To add my setup...
In a barn on a remote farm near Brenham Texas, I have connected 2 services. Starlink with T-Mobile Home Internet (from a tower about 5 miles away) as failover; both use CGNAT. The Starlink was set up in bypass mode; nothing modified on the T-Mobile device. Both services seem to be delivering about 140-160 Mbps incoming and about 30 Mbps outgoing.
Both of these services plug into a pfSense 2100 firewall router.; Starlink on WAN1 and T-Mobile on a vlan config as WAN2. Both of these are configured as gateways with failover capabilities. The software defaults to the service with the least latency.
On the LAN side (192.168.1.1) I have 2 x TP-Link CPE510 devices configured as APs pointing in opposite directions at 2 homes, each about 150' away. On each home is a TP-Link CPE510 configured as a client. Connected to each CPE510 client is a TP-Link Archer A8 wifi router.
In the first test it all works with each home getting about 35 Mbps incoming and bout 12 Mbps outgoing. In future tuning I'd like to optimize that performance.
Both homes have happy streaming experiences. I'm happy that my relatives can finally ditch that horrible hughesnet service.
But CGNAT - Ugh. For now I am using Tailscale, a VPN service that uses wireguard, called an overlay network, to get around the problem of accessing devices behind CGNAT devices. With a free account users can get up to 20 servers configured into this network. Currently I have 4 devices; my Linux laptop, my Android phone and the the pfSense firewalls at the farm and at my home. The pfsense software has a Tailscale plugin package and with that, I can also include access to my LAN subnet without installing Tailscale on every server. (Yes, I have a homelab setup; so more servers than most) Config is fairly easy and there are a few youtube videos that help a lot. The only gotcha I had was to configure the Access Rules in the Tailscale dashboard to allow my access to all the devices; it's a security issue.
With Tailscale I can remotely access and manage the pfsense router in the barn.
Eventually I'll want to find a way to get general access to server services behind the CGNAT with my own domain name so my relatives and I can have a dashboard of farm automation stuff but for now, it is working pretty good.
