I meant my reply to your post on the Cambium community.
I honestly don't know how many customers we might have using these
things (we have decent cell coverage). I looked through some netflow
data and found quite a few customers with UDP 4500 traffic. The
destinations are Verizon and AT&T IP addresses. These are obvious
because they're also hitting NTP servers on the carrier's networks. A
quick google search tells me this UDP 4500 stuff is IPSEC IKE NAT
traversal and keepalive. That's why I asked if you've torched their
traffic. Maybe the carriers do these things differently in your region.
Those aren't going through the Canopy NAT, but they are behind double
NAT. So I have no idea. Maybe it is still something with the Canopy NAT
implementation.
On 10/15/2015 3:58 PM, Bill Prince wrote:
Not sure if I saw your post George. I did a couple of searches, but
did not find anything matching.
Since 13.4, we've tracked the NAT table, and the subscriber that
called this in had zero entries in their NAT table until they switched
their router into bridge mode. So I'm fairly certain they were on the
DMZ. That said, the sub is a programmer/tech, so he's not your average
rube. He called in to report switching their router to bridge mode
fixed his AT&T WiFi calling problem. We did not torch the link.
I call it NAT without PAT, or NAT minus PAT, or NAT no PAT.
bp
<part15sbs{at}gmail{dot}com>
On 10/15/2015 1:29 PM, George Skorup wrote:
I assume you read my post? Have you ran torch on these customers to
see what the actual traffic is? I believe they all use an IPSEC VPN.
Should work through one layer of NAT (obviously does as you've seen),
but I don't know why not also through the SM DMZ which is really NAT,
not PAT. What's the term now, NAP-T or something like that is what we
all call "NAT" generally.
On 10/15/2015 3:14 PM, Bill Prince wrote:
BTW - this is with the SM on the 13.4 release (FSK in this
particular case).
bp
<part15sbs{at}gmail{dot}com>
On 10/15/2015 1:12 PM, Bill Prince wrote:
I think we have determined that the new AT&T "WiFi calling" feature
will not work with double NAT (even when the customer's router is
on the DMZ). This is the same behavior we've seen on T-mobile. It
seems to work if the customer router is in bridge mode, or the SM
is in bridge mode.