Using Wfview with T-Mobile CGNAT

WV5A · 22 February 2025 22:56

Not sure if there is a fix for my problem. I am in Virginia and using Wfview without problems on my :LAN. Soon I will be returning to Colorado and plan on using Wfview remotely from my QTH in Colorado.
My problem is that I use T-Mobile home 5G internet, which uses something called CGNAT. Basically this is a double NAT and because of this I do not have a public IP address that I can port forward to.
I am thinking that there must be someway to open a tunnel from my client to the server. I am trying a service called localXpose to created a tunnel from my server here in Virginia that I can access from my client.

I understand that Wfview uses 3 ports. 50001, 50002 and 50003 for both the server and clients sides.
It’s my understanding that Wfview uses UDP only, is that correct or does it also use TCP?

I have tried creating a tunnel for UDP on these three ports, but the way localXpose works is that I create a tunnel for a port, say 50001 and localXpose provides a link to a tunnel for that port.
My problem is that I can’t figure out how to create a tunnel for each of the three ports that point to my local server.
The localXpose service works great when creating a tunnel to a web server on port 80 or 443, but that is TCP and not UDP.

Am I beating a dead horse? Or does it sound like it might be possible to do what I say I’m trying to do? Is tunneling a possible solution?
Any help would be appreciated.

Dave WV5A

roeland · 22 February 2025 23:20

it only uses udp and the portnumvers default are 5001/2/3. can be changed.

you may try a reverse ssh tunnel but tbh, cgnat is a good way to get migraine .

best is to stay away from these kind of connections, if you can.

eliggett · 23 February 2025 22:00

Hi Dan,

For Icom rigs it is indeed all UDP.

You will need to initiate some kind of UDP tunnel between client and server. It’ll be tricky!

—E
de W6EL

roeland · 23 February 2025 23:11

reason why I stated ssh (TCP) is that you can log on and test/play with different setups while being logged in. Over the TCP ssh tunnel you can use tools like socat, netcat etc.

Fire up the command – does nto work, fire up a different command etc. Else you must already be sure it’s going to work. The CGNAT solution, to me is a bad idea.

brianhaupt · 2 March 2025 00:20

We are looking to switch our club remote rigs to Wfview and I have been wondering about the same types of possible problems for our members. Another service I am looking into is called Tailscale. It is likely to work for you… we are still trying to figure out if we want to use it for multiple users though. Check it out and let us know what works out for you.

WV5A · 2 March 2025 00:38

Brian,
I still haven’t found a solution to my TMobile CGNAT problem. If you try Tailscale and it works for you. Please let me know.

Dave

eliggett · 2 March 2025 02:22

Just to be clear, you would not need any of these things with a “conventional” internet connection at the club where the radio is. Just port forward with the router and it will work fine.

CGNAT is really only an issue if you are using a cellular data connection (or similar) AT THE SERVER location. Client side will work with a cell phone connection just fine.

–E
de W6EL

brianhaupt · 2 March 2025 02:35

I am not a security expert, but those that I know tend not to want to leave ports on a windows computer open to the internet. I assume that there isn’t any encryption being used in the authentication or traffic in general since it is all UDP?
I believe that Tailscale would give us a more secure connection between the club members to the remote rig locations/computers.
Maybe a little more information of what efforts have been made around security would help relieve concerns for the hosts of the remote rigs.
Thanks