Feature request: Be able to disable NAT on WAN-interface, for traffic from OpenVPN

**sthe67** · 04-20-2016, 11:41 PM

In earlier versions (9.3 and earlier?) we could have the traffic to/from the OpenVPN-clients un-NAT'ed through the WAN-interface. We are using our Untangle servers as 'a router on a stick' with only the WAN-interface connected just for OpenVPN.
There is a checkbox to enable/disable NAT but that does not make any differens on the WAN interface.
I have been told that this changed in version 9.4, but why?
It would be great to have the feature back.

**sky-knight** · 04-20-2016, 11:54 PM

You have more control over NAT in v10+ than you ever did. Are you sure you know what you're wanting?

You can turn NAT on and off over the tunnel, and there are tick boxes for each interface to turn NAT on and off there as well.

All of that being said, Untangle isn't intended to be operated "on a stick" so I imagine things aren't working properly because of that more than anything.

**sthe67** · 04-21-2016, 12:06 AM

Yes, we are able to enable/disable NAT on all other interfaces and tunnel, but not the WAN interface. As I said, it was possible up to version 9.3, but not anymore. I dont understand why this was removed, it could be default on but possible to disable.

**sky-knight** · 04-21-2016, 07:31 AM

NAT Traffic Exiting this interface, is a tick box on any interface that has IS WAN set to true. If you uncheck that, you disable NAT.

As I said, you've got more control on current versions, not less. Go edit External and uncheck that box!

**jcoffin** · 04-21-2016, 07:32 AM

Originally Posted by sthe67

Yes, we are able to enable/disable NAT on all other interfaces and tunnel, but not the WAN interface. As I said, it was possible up to version 9.3, but not anymore. I dont understand why this was removed, it could be default on but possible to disable.

Incorrect. Here is the setting any interface including WAN.
wan-nat-option.jpg

**dmorris** · 04-21-2016, 08:58 AM

Originally Posted by sthe67

I have been told that this changed in version 9.4, but why?

So that the return traffic will actually come back and that it works.
If you don't NAT it the reply will go out to the internet and be lost.

**sthe67** · 04-21-2016, 09:50 PM

Originally Posted by jcoffin

Incorrect. Here is the setting any interface including WAN.
wan-nat-option.jpg

Yes the checkbox is there, but on the WAN interface it does not matter if it is checked or not, it is always NAT'ed

**sthe67** · 04-21-2016, 09:53 PM

Originally Posted by dmorris

So that the return traffic will actually come back and that it works.
If you don't NAT it the reply will go out to the internet and be lost.

Well, it depends on the rest of the setup. Our Untangle servers are connected to routers that routes the un-NAT'ed traffic right.

**sky-knight** · 04-21-2016, 10:13 PM

The tick box on External works, it causes traffic passing through Untangle and out External to be NAT'd or not. However, are we talking about the right NAT?

That NAT box wouldn't apply to anything we're working with here, I think the NAT box you may be looking for is in OpenVPN -> Server -> NAT all LAN-bound OpenVPN traffic to a local address). Road warrior connections landing on OpenVPN v10 and later are NAT'd to Untangle's IP address, unticking this box will stop that behavior.

**sthe67** · 04-22-2016, 12:17 AM

This box is unticked
1.png

And this
2.png

The client has IP 172.28.1.197
3.png

But is still NAT'ed to Untangle server external IP 195.198.127.182
4.png

Thread: Feature request: Be able to disable NAT on WAN-interface, for traffic from OpenVPN

LinkBack

Thread Tools

Feature request: Be able to disable NAT on WAN-interface, for traffic from OpenVPN

Posting Permissions