DMZ being overridden by VPN NAT - How to fix?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

cplay

Senior Member
I'm trying to get nat type open for one xbox console only.

I have set a static IP and xbox is connecting through this static IP that has also been set as the DMZ IP address.

The issue is I need to run the VPN on this IP also and I believe the "create nat on tunnel" setting in the VPN configuration is adding NAT to that IP even though I have the IP listed in the DMZ zone.

Anyways around this?

Do I need to create nat on VPN tunnel?
 

MaziahBebop

Regular Contributor
I'm trying to get nat type open for one xbox console only.

I have set a static IP and xbox is connecting through this static IP that has also been set as the DMZ IP address.

The issue is I need to run the VPN on this IP also and I believe the "create nat on tunnel" setting in the VPN configuration is adding NAT to that IP even though I have the IP listed in the DMZ zone.

Anyways around this?

Do I need to create nat on VPN tunnel?
DMZ and VPN on the same static LAN ip sounds like something that is not meant to be. Someone else correct me if wrong, but it seems impossible to set that up without NAT conflicts .
 

ColinTaylor

Part of the Furniture
If you're using a commercial VPN service (as opposed to a LAN to LAN VPN) you can't avoid double NAT. You would need to create an exclusion so that the Xbox doesn't go through the VPN (and is in your DMZ). This is not possible AFAIK with stock firmware which I assume you have as you have posted this in the "Asus Wireless" forum.
 

cplay

Senior Member
DMZ and VPN on the same static LAN ip sounds like something that is not meant to be. Someone else correct me if wrong, but it seems impossible to set that up without NAT conflicts .

This is what I thought - which leaves me with two options:

1. Disable NAT on the router and just have "create nat on tunnel" enabled for the VPN (all ips are routed through the VPN).
2. Leave NAT enabled on the router and disable "create nat on tunnel" for the VPN.


What do you think?
 

cplay

Senior Member
If you're using a commercial VPN service (as opposed to a LAN to LAN VPN) you can't avoid double NAT. You would need to create an exclusion so that the Xbox doesn't go through the VPN (and is in your DMZ). This is not possible AFAIK with stock firmware which I assume you have as you have posted this in the "Asus Wireless" forum.

I'm using Astrill with opvn certificate on Merlin (realise now posted in wrong section) and need the xbox IP to go through the vpn.

I'm pretty sure the VPN tunnel is overriding the DMZ - if only you could create DMZ for one IP with VPN enabled and that IP routed through it.

So the only options are;


1. Disable NAT on the router and just have "create nat on tunnel" enabled for the VPN (all ips are routed through the VPN).
2. Leave NAT enabled on the router and disable "create nat on tunnel" for the VPN.

?
 

ColinTaylor

Part of the Furniture
You're fundamentally misunderstanding how a VPN works. You cannot turn off "Create NAT on tunnel" with a commercial VPN provider.

You cannot turn off NAT on the router because you will not have a working connection to the internet (and therefore the VPN will also not work).

Unless Astrill offers a service whereby they will forward a (single) port on your behalf (some VPN providers do this) you cannot avoid the double NAT over VPN. The only alternative is to not use the VPN for the Xbox in which case you will have normal NATing and the option to put the Xbox in the DMZ.
 
Similar threads
Thread starter Title Forum Replies Date
J Some traffic being blocked - need help ASUS Wireless 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top