LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#26 February 4

Kareem
Member

Re: Ogero Double NAT ?

Update.... Ok I found a terrific website where i can use a virtual machine ( https://www.onworks.net/programs/putty-online?amp=0 ) online and test whatever the hell i want. After 10 hours of testing a configuration.. .TADAAAAAAA !!!! one of the best news.... My home automation, Plex server, RDP and basically everything hosted on my network is now accessible from my internet. bye bye NAT.  ( iknow IPV6 is not widely implemented but at least it is in Europe and USA so no more headache when abroad and for the cherry on top, I got 5 free dynamic DNS so that I won't have to memorize the IPv6 of every computer on my network.

d3d907e67865eb4e51d8dfbdd60821ee.png

7a781cfa0c092e94a8e328323f05b4b5.jpg

Offline

#27 February 5

Kareem
Member

Re: Ogero Double NAT ?

One last question, a bit off-topic but does Alfa support IPv6 ? because it looks like Touch does not. When I force IPv6 there's no connection to the internet.

Offline

#28 February 7

DNA
Member

Re: Ogero Double NAT ?

Man you complicated things for yourself why did u get into ipv6 it's barely supported here, just do create your vpn and forward all the ports from Vps to the private ip you got from VPN server then do same thing on your vpn router or put your pc in dmz.

Offline

#29 February 7

Kareem
Member

Re: Ogero Double NAT ?

DNA wrote:

Man you complicated things for yourself why did u get into ipv6 it's barely supported here, just do create your vpn and forward all the ports from Vps to the private ip you got from VPN server then do same thing on your vpn router or put your pc in dmz.

Actually I tried the VPN thing, i got an account on Arubacloud but how are you port forwarding from VPS to VPN ? The VPN gives you a dynamic private IP.

I also thought IPv6 is barely supported but found out that it's widely adopted. I got free DDNS ( dynv6 )  and every machine on my network has a different public IP now. so I can reach my server, media center, PC and router. 

Looking at this, I can see Touch and Alfa both having already IPv6 subnets but I have no clue if they are adopting this anytime soon.

https://www-public.imtbs-tsp.eu/~maigro … bantelecom

Btw, sooner or later, IPv6 is the future so complication is coming soon.

Last edited by Kareem (February 7)

Offline

#30 February 11

Kareem
Member

Re: Ogero Double NAT ?

Ok I sorted this out. Almost everything on the internet wasn't really helpful it turned out I need to configure SNAT.

For reference if anyone needs it :

iptables -t nat -A PREROUTING -d <public IP> -p tcp --dport <port you want to forward > -j DNAT --to-dest < vpn client Ip>:port

iptables -t nat -A POSTROUTING -d <VPN client IP> -p tcp --dport <port you want to forward>  -j SNAT --to-source <VPN Server IP>

Offline

#31 February 12

DNA
Member

Re: Ogero Double NAT ?

Man we already told you to port forward your public ip on vps to your vpn IP....
you are using a linux VPS so iptables is how you port forward i assumed it is a simple "how to port forward on linux" google search for you.
if anybody needs it on windows it is: netsh interface portproxy.
Glad it worked out in the end, i hope ipv6 will become more adopted it really makes life easier and cheaper.


edit: sorry man haven't seen your reply for some reason i may have clicked new posts on the forum and never read it. what VPN server are you using, you can configure it to provide a static IP if necessary.

Last edited by DNA (February 12)

Offline

#32 February 12

Kareem
Member

Re: Ogero Double NAT ?

DNA wrote:

Man we already told you to port forward your public ip on vps to your vpn IP....
you are using a linux VPS so iptables is how you port forward i assumed it is a simple "how to port forward on linux" google search for you.
if anybody needs it on windows it is: netsh interface portproxy.
Glad it worked out in the end, i hope ipv6 will become more adopted it really makes life easier and cheaper.


edit: sorry man haven't seen your reply for some reason i may have clicked new posts on the forum and never read it. what VPN server are you using, you can configure it to provide a static IP if necessary.

I'm using Arubacloud.. It's a EUR 2.7 /month, 2T quota, 1Gbps internet connection.


ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400
        inet 192.168.42.1  netmask 255.255.255.255  destination 192.168.42.10
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 45  bytes 8003 (8.0 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27  bytes 8087 (8.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Problem is that even with SNAT, what's happening is that when my ogero disconnects / reconnects for some reason, the VPN server will assign you a new IP ( 192.168.42.11 ) and so on....

I'm using LT2p Ipsec VPN... My only option was to configure the Ipsec file to allow only one connection to the server

conn xauth-psk
  auto=add
  leftsubnet=0.0.0.0/0
  rightaddresspool=192.168.42.10-192.168.42.10    <-------------
  modecfgdns="8.8.8.8 8.8.4.4"
  leftxauthserver=yes
  rightxauthclient=yes
  leftmodecfgserver=yes
  rightmodecfgclient=yes
  modecfgpull=yes
  xauthby=file
  ike-frag=yes
  cisco-unity=yes
  also=shared

I can't seem to find way to force a static IP without an external authentication server.

Offline

#33 February 13

DNA
Member

Re: Ogero Double NAT ?

SNAT has nothing to do with that you may even omit it altogether in any case you didn't tell what vpn server are you using?

Offline

#34 February 13

Kareem
Member

Re: Ogero Double NAT ?

DNA wrote:

SNAT has nothing to do with that you may even omit it altogether in any case you didn't tell what vpn server are you using?

Man it's either you're not reading what I'm posting or something else. I already said it's an L2TP/ IPsec VPN server with PSK ( xl2tpd strongswan )

OpenVPN is not an option.

If SNAT has nothing to do with that how do you forward ports from VPN gateway to VPN client? ( It's the nth time i post this question)

In my case SNAT did the trick....

Offline

#35 February 14

DNA
Member

Re: Ogero Double NAT ?

I am asking about the server software and all you are replying is l2tp ipsec how am i supposed to help you provide static Ips if i dont know if you are using ipsectools libreswan openswan etc etc enough about that.
and snat isn't what forwards your ports Dnat is. source nat will Nat your vpn clients packets as if coming from the vpn server itself which Can be omitted if you have the correct routes and linux is correctly masquerading all the output packets for the client the default gateway is always the vpn server and it should automatically Nat your packets and if it doesn't the OS will with correct routes and masquerade rule which should be set by default. in any case if you had to tell it to do that manually it doesn't hurt

Offline

Board footer