[ previous ] [ next ] [ threads ]
 From:  Michael <monowall at encambio dot com>
 To:  M0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Cc:  Jakob SCHWIENBACHER <jakob dot schwienbacher at gmail dot com>
 Subject:  Re: [m0n0wall] UDP 1194 usage by several NAT devices
 Date:  Tue, 29 Jun 2010 22:03:52 +0200
Hello Jakob,

An mar., juin 29, 2010, Jakob Schwienbacher schrieb:
>On 29 June 2010 11:42, Michael <monowall at encambio dot com> wrote:
>> [...]
>> If I swap the m0n0wall router out for a cheap home router that does
>> full cone NAT then all devices can connect to the OpenVPN server.
>> [...]
>> The router (and NAT) configuration:
>>  M0n0wall 1.32 embedded
>>  Services: Proxy ARP       - No entries
>>  Firewall: NAT: Inbound    - No entries
>>  Firewall: NAT: Server NAT - No entries
>>  Firewall: NAT: 1:1        - No entries
>>  Firewall: NAT: Outbound   - ...
>>    X 'Enable advanced outbound NAT'
>>    Interface   Source          Destination   Target
>>    WAN  *             * (no portmap)
>> With this config I can connect one OpenVPN device, but the others
>> fail to connect. There are no other problems, NAT or otherwise.
>Do you need the "Advanced outbound NAT" enabled? I have it just
>disabled and everythig works fine.
Good question. At least after I disable that, more than one device
can connect to the OpenVPN server, so the problem is solved.

The only question now is that I have a gut feeling that 'Advanced
outbound NAT' was enabled in the first place for a good reason.
That means I'll keep testing and hopefully discover that it can
be left disabled on my network.

Regards and thanks a lot,