Re: [m0n0wall] UDP 1194 usage by several NAT devices

From:	Michael <monowall at encambio dot com>
To:	M0n0wall list <m0n0wall at lists dot m0n0 dot ch>
Cc:	Jakob SCHWIENBACHER <jakob dot schwienbacher at gmail dot com>
Subject:	Re: [m0n0wall] UDP 1194 usage by several NAT devices
Date:	Tue, 29 Jun 2010 22:03:52 +0200

Hello Jakob,

An mar., juin 29, 2010, Jakob Schwienbacher schrieb:
>On 29 June 2010 11:42, Michael <monowall at encambio dot com> wrote:
>> [...]
>>
>> If I swap the m0n0wall router out for a cheap home router that does
>> full cone NAT then all devices can connect to the OpenVPN server.
>>
>> [...]
>>
>> The router (and NAT) configuration:
>>
>>  M0n0wall 1.32 embedded
>>
>>  Services: Proxy ARP       - No entries
>>  Firewall: NAT: Inbound    - No entries
>>  Firewall: NAT: Server NAT - No entries
>>  Firewall: NAT: 1:1        - No entries
>>
>>  Firewall: NAT: Outbound   - ...
>>    X 'Enable advanced outbound NAT'
>>    Interface   Source          Destination   Target
>>    WAN         192.168.1.0/24  *             * (no portmap)
>>
>> With this config I can connect one OpenVPN device, but the others
>> fail to connect. There are no other problems, NAT or otherwise.
>>
>Do you need the "Advanced outbound NAT" enabled? I have it just
>disabled and everythig works fine.
>
Good question. At least after I disable that, more than one device
can connect to the OpenVPN server, so the problem is solved.

The only question now is that I have a gut feeling that 'Advanced
outbound NAT' was enabled in the first place for a good reason.
That means I'll keep testing and hopefully discover that it can
be left disabled on my network.

Regards and thanks a lot,
Michael