We have Starlink for a small office, in bypass mode going into a Ubiquiti UniFi UDM-PRO.
What is the most practical way of obtaining a static IP address? I guess the only thing we can do is use a VPN connection service installed on the UDM that provides a static IP. Does anyone know of such a service? Or is there another cost effective solution we should be considering?
Thanks in advance 
Easiest is to just use ipv6
You can get a static(ish) publicly addressable IPv4 address by signing up for the cheapest business account. That gives you 40GB of “priority” data, then unlimited standard.
The IP issued is relatively stable, but can change. Using a DNS service, you can reliably accept incoming connections this way.
Nord VPN sells static ip with their VPN
What is the purpose of the static? Almost everything can be done easily without a static IP. Just to be sure understand the use case will help.
I don’t think Starlink provides static IP’s even on the business version.
In order to open up only limited IP addresses for SSH to my servers, I use a dedicated IP address from the lowest cost VPN provider I could find. That worked out to be surfshark in the looking I did at the time I did. I think in the end, all in, it’s costing me $6 or $8 per month but I had to pre-buy two years.
It was far less configuration than Socks proxy for the Windows machines, and that saved me hours. To be fair, that could be because I’m far from an expert at Windows, but I very much prefer NOT to be an expert at Windows so it was an ok expense for me.
So far it’s worked brilliantly.
sign up for a dynamic dns service (dynu is like $5 a month and i’m very happy with them) and set up your tunnels by fqdn instead of ip.
Can you just use a dynamic dns service? Plenty of free options if you can self host or paid options.
Bonus points you only have to remember a subdomain instead of an IP address
If you have a router to terminate an L2TP or Wireguard tunnel you could use something like https://www.coretransit.net
Isn’t that still like double
I thought you couldn’t do any kind of port forwarding on starlink due to cgnat?
If the other side is Ubiquiti use Site Magic their SD-WAN that supports DHCP WAN addresses. I have a bunch of offices linked that way and with Starlink and other IPv6 native ISP’s.
Otherwise you can use WireGuard on the UDM and with the recent releases you can specify a host name vs a IP. All you need to do is setup dynamic DNS in the UDM.
Overlay networks also work seamlessly like Tailscale and ZeroTier.
You don’t need it if you have a broker in between. That is how overlay or Ubiquiti SD-WAN works to get around this.
Must’ve saw mobile priority. $240 a year to just not use CGNAT still seems expensive. Most ISPs do dynamic public ipv4 for free
If you are using a residential/SMB service such as cable, cell or Starlink are not SLA driven connections. The expectation must be that they are willing to justify some risk in not having SLA redundant connection. If they can’t tolerate a potential 5 minute outage then that is a concern I would have, especially relying on Starlink.
Not suggesting you are wrong but customers demand things beyond our control and ability.
Overlays may work.