Allstar behind business starlink

so, I just installed starlink at my shop. this is the business version, with a forward facing IP address. Has anyone else out there setup their node on this system?
the starlink app does not have the ability to alter the starlink router. will I need to get a third party router and place the starlink in bypass? How can I set this up so that others may connect to my node.
thank you and 73

I can not give you a direct good answer but,
Do a search in the forum for starlink to find answers that worked.

I think it is cgnat'd and the same as consumer version as far as that goes.
But folks do have some work around for that if you look.

thank you mike, however, I have searched starlink pretty well and have come up with very little. I'll give it another go, but I don't think I will fare any differently this time around.

Many people just put a hub in the cloud and permanently link to that. You friends connect to that hub node.

You can put a hub in the cloud, or run a VPN, racknerd has VM's starting around $11 a year. Pick your poison on this one, you can roll a server using ASL, connect your node to it, and tell people to connect there, or roll your own VPN using either OpenVPN or Wireguard VPN software.

YMMV, but I probably wouldn't host anything that matters at Racknerd. They are oversold and oversaturated. Their network tends to do weird things. I hear shady things about their owners, too.

This being said, I do have a "don't really care if it breaks" racknerd that exists for the soul purpose of running a TLS-enabled Icecast server on port 443, and it's fine most of the time for the very light load I give it.

I have installed and configured Wireguard VPNs with appropriate firewall rules, mostly on Linode/Akamai VPSs, to allow incoming connections directly for Allstarlink and Echolink behind CG-NAT for a few people, but in a situation where your primary internet provider's latency isn't necessarily predictable, if you plan to host more than a connection or two at a time, I'd probably go the route of setting up an ASL3 node in the cloud, then make an outbound connection to that from your local ASL system, so folks aren't hanging off of a potentially less stable node. You could theoretically make this transparent by using the cloud node as an IAX proxy, but I've never actually done it that way.

I have no experience with a business Starlink connection, so I can't make any suggestions specific to that. However, using an appropriately configured VPN will work with any connection, and using a remote node to do the heavy lifting requires no port forwarding locally.

There are pros and cons in all directions.

1 Like

Since you already have a business account with a routeable IP, you really only need to put your starlink in bypass mode and run an alternate router with more configuration options to do this. FWIW you can do this over IPV6 without a business tier account but since the cost isn't much of a difference anymore it doesn't matter.

As others have said, putting a router up on a cloud service somewhere can be a good option as well, but if you are going to do that you might as well just put asterisk out in the cloud to handle the connections to allstar, and run whatever you want as a "client" from your house/business.

It sounds like you have a public facing IP, good news. As mentioned earlier, put the Starlink router in “Bypass” mode as they call it and provide your own router. On your own router, just port forward incoming port 4569 UDP to the IP or MAC address of your Allstar node. In the router you may have to set a static IP for the node’s MAC first. Make no changes on the node.

Thank you. This is helpful. I figured that is what i would have to do. I'm very interested in the ipv6 suggestion as well, i also have starlink at home, but not the business account. It's more than just a node i have setup, but i also have a domain name that i point to it for various members of the club to utilize in managing the node. So a three supermon dashboard is being served behind the startling starlink as well.

Yes, thank you. Same as i had before going with starlink.

Keep in mind that ASL currently doesn't support IPV6.

so i have the nighthawk router setup and operating. the starlink router is in bypass mode. I have pointed my domain N5AD.NET at my outer ip address but i cannot reach it. the router is getting an ip address assigned from the starlink router, should I set the router ip address to the same as what the front facing ip is? the att.net system and router was much simpler to setup.

what IP address are you getting on the nighthawk router? is it an RFC1918 IP or a loopback? Are you able to ping out to internet resources or run a speed test?

ip assigned to router via starlink is 100.91.238.153, very different from what my public ip address is. the second question is over my head. the internet is working just fine as far as I can tell. I have not run a ping on the asl node if that is what you are asking. My node 65291 is showing registered. so yeah, I guess resources are available.

so that's an IP in the CGNAT range, it sounds like you either need to manually configure the interface to use the static IP assigned to you by starlink, or contact their support to update the mac on file for the DHCP reservation for your static IP, not sure how they do it.

If you do manually configure the interface with a static IP, remember you'll need to know the upstream gateway to create a default route depending on the configuration options your router has, some will assume it knows the gateway based on the subnet mask.

here's the RFC for CGNAT

Just had another thought, there is the possibility that starlink is not actually assigning you the IP as a static/interface IP but rather routing that IP to your CGNAT IP, in which case it would require a little more knowledge on your end to set this up properly as you'll need to setup interface alias's, SNAT, and custom routes for that IP, which I don't know that you can do on residential/prosumer grade routers. I'd recommend looking at something that runs OpenWRT or getting a Microtik or Ubiquiti router (I would not recommend either of these brands long term but should be fine for testing, if you can, get one that is AREDN compatible and you can kill two birds with one stone.)

thank you to everyone who submitted suggestions for a solution. The problem has been resolved. turns out that even though I have starlink with a public ip, they do not turn that public ip on by default so I had to manually set it for public access. all is good now.

Can I ask just what you had to do to set it for 'PUBLIC ACCESS' ?

To help those in the future.