UDP 1194 usage by several NAT devices

From:	Michael <monowall at encambio dot com>
To:	M0n0wall list <m0n0wall at lists dot m0n0 dot ch>
Subject:	UDP 1194 usage by several NAT devices
Date:	Tue, 29 Jun 2010 11:42:10 +0200

Hello list,

On https://myrouter/firewall_rules.php the router is setup to pass
everything, but when trying to connect a OpenVPN client over m0n0wall
to a remote OpenVPN server (UDP 1194) only one computer on the network
is able to connect.

If I swap the m0n0wall router out for a cheap home router that does
full cone NAT then all devices can connect to the OpenVPN server.

What do I have to do to the NAT configuration to be able to
connect several OpenVPN (UDP 1194) clients over the m0n0wall
router to a remote OpenVPN server?

The router (and NAT) configuration:

  M0n0wall 1.32 embedded

  Services: Proxy ARP       - No entries
  Firewall: NAT: Inbound    - No entries
  Firewall: NAT: Server NAT - No entries
  Firewall: NAT: 1:1        - No entries

  Firewall: NAT: Outbound   - ...
    X 'Enable advanced outbound NAT'
    Interface   Source          Destination   Target
    WAN         192.168.1.0/24  *             * (no portmap)

With this config I can connect one OpenVPN device, but the others
fail to connect. There are no other problems, NAT or otherwise.

Regards,
Michael