Fwd: Fwd: NAT for use with OpenVPN

Phil Staub phil at staub.us
Tue Nov 12 14:22:07 UTC 2019 

On Tue, Nov 12, 2019 at 4:35 AM Morgan Wesström <
freebsd-database at pp.dyndns.biz> wrote:

> > Wireless LAN adapter Wi-Fi:
> >
> >     IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
>
> I think I've spotted the problem. You're laptop is hooked up to your
> local LAN. The NAT in your router can not normally "wrap around" packets
> destined to its WAN side and then apply NAT to them, which will be the
> case when you try to establish the VPN tunnel from within your LAN. This
> is a classic NAT problem and it has hit many, many people in the past
> trying to run servers of various kinds on their home LAN and then trying
> to access them as if they were somewhere on the outside of the router.
> The result will be... well, unpredictable. :) You need to connect your
> laptop through its own Internet connection so it has a valid public IP
> address.
>

I understand what you're saying here. I had hoped this wouldn't be a
problem, since I didn't have a problem with the VPN in my old router,
though I agree that this is NOT the same configuration.

The problem I have with this explanation is that when I connect to the VPN
from my phone with the WiFi turned off, it connects via an outside IP that
is NOT my local router. In this case, the ping of 8.8.8.8 still fails.


> Other than that, everything else looks fine including the routing table.
>
> A small clarification about default gateways. You only have one per
> machine normally - not one per interface. Your computer knows what
> subnets and machines are connected to every interface in your computer
> and will send packets there when appropriate. It's only when it doesn't
> know where the destination is it will send it to the default gateway. So
> one default gateway per machine is the norm.
>

OK.

I sent a support request to Netgear to ask if it's possible to print the
router's routing table. (They had previously confirmed my suspicions about
the fact that the VPN  keys can't be updated on their "consumer" routers.)
We'll see what they say about routing tables, but if It isn't possible, I'm
strongly considering re-flashing the firmware to DD-WRT. I believe it has
OpenVPN built in that can be configured with your own keys. Still, I would
like to see this project through after all the work we have put into it.

I certainly appreciate all your help on this! have definitely filled in a
lot of blanks in my knowledge.

Thanks again,
Phil
_______________________________________________

> freebsd-pf at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>

More information about the freebsd-pf mailing list