Date: Tue, 12 Nov 2019 09:21:27 -0500 From: Phil Staub <phil@staub.us> To: =?UTF-8?Q?Morgan_Wesstr=C3=B6m?= <freebsd-database@pp.dyndns.biz> Cc: freebsd-pf@freebsd.org Subject: Re: Fwd: Fwd: NAT for use with OpenVPN Message-ID: <CAMnCm8gn3y7ai95%2BtkwdZs2qYndzQaNdpHev4ZdNLyd-bOY4iQ@mail.gmail.com> In-Reply-To: <7f1fcc2d-4833-7fda-c181-a3d15b16f9ee@pp.dyndns.biz> References: <mailman.6.1573387200.62111.freebsd-pf@freebsd.org> <CAMnCm8gO%2BdZwEKdM3iKwrNoxNDZmFZ8EUo=Mrh0%2BOQ%2BSE_SO8w@mail.gmail.com> <1cebcd5e-d9ed-53db-2d01-c8794933d1c4@pp.dyndns.biz> <80ec074d-7a5d-7016-57e4-f607384d0e20@pp.dyndns.biz> <CAMnCm8iz7DcgTM_tPR5ZGZQwPXXcahVbyqw0Wzufkr93xVszpg@mail.gmail.com> <CAMnCm8jZH8ZULq8CKeZF_t4eBEBH5QAsaPKBtxK0WCWGe_OXDA@mail.gmail.com> <ba536474-57b4-37b0-d076-a1c4561d181e@pp.dyndns.biz> <CAP9XWJm2gAC0VjTejP08X0T8ar_ZS1e7PqjAy8iOMRhfBU_3mA@mail.gmail.com> <6bc9b8ce-3ab3-2b57-510d-67ace0a90259@pp.dyndns.biz> <30f8da8a-de96-f737-fef8-820c6ae2ed16@pp.dyndns.biz> <CAMnCm8i-UOAZoyERUWM%2B38sPvWcwevqM6LBgRGeM8nXjgnbVtQ@mail.gmail.com> <CAMnCm8juj8uPuqfDXWu4rOPjbiK0xrsUUrQn002R639RepQOWg@mail.gmail.com> <7f1fcc2d-4833-7fda-c181-a3d15b16f9ee@pp.dyndns.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 12, 2019 at 4:35 AM Morgan Wesstr=C3=B6m < freebsd-database@pp.dyndns.biz> wrote: > > Wireless LAN adapter Wi-Fi: > > > > IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred) > > I think I've spotted the problem. You're laptop is hooked up to your > local LAN. The NAT in your router can not normally "wrap around" packets > destined to its WAN side and then apply NAT to them, which will be the > case when you try to establish the VPN tunnel from within your LAN. This > is a classic NAT problem and it has hit many, many people in the past > trying to run servers of various kinds on their home LAN and then trying > to access them as if they were somewhere on the outside of the router. > The result will be... well, unpredictable. :) You need to connect your > laptop through its own Internet connection so it has a valid public IP > address. > I understand what you're saying here. I had hoped this wouldn't be a problem, since I didn't have a problem with the VPN in my old router, though I agree that this is NOT the same configuration. The problem I have with this explanation is that when I connect to the VPN from my phone with the WiFi turned off, it connects via an outside IP that is NOT my local router. In this case, the ping of 8.8.8.8 still fails. > Other than that, everything else looks fine including the routing table. > > A small clarification about default gateways. You only have one per > machine normally - not one per interface. Your computer knows what > subnets and machines are connected to every interface in your computer > and will send packets there when appropriate. It's only when it doesn't > know where the destination is it will send it to the default gateway. So > one default gateway per machine is the norm. > OK. I sent a support request to Netgear to ask if it's possible to print the router's routing table. (They had previously confirmed my suspicions about the fact that the VPN keys can't be updated on their "consumer" routers.) We'll see what they say about routing tables, but if It isn't possible, I'm strongly considering re-flashing the firmware to DD-WRT. I believe it has OpenVPN built in that can be configured with your own keys. Still, I would like to see this project through after all the work we have put into it. I certainly appreciate all your help on this! have definitely filled in a lot of blanks in my knowledge. Thanks again, Phil _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMnCm8gn3y7ai95%2BtkwdZs2qYndzQaNdpHev4ZdNLyd-bOY4iQ>