Thanks Lonnie
I have moved to router mode at the customer site and it seems to be working
fine. Its using Open VPN which also doesn't seem to care.
Another advantage is that using bridge mode, there is a risk that the carrier
subnet could overlap with the LAN e.g. as it uses the private address space.
Double NAT fixes this.
Thanks for your help.
Regards
Michael Knill
On 8/10/18, 10:57 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
Hi Michael,
I assume you are taking about running WireGuard VPN over a 4G/LTE network.
Like this:
https://doc.astlinux-project.org/userdoc:tt_wan_failover#example4g_lte_modem_failover
I have switched to use "Router Mode" on my Netgear LB1121 some time ago,
the Netgear Modem seems more stable using "Router Mode".
With the brilliance of WireGuard, the extra (double) NAT made no difference
in the VPN tunnel. The wireguard peer IP's appear on the same virtual network,
no NAT between wireguard peer's.
In all cases the wireguard VPN (as with all other VPN types) sits behind a
firewall to EXTIF and EXT2IF, this is the case for the 4G/LTE modem connected
AstLinux as well as the cloud based AstLinux acting as the remote VPN endpoint.
The 4G/LTE Modem Failover using WireGuard has been working perfectly for
me. Quite simple and robust.
Lonnie
> On Oct 7, 2018, at 6:01 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>
> Pardon my ignorance on the following:
>
> Although I have not confirmed, I appear to be having issues with bridge
mode with my carrier. I have tried two modem types and it appears to just stop
passing traffic after a while.
> As such, I am considering using router mode but want to know if it is
possible to be protected by the firewall without NAT (or PAT actually). Even if
I was to actually use NAT e.g. a pool of network addresses rather than PAT e.g.
port stays unchanged, then the double NAT issues should not be a problem.
> Do I even need to bother? I suspect its not a problem for most traffic
types. I will be using a VPN so it shouldn’t care.
>
> Thanks
>
> Regards
> Michael Knill
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
