Going on vacation sometimes means coming back to things that quietly stopped working in your absence. While I do not have a cat that could have potentially starved in my absence (as a matter of fact, the dog instead put on a few pounds due to lavish attention by the in-laws combined with a lack of exercise during those weeks), my internet connection went away shortly after returning, thus I was not out a cat, but the only reliable source of cat content and, slightly less important, my livelihood.
Germany is way less famous for its bad internet than it should be. Recently all my sidewalks were quite noisily dug up and new electricity lines put in, because obviously it is a sign of a backwards country if electricity is run overground, although no one thought of just laying down some fiber while they were at it, thus I get to stay stuck in the 90s. Danke, Kohl.
That said, this time the problem was partially of my own making: In a fit of rage, I cancelled my internet subscription at 1&1. Gone are the days of Marcel D’Avis, “we are only leaving if your connection is working” had become “we will annoy you every few days with upsells until you explode in rage”. I had to block multiple phone numbers and email addresses. After yelling at the salesperson pushing better internet on me when I was already subscribed to the technical maximum they offer, an AI voice called me on the phone a day later. It was enough, and I spent the effort of digging up my contract and telling them to shove it.
I subsequently ordered a business connection via aforementioned glorious Kohl-ax, naively assuming it would be operational before the old line was disconnected. Skipping DTAG, Vodafone was next on the list, but their business hotline simply ignored my formal order, two calls and three emails, apparently because the person handling these decided to leave for the weekend on Thursday (their words) and who could in good conscience expect anyone to remember to follow-up with a potential customer on Monday morning after a three-day weekend? It was only fair that I myself mixed up the disconnection date coming back from a three-week vacation on a Tuesday morning, and found myself without internet a day after, well before the end of April.
Unwilling to spend at least two weeks without new cat pictures while I wait for a smaller ISP to fight the Deutsche Telekom to connect me, alternatives had to be explored. Buying a 5G router and the accompanying SIM would have taken a few days and the 5G coverage in Germany deserves its own rant, Starlink lists 3-6 days for delivery as well, to say nothing of its owner. After a while I decided I’ll ask my neighbors to borrow their WiFi instead.
Easier thought than done, while I do get along with them well enough for them to let me borrow their internet connection for two weeks, I still needed to connect a desktop and a server without WiFi, so hooking up the entire network became the sensible option. For this I needed a device capable of routing LAN-traffic through a WiFi-client. My first thought went to the now unemployed AVM Fritz!Box that did its job until a few hours ago, except that that feature is not available in a mere 110 EUR router (Fritz!Box 7510). I briefly considered setting up a “proper” router based on a real computer, but quickly ran out of hardware: The Mac Mini will continue gathering dust, at least until I find its power cable and all the Raspberry Pis I could find were 2 or older, just before the inclusion of WiFi. I was close to biking to the store to buy a cheap WiFi-dongle and SD-card writer, until I struck gold and found three old (note the nice “End of Life” sticker) TP-Link Archer C7s.
The dangling soldered-on serial port was telling me that I may have messed with these devices outside the manufacturer’s original intentions, apparently they have excellent OpenWRT support. The password had last been entered on these machines around 7 years ago, lost 2 years after, so I spent the next 90 minutes trying to figure out what configuration they were left in and what the correct sequence to enter recovery mode is (spoiler: You have a 2-4 second time window after the bootloader finishes before the OS loads to press the WPS key). Following the reconfiguration I could finally look for strategic places to put these, ending up on a first floor window facing the street for the “across” neighbor’s WiFi, and third floor on the appropriate side for the other one.
Using a true layer 2 bridge for these uplinks was problematic, as I certainly did not want to mess with the generously donated WiFi, thus simply NAT’ing into that network seemed the safer choice. I ended up with an interesting setup: A Unifi DreamMachine Pro with two WAN uplinks — yes, I now have redundant stolen-WiFi-internet — each of which is already a double NAT, thus resulting in a triple NAT connection for every machine. Put as a traceroute:
traceroute to 9.9.9.9 (9.9.9.9), 64 hops max, 40 byte packets
1 10.97.0.1 (10.97.0.1) 3.928 ms 2.862 ms 3.071 ms # House WiFi to UDM
2 192.168.1.11 (192.168.1.11) 3.104 ms 3.061 ms 2.721 ms # NAT1: OpenWRT on Archer (cable)
3 192.168.2.1 (192.168.2.1) 6.204 ms 4.052 ms 18.724 ms # NAT2: Neighbor's router (2nd Wifi)
4 .dip0.t-ipconnect.de (.) 16.520 ms 15.506 ms 12.577 ms # NAT3: Reaching the ISP (DTAG)
5 (internet)
The next step is being good neighbors and signing up for a VPN provider to route things through, just in case, all fairly effortless using the UDM. When I have the need, I usually use Mullvad, because I met some of the team at RustFest, which is more than I can say for any other VPN provider. The side-effect is being blocked by reddit and YouTube, which may be a good thing, although it hurts that my favorite ramen joint now sends me in an endless bugged-out PoW-loop without yielding any cryptocurrency. AI companies certainly made the internet more hostile!
The interesting thing to potentially (not) notice is just how seamless this triple NAT setup is working. No MTU reduction outside of the VPN, zero issues so far, and Tailscale working through it as well (although I may be DERP’ing even more now). A long time ago it was prophesized that the usage of IPv4 was unsustainable and IPv6 was inevitable, but the workarounds work just so damn well, it is harder and harder to believe it will ever come to pass. If it does though, it will likely be before I get that FTTH connection I signed up for in 2021.