s of course possible, that they indeed only have a few IPv4 addresses left and of course they want to sell them or use them for their business customers. It might be worthwhile to google and see what other providers in your region offer. If there is a lot of competition in your region the chances are higher that something can be done. In any case, I wouldnā€™t give up after the first try. Good luck.

I have to admit that I havenā€™t really dealt with IPv6 in detail so far. Unfortunately, I canā€™t really help you there

1 Like
34

Very well. I will give it another chance with my ISP tomorrow.
I really appreciate your help :pray:

35

Iā€™ve been playing around with my DuckDNS configuration.
After adding my IPv6 to my DuckDNS domain on DuckDNSā€™s website, I am now able to log into Nextcloudpi using my DuckDNS domain URL on my internal wifi network.
I still cant open the domain from an external network, but I guess itā€™s a small step forward.

Anyone knows if using DDclient directly on my Raspberry Pi could solve the problem caused by the CGNAT?

36

No, or more specifically, only for IPv6 connections.

What the DDClient does, is updating the DNS records at DuckDNS, i.e. it tells the DuckDNS service the public facing IPv4 and IPv6 addresses you are currently using at the Internet. But in case of CGNAT, this public facing IPv4 address is not actualy the IP address that is assigned to your router. It is assigned to a router at your provider, to which multiple customer routers (including yours) are connected, wich then all share the same public IPv4 address.

1 Like
37

Thank you for the explanation :pray: :pray:

38

Hello Friends,
Iā€™m happy to report I managed to setup external logins for my Nextcloud server.
I wasnā€™t able to fix the CGNAT issue with the ISP I had, so I switched to a different ISP and now Iā€™m able to login to the server from local and external locations.
I really want to thank all of you for your help and patience.
I could not have done it without you :pray: :pray: :kissing_heart: :kissing_heart: :heart: :heart:

3 Likes