NAT address on WAN

[unwired]

Hello,
Windstream is handing a dang NAT address on my WAN. 192.168.254.1.

When I go to generate the client installation, it builds it based on this bogus address. I generated the client locally at the firewall... then took the install file to a remote machine and installed it. It installed fine. I modified the config file to use the real address (went to www.whatismyipaddress.com from Untangle) and got 75.88.115.174. However... I cannot make the connection.

I assume this violates the security for the client....changing the IP address but I'm not sure.

Any suggestions would be much appreciated. This is the first time I've encountered a NAT address being handled to me on a DSL service. Not sure what my approach should be.

Thanks

[BOFH]

That is all a function of your DSL router. All modern DSL routers that have multiple network ports are going to hide your network behind NAT, which is a good thing. Assigning something an outside address that is plugged into the inside of your router will result in non-routable traffic. If you want the Untangle PC to have a real world IP address, then you need to turn off nat at your DSL router (put it in bridge mode), however, I strongly urge you to reconsider putting anything naked on the web. Unless you are doing something exceedingly complicated, there is no reason to put any computer on the web with a non-private IP address. 1 to 1 nat, and port forwarding should be more than sufficient for almost everything. (almost) The Untangle box should be fine with a non-private IP, but it isn't necessary.


Cheers,

BOFH

[unwired]

Thanks...you are right. The DSL Modem is a Siemens Spreedstream4200....which is also a router. It is handing Untangle the NAT address. I don't see any way that Untangle's external address can be a NAT....and have it accessible as an OpenVPN server. So I think I need to make it a bridge so Untangle can receive the address from Windstream. Now...the question remains.....when OpenVPN Server builds the client, it is using the IP address on the WAN at that time. If the IP address changes on the Untangle WAN....will the client that was generated using the previous IP address still work (if I modify the config file for the changed IP address)? I'm wondering if I need a static address on my WAN.

[BOFH]

I'm sure that they will rent you a static IP, but typically ISP's don't give those away to home users. Truthfully though, unless they put in some policy to specifically give you a different IP address, most of the time it will stay the same. Another option would be to use a service like DynDNS so that you can use a FQDN to access your machine, instead of an IP address, which is a much better option IMHO. I need to play more with OpenVPN, so I can't say that it will work with port forwarding or 1to1 NAT, but it should be possible.

BOFH

EDIT:
When you put your DSL router in bridge mode, you may lose the ability to access it's management functions until you do a factory default reset on it. Also, anything that you plug into it, is going to get a real world IP address, so make sure that you have another switch available for your internal network!

[unwired]

OK...thanks for the tip on the modem/router.

[fasttech]

For what it's worth, I have 3 ut's in bridge at different sites behind gateways, one cable and the others are evdo. All provide vpn via ddns and port forwarding from the gateways.
The only thing necessary was to change the vpn config from openvpn mod assigned local ip to the ddns name. Works fine with numerous clients.