Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Newbie
    Join Date
    Mar 2016
    Posts
    12

    Default Feature request: Be able to disable NAT on WAN-interface, for traffic from OpenVPN

    In earlier versions (9.3 and earlier?) we could have the traffic to/from the OpenVPN-clients un-NAT'ed through the WAN-interface. We are using our Untangle servers as 'a router on a stick' with only the WAN-interface connected just for OpenVPN.
    There is a checkbox to enable/disable NAT but that does not make any differens on the WAN interface.
    I have been told that this changed in version 9.4, but why?
    It would be great to have the feature back.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    You have more control over NAT in v10+ than you ever did. Are you sure you know what you're wanting?

    You can turn NAT on and off over the tunnel, and there are tick boxes for each interface to turn NAT on and off there as well.

    All of that being said, Untangle isn't intended to be operated "on a stick" so I imagine things aren't working properly because of that more than anything.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Mar 2016
    Posts
    12

    Default

    Yes, we are able to enable/disable NAT on all other interfaces and tunnel, but not the WAN interface. As I said, it was possible up to version 9.3, but not anymore. I dont understand why this was removed, it could be default on but possible to disable.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    NAT Traffic Exiting this interface, is a tick box on any interface that has IS WAN set to true. If you uncheck that, you disable NAT.

    As I said, you've got more control on current versions, not less. Go edit External and uncheck that box!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,741

    Default

    Quote Originally Posted by sthe67 View Post
    Yes, we are able to enable/disable NAT on all other interfaces and tunnel, but not the WAN interface. As I said, it was possible up to version 9.3, but not anymore. I dont understand why this was removed, it could be default on but possible to disable.
    Incorrect. Here is the setting any interface including WAN.
    wan-nat-option.jpg
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by sthe67 View Post
    I have been told that this changed in version 9.4, but why?
    So that the return traffic will actually come back and that it works.
    If you don't NAT it the reply will go out to the internet and be lost.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Newbie
    Join Date
    Mar 2016
    Posts
    12

    Default

    Quote Originally Posted by jcoffin View Post
    Incorrect. Here is the setting any interface including WAN.
    wan-nat-option.jpg
    Yes the checkbox is there, but on the WAN interface it does not matter if it is checked or not, it is always NAT'ed

  8. #8
    Newbie
    Join Date
    Mar 2016
    Posts
    12

    Default

    Quote Originally Posted by dmorris View Post
    So that the return traffic will actually come back and that it works.
    If you don't NAT it the reply will go out to the internet and be lost.
    Well, it depends on the rest of the setup. Our Untangle servers are connected to routers that routes the un-NAT'ed traffic right.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    The tick box on External works, it causes traffic passing through Untangle and out External to be NAT'd or not. However, are we talking about the right NAT?

    That NAT box wouldn't apply to anything we're working with here, I think the NAT box you may be looking for is in OpenVPN -> Server -> NAT all LAN-bound OpenVPN traffic to a local address). Road warrior connections landing on OpenVPN v10 and later are NAT'd to Untangle's IP address, unticking this box will stop that behavior.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Newbie
    Join Date
    Mar 2016
    Posts
    12

    Default

    This box is unticked
    1.png

    And this
    2.png

    The client has IP 172.28.1.197
    3.png

    But is still NAT'ed to Untangle server external IP 195.198.127.182
    4.png

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2