I am trying to solve a seemingly simple problem. Can I use L2TP connection in parallel to my main connection?
Let me explain:
I have a debian home server that I need to ssh into. My home LTE router (MikroTik) is behind multiple NAT routers as the external address as determined by services like whatismyip is different from the external interface (lte1) address. This is confirmed by traceroute. Therefore a dynamic DNS solution + port forwarding will not work.
Apparently I could get an L2TP service from AA and that would provide me with a static IP address. I imagine this as an encrypted tunnel from AA to my router that would probably create a virtual interface in the router. I think I could then ssh to that static IP address which would lead to my router through the tunnel. The router then should port forward the packets to my debian server.
But is this L2TP an all or nothing approach? Will then all my traffic have to go through that L2TP connection? I would rather that my home network continues as is and I use L2TP only to ssh into my home network (or some other connection later on, if I find use for that). Reason: my connection is unlimited, but the L2TP connection would be metered. And from the common sense viewpoint too I would rather things are simple.
I have added a picture of how I would want the setup to be. Normal traffic (N) keeps passing between LAN - MT router - Internet as before; only SSH connections that I initiate when I am in the "Internet" - from outside go through L2TP tunnel.
There are several ways of setting up tunnels similar to the one that you mentioned. But each one of them will mean that
There are some providers that offer some amount of free traffic, but they also have certain drawbacks and limitations.
In order to connect directly from the internet to your home server you would need to have a static IP on the outermost NAT router and a port mapping on each of the routers between you and the internet.
If you can get an IPv6 you might also consider it since IPv6 reqiures no NAT. You would, however, still need to configure it on all the routers.