1 |
On 06/11/2018 02:51 PM, Mick wrote: |
2 |
> As I understand it, the CGN router will rewrite the IP headers and ports from/ |
3 |
> to the SOHO router using PCP. This is not a TCP-over-TCP tunnel. |
4 |
|
5 |
The VPN could be TCP based and it could be sending TCP through it. Yes, |
6 |
the potential pitfalls of TCP-in-TCP may apply. |
7 |
|
8 |
Just because it's sub-optimal doesn't mean that it won't work. |
9 |
|
10 |
> Outgoing connections will be OK, but to run a local server I believe you'll |
11 |
> need to set up an external 'rendezvous server' to facilitate incoming |
12 |
> connections, since the double NAT'ed local server will not have a public |
13 |
> facing IP address. |
14 |
|
15 |
The NATed server doesn't need a globally routed IP if there is port |
16 |
forwarding in place. Such is possible, all be it unlikely, with |
17 |
multiple layers of NAT. |
18 |
|
19 |
I still think the OP was talking about (multiple layers of) NAT at his |
20 |
end and connecting to a VPN server at his office that had a globally |
21 |
routed IP address. |
22 |
|
23 |
Besides, the OP did state that he was able to connect and that traffic |
24 |
did flow bidirectionally through the VPN. |
25 |
|
26 |
> I'm trying to recall what I was thinking when I wrote this ... SSH reverse |
27 |
> tunneling? Not sure. Outgoing VPN connections *should* work fine, incoming |
28 |
> won't. |
29 |
|
30 |
Incoming VPN connections can be made to work. They will require |
31 |
significantly more effort and cooperation of the NAT administrators. |
32 |
|
33 |
Besides, this is outside of the OP's use case. |
34 |
|
35 |
> I've tried that and couldn't get it to work - for reasons I explained below. |
36 |
|
37 |
I've lost what your referring to there. |
38 |
|
39 |
> Yes, in these cases you have to use different ports and set port forwarding |
40 |
> per client. |
41 |
|
42 |
Not all VPN protocols have the concept of ports and as such can't use |
43 |
different ports. |
44 |
|
45 |
|
46 |
|
47 |
-- |
48 |
Grant. . . . |
49 |
unix || die |