A previous thread about WG had some discussion about obtaining a publicly reachable^1 IP address. No doubt many readers are interested

Can you tell us anything about how you obtained one

1. No ISP firewall blocking unsolicited incoming traffic

I think it's pretty common in the US with the various providers. You get a public IP. I didn't do anything special for that.

Yeah, I don't think I've ever encountered an ISP in the US that didn't give you a public IP. Maybe they exist?

You only get one, so you typically NAT everything, port 25 is blocked and often port 80 is as well, but that's about it.

Come to rural western Ohio, where the only non-dial-up options, in some places, are super-high latency satellite and a local "WISP" who NATs their whole Customer base into what appears to be a /29 (your "public" IP assigned by their CPE lands in 10.0.0.0/8).

NAT and double-NAT are common in WISP networks. Also of course most hotels, Starbucks, schools, conferences, airplanes, albeit those are not ISP services. And cellular carriers often NAT.

Almost every ISP will have a firewall of some kind, but in the US this is usually just blocking 25 incoming, sometimes 80 (fios), maybe a few other ports.

I have run services on port 443 on Optimum and FiOS for years.

IP addresses don’t change frequently. Usually what happens is there will be some maintenance and you’ll end up with a new IP because you lost the lease in the interim. If you keep your equipment on though you can have the same reachable IP address for years.

I use a dynamic DNS service so this is rarely a big deal.

Not sure why this is so hard for you to grasp. You keep arguing, for what reason?

"I have run services on port 443 on Optimum and FIOS for years."

What is Optimum, FIOS.

WG does not work over TCP.

Try running a UDP-only DNS server from home on some random port. If you know the port can you reach it via UDP from the internet.

A TCP service listening on port 443 on an ISP customer's IP address in the US might be reachable from the internet. However, this topic is neither TCP nor port 443 nor is it restricted to just the US.

Optimum and Fios are two isps in the US.

> Try running a UDP-only DNS server from home on some random port.

No reason to run DNS.

However, I run openvpn udp between three houses (fios, Comcast, cablevision) for nearly 15 years. It’s pretty common, works fine.

Again in the US... cable, fiber and dsl internet service comes with a public mostly unfiltered IPv4 address, the address is dynamic but in practice it is extremely stable.

End of story.

No idea why you’re acting like such an imbecilic tool in this thread. The whole time I have mentioned that this is the case for major US “landline” ISPs. Yes there are plenty of counterexamples, not sure what point you’re trying to prove.

"No reason to run DNS."

Hmmm, it was a yes or no question. Are you suggesting it work would if you did.

Yes, pretty much since most ISPs do not block UDP port 53.

I have no reason to run DNS on a home internet connection. What would a sane use case be? They don’t block it because it would be stupid to use it anyway.

Ports that are typically blocked include 67, 139, 161, 520, 547, etc.. ie dhcp, rip, smb, snmp... none of them are any great loss to those that want to run a vpn.

Running a VPN or ssh service is another story and it works fine both TCP and UDP.

As someone else pointed out, the issue is mainly NAT not necessarily just "blocked" ports. What works with your ISP may not work with someone else's.

Just to confirm what you are saying.

I had a Time Warner cable modem for 15 years and the IP address would only change after a sustained power outage. Usually had the same IP for a year.

My AT&T Fiber IP address has not changed in 2 years and that is even after 2 power outages of about 12 hours.