I use IPIP behind a NAT by forwarding all IPIP traffic to a particular host - it’s a separate protocol so quite easy to do actually.
On Mon, 20 May 2019 at 17:18, Steve L via 44Net 44net@mailman.ampr.org wrote:
---------- Forwarded message ---------- From: Steve L kb9mwr@gmail.com To: AMPRNet working group 44net@mailman.ampr.org Cc: Bcc: Date: Mon, 20 May 2019 11:14:45 -0500 Subject: Re: [44net] UCSD tunnel behing NAT and Firewall setting ? IPIP requires Protocol 4 forwarding (or DMZ) at the firewall to the gateway.
OpenVPN handshakes are about every 5 seconds, between the client and server. The client creates and maintains an active connection to the server at all times. This allows the server to track a reverse way back to the client.
Since we are decentralized, meaning we don't all reach each other thru a central server, we'd have to have maintain handshaking to each other ampr gateway. I forget what Brian last said there were in terms of a number of IPIP gateways, but that would obviously be a lot of data, and thus not practical.
The only other VPN like architecture that I know of that works like what we are doing is Tinc, as it supports mesh routing too. But I haven't played with it yet.
Your other option is to setup a VPS, bring in a subnet via BPG, and then used whatever method you like (OpenVPN, etc) to bring it from the VPS to your firewall restricted gateway. A solution that John, K7VE has been pointing out (https://groups.io/g/net-44-vpn)
Steve
On Mon, May 20, 2019 at 1:41 AM R P via 44Net 44net@mailman.ampr.org wrote:
---------- Forwarded message ---------- From: R P ronenp@hotmail.com To: "44net@mailman.ampr.org" 44net@mailman.ampr.org Cc: Bcc: Date: Mon, 20 May 2019 06:37:54 +0000 Subject: UCSD tunnel behing NAT and Firewall setting ? Hi there I know that VPN can be done behind firewall NAT (from the client side) Can the IPIP be made (from the gateway side) behind a Firewall (that
allow any traffic outbound) and a NAT ?
Untill few month ago my gateway sited on the DMZ and it worked But i had changed the DMZ to point another IP and it seems that the
IPIP still work .. I wonder if it is a router problem or the IPIP can pass thru like a VPN can pass
Thanks For any Info ronen- 4Z4ZQ
---------- Forwarded message ---------- From: Steve L via 44Net 44net@mailman.ampr.org To: AMPRNet working group 44net@mailman.ampr.org Cc: Steve L kb9mwr@gmail.com Bcc: Date: Mon, 20 May 2019 11:14:45 -0500 Subject: Re: [44net] UCSD tunnel behing NAT and Firewall setting ? _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
Michael Cullen