Does IPv6 Remote Access SSL VPN help overcome CGNAT ?

Question

Hello everyone. Firstly, please wach this clip: 
 
 Now that I am having 2 sites: Home and Overseas, both are running Sophos XG v18.5 MR4. 
 _Home: Static WAN IP, but only has IPv4, already hosting an IPv4 Remote Access SSL VPN. _Overseas: Running under CGNAT, but I plan to use IPv6 on it. 
 _Laptop: Running Windows 10 LTSC 21H2, using OpenVPN Community Edition v2.4.12. I will be frequently travelling between Home & Overseas. 
 _ Objective: Establishing Remote Access SSL VPN tunnel to Home (IPv4) from Overseas (IPv6) and vice versa. 
 If the video is correct about that IPv6 Public Global address needs no NAT, then the problem of IPv4 CGNAT can be overcome at no extra cost. Can my objective be achieved ? If not, can setting my IPv6 range within the convertible one to IPv4 for backward compatibility help ? 
 Thank you very much in advance.

Wayne Folta · Answer

Is the overseas side natively IPv6? If it's IPv4, then you simply initiate the SSL VPN connection from overseas to your static home IP and you're done. IPv6 will only complicate matters, and would only be useful if you can translate to IPv6 from your home -- say setting up a 6in4 tunnel to a free broker like Hurricane Electric -- you could initiate the SSL VPN connection from your home. But don't introduce IPv6 to the mix if you don't need it. 
 Once your SSL VPN connection is established, you get two-way connectivity through it -- given you have the proper routing and rules at both ends for traffic to go through it -- and CGNAT doesn't matter. (I think. Could be wrong on this. But the bottom line is you can establish connections outbound through CGNAT or the Internet would break. You just can't establish connections inbound because of the multiple conversions.)

Does IPv6 Remote Access SSL VPN help overcome CGNAT ?

Top Replies