| 1 |
On 06/11/2018 02:51 PM, Mick wrote: |
| 2 |
> As I understand it, the CGN router will rewrite the IP headers and ports from/ |
| 3 |
> to the SOHO router using PCP. This is not a TCP-over-TCP tunnel. |
| 4 |
|
| 5 |
The VPN could be TCP based and it could be sending TCP through it. Yes, |
| 6 |
the potential pitfalls of TCP-in-TCP may apply. |
| 7 |
|
| 8 |
Just because it's sub-optimal doesn't mean that it won't work. |
| 9 |
|
| 10 |
> Outgoing connections will be OK, but to run a local server I believe you'll |
| 11 |
> need to set up an external 'rendezvous server' to facilitate incoming |
| 12 |
> connections, since the double NAT'ed local server will not have a public |
| 13 |
> facing IP address. |
| 14 |
|
| 15 |
The NATed server doesn't need a globally routed IP if there is port |
| 16 |
forwarding in place. Such is possible, all be it unlikely, with |
| 17 |
multiple layers of NAT. |
| 18 |
|
| 19 |
I still think the OP was talking about (multiple layers of) NAT at his |
| 20 |
end and connecting to a VPN server at his office that had a globally |
| 21 |
routed IP address. |
| 22 |
|
| 23 |
Besides, the OP did state that he was able to connect and that traffic |
| 24 |
did flow bidirectionally through the VPN. |
| 25 |
|
| 26 |
> I'm trying to recall what I was thinking when I wrote this ... SSH reverse |
| 27 |
> tunneling? Not sure. Outgoing VPN connections *should* work fine, incoming |
| 28 |
> won't. |
| 29 |
|
| 30 |
Incoming VPN connections can be made to work. They will require |
| 31 |
significantly more effort and cooperation of the NAT administrators. |
| 32 |
|
| 33 |
Besides, this is outside of the OP's use case. |
| 34 |
|
| 35 |
> I've tried that and couldn't get it to work - for reasons I explained below. |
| 36 |
|
| 37 |
I've lost what your referring to there. |
| 38 |
|
| 39 |
> Yes, in these cases you have to use different ports and set port forwarding |
| 40 |
> per client. |
| 41 |
|
| 42 |
Not all VPN protocols have the concept of ports and as such can't use |
| 43 |
different ports. |
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
-- |
| 48 |
Grant. . . . |
| 49 |
unix || die |
Archives