[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] OpenVPN and NAT

  • Subject: [Openvpn-users] OpenVPN and NAT
  • From: "ad_koster" <ad_koster@xxxxxxxxxx>
  • Date: Mon, 13 Dec 2004 21:23:04 +0100

Currently we are considering to replace some of our IPSEC - connections by 
OpenVPN mainly because of the wellknown NAT difficulties with IPSEC. 

However after doing a number of tests we experienced problems using iptables 
rules on our firewalls like:

iptables -I INPUT -p udp -s x.x.x.x --source-port 7777 -d x.x.x.x --
destination-port 7777 -m state --state NEW -j ACCEPT

In this setup a OpenVPN - client is behind a router doing NAT and no tunnel 
is established. Most likely because the sourceport is randomly "adjusted" by 

So our question is:

Does OpenVPN require the source port and destination port to be the same to 
setup a tunnel ??


Ad K. 



Openvpn-users mailing list