Long story short, I used to be able to ssh into my box from anywhere on the Internet. Until the beginning of December, and suddenly I can't connect to VPNs because I can ping out, but nothing can ping back in, so anything that tries to verify my IP will die. I did traceroutes to show that I couldn't even ping the gateway from the outside, and this was WAY above the techs I spoke to.
"Is trace hoot a game? Are you trying to download a game?"
But I couldn't get it escalated. I'd ask, but then no one called me back. Nobody understands the question I am asking, or the problem, nor do they understand anything about firewalls and the like. I have done a ton of research on the problem, but I can't speak to anyone because I am not allowed past the moat of the lowest common denominator.
So I used my work to speak to them. I work at an ISP. Finally, I got some really nice tech who not only understood the problem, but is sending me a replacement router. This is because the ActionTec router burned out over a year ago, and whomever I spoke to said, "Oh, just use a Linksys or whatever." That actually worked, and worked fine for over a year until the beginning of this month.
The replacement router *might* work because they tech couldn't see my network, either. He wanted to start with equipment HE was familiar with, and I could see that. Hey, free router. I liked the old ActionTec until it cooked. Now I will get a new one like apparently I should have gotten last year. If this doesn't fix it, I have a ticket number, too, so I can track the issue. We both think it may renew the DHCP lease from a different MAC, and get correct (newer) routing info. My MAC on my Linksys may be stuck on some lease and won't let go because they tie your MAC to your route, and it may think, "This isn't Verizon approved equipment!"
Still doesn't explain why I can get out, but not back in. Oh well. I'll play ball with them as long as I have a tech who knows his stuff.