Running Full KeyHelp Web Server Behind Jio 5G CPE (IPv6-only, Limited CPE, Need IPv4 + Router Setup

Home Tech Networking & Telecom
1

Hi everyone,

I’m trying to migrate my home setup from a traditional ISP broadband (with public IPv4) to Jio 5G, but I’ve run into several problems. I run a KeyHelp server that hosts all typical web services (websites, mail, DNS, databases, etc.), so I need reliable internet access and public reachability.

Current working setup (ISP broadband):

  • ISP provides public IPv4.

  • TP-Link Archer AC4000 runs LAN on 192.168.0.x.

  • About 30 devices on static IPs.

  • KeyHelp server exposed via DMZ, works perfectly.

New setup with Jio 5G:

  • Jio 5G CPE provides only IPv6 internet + CGNAT IPv4.

  • The CPE has very limited features:

    • No NAT options, no firewall config.

    • Only 5G SA setup with band locking and WiFi hotspot.

    • LAN DHCP range is fixed and cannot be changed.

  • When I connect a PC directly to the CPE:

    • Pinging domains resolves only IPv6 addresses.

    • Pinging IPv4 addresses → packets lost.

    • If IPv4 is assigned by chance, internet works, but it’s inconsistent.

  • When I connect Archer AC4000 (WAN → LAN mode) between CPE and LAN:

    • LAN devices (192.168.0.x) lose internet access.

  • LAN-to-LAN bridging works, but then LAN gets forced into 192.168.13.x (CPE’s subnet), which breaks all static IP assignments.

Network diagram:

        [ Jio 5G Internet ]
                 │
           [ 5G CPE ]
          (no NAT, IPv6-only,
           fixed DHCP: 192.168.13.x)
                 │
        WAN port (DHCP)
          [ Archer AC4000 ]
   LAN: 192.168.0.x  (30 devices)
                 │
       ┌─────────┴──────────┐
 [ KeyHelp Server ]   [ Other devices ]
   (Web, Mail, DNS,
    DB services etc.)

What I need:

  1. LAN Internet

    • Keep LAN on 192.168.0.x.

    • Ensure LAN devices can access internet through Jio 5G.

    • IPv4 internally must work, IPv6 externally must be available.

  2. Dual Stack Handling

    • IPv6 works, but IPv4 often fails completely when behind the CPE.

    • Need a stable way for IPv4 traffic (maybe via VPN tunnel).

  3. KeyHelp Server Public Access

    • All services (web, mail, DNS, DB) must remain accessible from outside.

    • IPv6: should be doable with static IPv6 + firewall rules.

    • IPv4: since Jio doesn’t provide public IPv4, I may need VPS tunnel or reverse proxy.

My questions:

  • How can I configure Archer AC4000 (or OpenWrt router) to keep LAN on 192.168.0.x while using Jio 5G CPE for internet?

  • What’s the recommended way to provide stable IPv4 behind an IPv6-only ISP with such a limited CPE?

  • For the KeyHelp server, what’s the most practical solution to expose both IPv4 + IPv6 services? VPS with WireGuard/OpenVPN tunnel? Reverse proxy?

Any step-by-step guidance or example configs would be a huge help.

Thanks in advance.