Verizon LTE Extender: "ERROR: Fail to get certificate form CMP server" over Starlink

I have a situation where I need to facilitate a Verizon LTE Extender over a Starlink connection (with a Ubiquiti ER-X router between Starlink and the LAN), but due to Starlink having CG-NAT (Carrier Grade NAT) and not having a way to NAT things across due to sharing a single IP with multiple customer premise devices, Verizon’s range extender just doesn’t work. From what I understand with the errors from the device LCD + device logs:

  • On the device LCD: “Server Error 5A” and then
  • In the device’s web admin panel logs:
    Get certificate form CMP server...
    ERROR: Fail to get certificate form CMP server
    • (Yes, “Get certificate from CMP server…” is misspelled with “form” vs “from” on the device itself, but I figured I’d include it to help your SEO findability. Lol.)

It appears that I need to forward ports 50, 53, 80, 123, 500, and 4500. 80 might be questionable, but I want to play it safe and assume that this is the case from what I’ve been reading.

It would be nice to just slap the Verizon LTE Extender onto a “DMZ” and be done with it…

How would your service be used to facilitate such a scenario where all TCP/IP traffic from a LAN device could be able to negotiate such an apparent VPN certificate for Verizon’s network to work with its device?

Unfortunately, this needs traditional port forwarding, since Verizon needs direct access to the modem on multiple ports, is not going to work, since it is Verizon that needs to access the network and not you.

Some further information. Remote.It does work in many other Starlink use cases where you are accessing devices which are directly on the LAN.
Starlink uses CGNAT, just like any other cellular or satellite ISP, so traditional port-forwarding is not possible because there is no public IP address at the endpoint. All that is required to make remote inbound connections to your computers, IPCams, NVRs, NAS box, VPN servers, or any device behind a Starlink internet connection is to install RemoteIt on a device or computer on the target local network. Configure that Remote.It-activated device to make “jump” connections to any other IP-connected device on the LAN. Here are some helpful links that will guide you on how to install and configure RemoteIt behind a Starlink connection to give you full remote access.

  1. Install the Remote.It Desktop App on the computer (Windows, Mac, Linux) you wish to connect from (i.e. the computer you use, from outside, to access devices behind the Starlink connection). You can use the same link and instructions given above. Remote.It Download

  2. Install Remote.It on any computer or device on the target LAN to which you want to connect. In other words, install Remote.It on a supported hardware platform, that resides behind the Starlink internet connection, along with the other local network endpoints (IPCam, NVR, NAS, etc.) you want to reach from outside. Click the + (Add device) button in the Remote.It Desktop app or

  3. When you cannot install RemoteIt directly on your target devices, configure “Jump” services to relay connections to any device on the LAN.