Proper use of VPN director

[Armandooooo]

Hi, I have been using the VPN director for quite some time and I have a few question about it. Is there anyone who can point to some explanation for me to better understand some fundamental concept? Specifically:

• Create NAT on tunnel
• Inbound firewall block / allow
• Accept DNS configuration disable/relax/strict/exclusive

Thank you

 

[elorimer]

Those aren't really VPN Director but OpenVPN questions, aren't they?

Create NAT on tunnel means that the OpenVPN client sends all traffic down the tunnel from its own IP address, like a normal routing function. If it is off, it sends the traffic from the original IP address. The server then needs to know the route to get back to that address. You create that yourself in the ALlowed CLients box. If you are doing site to site, you don't need to Create NAT.

Inbound firewall allows server-side access to the client-side LAN. Individual cleints may have their own firewalls though.

Accept DNS: Disable means the client DNS is the only one used; Relax adds the server DNS to the bottom of the list of the client's DNS servers, so it won't be used first; Strict addis it to the top of the list, so it will be used first; Exclusive means only the server's DNS will be used.

 

[Armandooooo]

Hi, thanks for answering.

For the NAT, if it sends the traffic from the original IP address, it means the traffic is being routed through the VPN but the server being reached would see in what part of the world I am in correct?

I don't want the server side to access any of my PC, so I would not allow that.

For the DNS I don't see how a DNS versus another one would make any different in my case.

My use case is accessing a french catch up tv from oversees, where it does not allow to be watched if you are not in France.

 

[elorimer]

For that, you would probably create the nat on the tunnel, keep the firewall in place, and select strict or exclusive for DNS.

In my case, when outside the US, if my vpn is relaxed, Amazon tells me I am travelling. If it is strict or exclusive, it treats me as in the server location. Even then, when I use VPN director to direct my Philips TV exclusively through the tunnel, Amazon reads something in the TV to conclude it is traveling. This is the case even if the Android TV setting for location is off. So it doesn't always work for reasons that aren't about the router.

 

[Armandooooo]

Understood, so to be on the safest side, I would pick NAT on tunnel (so the servers I am reaching think I am where my VPN server is), block inbound firewall (so the PCs who are in the same network as my VPN server cannot access my PCs) and putting DNS as strict so the DNS of the VPN server is the one being used.

Is my understanding correct?

 

[elorimer]

I would pick NAT on tunnel (so the servers I am reaching think I am where my VPN server is)

Yes, except for this part. Your client router has a private LAN, like 192.168.50.0/24. Your server router also has a private LAN, but also a public IP that can be geolocated. Regardless of this NAT setting, servers you reach will think devices on your client router's LAN are coming from the server router's public IP. They send stuff back to the public IP, and now the server router needs to know how to forward it on to the client router's private LAN. Creating a NAT on the tunnel does that so you don't need to specify a route back. It's a convenience with some extra processing baggage. (I think.)

 

[kernol]

These are the Network settings I have used for NordVPN to UK servers. It works well for me with the only location shown for me being the location of the particular NordVPN server in the UK that the router is connected to.