Discussion stats
  • 6 replies
  • 11181 views
  • 0 kudos
  • 3 in conversation
Announcements

Top Contributors
Reply
Highlighted

OpenVPN through double NAT

Good afternoon,

As with all ISP in France, mine requires to use their own modem/router to benefit from VoIP services (the phone is connected to their modem/router).

As such, my R7000 is connected in a double NAT configuration, ie:

Public IP <=> ISP router (192.168.1.x subnet) R7000 (10.0.0.x subnet)

I configured the ISP router to forward all traffic to the R7000, regardless of port and IP (and it works, I'm hosting a Minecraft server on my 10.0.0.x subnet with no issue)

Now I wanted to configure OpenVPN access, and... well it does not really work. I saved the certificates, and I attempted to connect with a computer external to my network. It attempts to connect, then it time out

Questions therefore:
- Is there any more verbosed logs than the one in the client window ?
- if yes, where can I find it ?
- on a related question: is it possible to establish a VPN bridge between an DD-WRT router and the R7000, both in a double NAT configuration (for the same reason) ?

Thanks and regards

Vincent
Message 1 of 7
Highlighted

Re: OpenVPN through double NAT

Hi Vincent, The information you've provided sounds contradictory. If the ISP modem is set to pass-through or bridge mode, then there is no double NAT. If it's not, then VPN will not work. Maybe this is just a misunderstanding in terminology? However, merely forwarding all traffic will not allow VPN to work. You will need a different solution, one that allows true pass-through or bridge mode in front of the r7000.
~Comcast 1 Gbps/50 Mbps SB8200 > R8000P
~R8000P FW:1.4.1.50 ~R7000 FW:1.0.9.42
~R6400 FW:1.0.1.52 ~Orbi-AC3000 FW:2.5.1.8
~EX3700 FW:1.0.0.78

Message 2 of 7
Highlighted

Re: OpenVPN through double NAT

To clarify:

- the modem/router is configured to forward all inbound traffic to the R7000 (this is the DMZ setting)
- I'm referring double NAT, because the R7000 has a public IP adress which is on the subnet of the main ISP router, and only the main ISP router has a public IP adress
- With this configuration, I could theoretically add another device to the 192.168.1.x subnet, which is the subnet from the ISP router, and it could access the Internet

Does this clarify the setup ?

Thanks and regards
Message 3 of 7
Highlighted
Virtuoso

Re: OpenVPN through double NAT

I don't think it will either. I have DSL with VoIP box that you must also used but my box can pass public IP on LAN port 1 ONLY and pay extra $10 so I'm not behind NAT

VPN must terminate on public IP on R7000 and with IPsec it sees public IP, 192 IP and 10x IP plus external device you are connecting from.
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 4 of 7
Highlighted
Virtuoso

Re: OpenVPN through double NAT

Seems like broadband modem/gateway to configure to pass the 2nd public IP to the R7000

If R7000 router status shows public IP then open vpn should work.
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 5 of 7
Highlighted

Re: OpenVPN through double NAT

Damn...

Unfortunately my modem does not allow to pass the public IP to the R7000. Looks like I'm stuck using Hamachi for the time being...

Thanks for the help

Vincent Nguyen
Message 6 of 7
Highlighted

Re: OpenVPN through double NAT

Vincent, We appreciate your follow up. Too bad you've hit a "wall". No pun intended.
~Comcast 1 Gbps/50 Mbps SB8200 > R8000P
~R8000P FW:1.4.1.50 ~R7000 FW:1.0.9.42
~R6400 FW:1.0.1.52 ~Orbi-AC3000 FW:2.5.1.8
~EX3700 FW:1.0.0.78

Message 7 of 7