Solved
I'm having a really hard time getting a site-to-site VPN connection to work with the Starlink CGNAT. When I first connected my MX65 to the Starlink, I wasn't aware of the Dynamic IP that Starlink provides, so I tried to set it up the same way I've setup MXs before. Now it seems like my Config page has that original IP locked in, despite being set to dynamic:
I'm not even sure if this related to my problem, just something weird I noticed
My goal is try to get 2 Synology NAS devices to connect for replication. The source is at a site with traditional internet. The Partner (replication) is on the Starlink. Both ends are using Meraki MX. This setup has worked before (without needing NATs/Forwarding). It stopped working when I switched to Starlink ISP.
I've tried to use services like remote.it to get a "static" address for my source site to connect to, but that hasn't worked either. I've read that other people have tried to setup NATs or Port Forwarding to get around this, but they haven't included how they set this up. So I've tried to do this with the current "public IP" you see above, but I'm still unable to connect from the Partner site.
Here's the 1:1 NAT I've tried.
I've tried to split the Starlink Uplink, so one side goes to my MX, and the other goes to an Asus Router with OpenVPN enabled. Then plug the Synology into the Asus with it's VPN Static IP, but the connection is super unreliable. MX and Asus both are very unhappy.
I see that some people say they had no issues with this, which is frustrating because I have countless hours in this and can't figure it out. Hope someone here has an idea. Thanks!
Here's a screenshot from the MX75 that is connected directly to Starlink dish on WAN1. WAN2 is connected to an MG41 as a backup in case the Starlink gets blocked by heavy rain or snow. Both WAN ports are set to dynamic addressing. There are only a couple of Layer 7 firewall rules to block a few countries IP address blocks that really don't like America. Other than than, no NAT or other rules. It's too bad we can't get Starlink to use the Umbrella DNS servers instead of the Cloudflare and Google DNS servers.
Her
Here's a snapshot from a customer's dashboard. They only have Starlink at their house and they are using a site-to-site VPN connection back to their office. You can clearly see the 100.67.251.73 CGNAT IPV4 address that Starlink is providing. They have been using this for over a year. MX75 on one side and MX67 on the other side of site-to-site VPN. No complaints from the customer on this and they would tell me if they are having problems. Starlink dish is directly connected to WAN1 port on the MX.
That sounds exactly like my setup!! I wish I could figure out what I need to do to get mine to work. Other sites/articles I've read said this is pretty easy / should work almost OOB. But for some reason mine is not. Was there any port forwarding / NAT setup / extra config involved?
I had some issues at the beginning when I was setting up my Starlink. I'd be curious to see what this user's Uplink page looks like on their home MX. You can see in my original post that I have a picture of mine saying that it's a "dynamic" IP, but then displays an IP address in the Static IP field that does not match my current IP from Starlink...
Starlink IP at this moment, but Uplink IP is different:
Confirmation that I'm set to Dynamic for the uplink
I'm wondering if this is causing my connectivity issues from outside.
Here's a screenshot from the MX75 that is connected directly to Starlink dish on WAN1. WAN2 is connected to an MG41 as a backup in case the Starlink gets blocked by heavy rain or snow. Both WAN ports are set to dynamic addressing. There are only a couple of Layer 7 firewall rules to block a few countries IP address blocks that really don't like America. Other than than, no NAT or other rules. It's too bad we can't get Starlink to use the Umbrella DNS servers instead of the Cloudflare and Google DNS servers.
