When you are using the Firewalla VPN Server, such as setting up a Site to Site VPN, you must have a publicly addressable IP address. Due to the shortage of IPv4 addresses, some service providers may give you a private IP address, or you may be under double NAT (router behind another router). See this article to learn more about private IP addresses: https://en.wikipedia.org/wiki/Private_network
How do I detect if I have a private IP address?
- Find your WAN's IP Address.
- If you have a Blue, Blue Plus, or Red, log in to your router and look at the WAN or Internet Address. Record this as Address 1.
- If you have a Gold or Purple in Router Mode, tap on the Network button and tap on a WAN. Record its IPv4 address as Address 1.
- Next, visit https://www.google.com/search?q=whats+my+ip&oq=whats+my+ip. Record this address as Address 2.
- If Address 1 and Address 2 are different, then you do not have a Public IP or you are under double NAT.
What can I do if I don't have a private IP address?
If you don't have a private IP address, you'll need to investigate further to see if you're under double NAT or if your ISP has given you a non-public IP.
- If you have another router in your network setup, make sure it's operating in the right mode. If it's still operating as a router, you'll be under double NAT. See our article on Router Mode for more details.
- Try contacting your ISP to check their policy on public IP addresses. You may need to request a public IP address.
If you're under double NAT, you may need to make additional configurations on your upstream router in order for certain features to work as expected (such as the Firewalla VPN server). We recommend checking your upstream router's manual for detailed instructions.
Comments
1 comment
So us with CG-NAT like Starlink are running double NAT, but they have now rolled out IPv6 addresses and say that those are Routable. Is there an easy way for us to verify this in the Firewalla?
Please sign in to leave a comment.