Same problem as most any VPN server - if the netblock your VPN server daemon hands out addresses is in the same IP space as the regular IP space your device is on, it doesn't know how to route...
Example, say I have a home router set up to hand out local dhcp inside my nat in 10.8.0.0/24 , and I have a laptop connected to the WAP in my home, which has an openvpn client, configured to connect to a corporate server, which also hands out IPs in 10.8.0.0/24. I can establish the tunnel if the crypto is set up properly but the traffic won't go anywhere. On Feb 8, 2016 6:21 PM, "Ken Hohhof" <[email protected]> wrote: > I wonder if this (from the Verizon FAQ) is what they were referring to: > > > Any IP address can be assigned, with the exceptions shown below. If you > assign an IP address within any of the following IP Subnets, you could > experience issues with the Network Extender for Business. It is best to > avoid these IP Subnets: > > - 10.208.110.96/27 > - 10.208.110.96/27 > - 10.210.157.208/28 > - 10.211.28.208/28 > - 10.211.157.208/28 > - 69.78.69.0/24 > > > *From:* Josh Luthman <[email protected]> > *Sent:* Monday, February 08, 2016 5:40 PM > *To:* [email protected] > *Subject:* Re: [AFMUG] Verizon "network extender" > > > I have a Samsung that simply gets NAT. Works just fine. It won't start > until it gets GPS which takes way too long sometimes (30-90 minutes). > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > On Feb 8, 2016 6:34 PM, "Ken Hohhof" <[email protected]> wrote: > >> What are the typical reasons for these not to work? From the user guide >> it appears to use IPSEC, so I assume anything that prevents a VPN? >> >> Verizon support told the customer they needed a Class A address. WTF? >> Did they maybe mean it *can't* be a class A address? Customer uses >> 10.x.x.x addresses internally, behind Cisco ASA firewall (which I don't >> manage). >> >> I do see some udp/500 and udp/4500 packets, I think that means something >> is using UDP for IPSEC NAT traversal? >> >
