PepVPN Behind Double NAT


#1

Hi All,
One customer has purchased two 4G connections from Telecom Proivder. They need to use each connection with an LB-30 to connect two sites using PepVPN. After configuring the two LB-30, we could not get the PepVPN to establish. We have configured the WAN on each LB-30 to use Dynamic DNS which was updating successfully and correctly. Also, on the Telecom Supplied 4G router we have configured Virtual Servers (kind of Port Forwarding) to forward UDP 4500 and TCP 32015 towards the LB-30, but still unsuccessful. My doubt is that after the 4G router connects the LB-30 to the Telecom Network, there is another Gateway at the core of Telecom Network that will do NAT again. So, if this “double” NAT assumption is true, will the PepVPN establish successfully?


#2

Hi,

Look like this is your network connectivity.

PC A —> Balance router (Cellular, IP a.b.c.d) —> Internet <— (Cellular, IP w.x.y.z) Balance router <— PC B

Since you have configured DDNS and updated successfully, believe you have the public IP for both units. Can you do telnet with port 32015 from PC A to IP w.x.y.z (please refer to network connectivity above).

If you successful do the telnet, please open ticket for us to investigate.

Thank you.


#3

Hi TK,
Actually the 4G router is taking 10.x.x.x ip on its Radio Interface (WAN), and to have your proposed connectivity diagram more accurate:

PC-A --> (LAN)Balance-30(WAN1)—> (LAN)4G-Router(WAN=10.x.x.x) —> NAT-Gateway—> Internet <— NAT-Gateway<—(WAN=10.x.x.x)4G-Router(LAN)<----(WAN1)Balance-30(LAN)<-- PC-B
So as you can see, there are double-NAT (once on the 4G router, and once on the NAT-Gateway.
I have now tried to telnet to 32015 on that public ip, but it fails


#4

PepVPN will not be able to establish in this scenario, at least one side needs to have a reachable address.