On 06/10/2018 12:30 PM, Mick wrote:
If NAT'ed between guest and host and then NAT'ed again at the home
router, you are double NAT'ed.
Or possibly triple NATed if your ISP is using Carrier Grade NAT.
At least that's one definition of "double NAT". I tend to use a
different definition, one where you're NATing source and destination in
a single device. As opposed to doing a single NAT operation on multiple
devices.
As far as I know VPNs will not work through a double NAT situation,
unless you use your gateway or host as the VPN end point and then
setup port forwarding to the host from there.
I see no reason why SSL or SSH based VPNs wouldn't work perfectly fine
through many layers of NAT.
I also think that it should be possible to get IPSec VPNs to work
through multiple layers of NAT. You'd need to account for the AH issues
or ESP without AH.
Each layer of NAT makes VPNs more difficult, but not impossible.
Depending on the type of VPN, each layer of NAT may mean that you must
be the only person using that type of VPN to avoid confusing the NAT /
breaking all of that type of VPN.
Bridge the host to guest adaptors and you should be good to go (once
any other conventionla VPN configuration problem is solved). :-)
Hilco's issue was what is routed through the VPN, not a problem with
establishing said VPN.
--
Grant. . . .
unix || die
