Hi all,
This is what I'm trying to do :
I have a freeBSD server acting as a vpn platform. Users can connect to the platform with either PPTP or L2TP tunnels (I'm using mpd5) and they are nated to one of the 5 IP public addresses this server has. The NAt is static and done with very basic ipnat rules like :
map bge0 10.100.101.0/24 -> XXX.XXX.XXX.XXX/32
map bge0 10.100.102.0/24 -> XXX.XXX.XXX.XXX/32
Basically natting one class C into one external IP address.
So far so god, it's working well.
Now, the more difficult stuff :
Some of these users want to have an incoming open port (to do P2P) while they are connected to the platform.
I can do some kind of static mapping, assigning such or such fixed port to such internal IP address and dump a bunch of static rules into my ipnat.rules file.
I've tried that, and yes, it works, but it's anything but practical for several reasons.
First of, since the IP allocation is dynamic on connect, the same user is nothing but guaranteed to get the same internal address of course, which entails calculating the incoming port number with a pretty complicated formula, and most users are not that interested
Is there a way do do some kind of dynamic port allocation using some kind of uPnP like thing ? Keeping in mind it has to work with the VPN thing.
Thanks for your insights.
This is what I'm trying to do :
I have a freeBSD server acting as a vpn platform. Users can connect to the platform with either PPTP or L2TP tunnels (I'm using mpd5) and they are nated to one of the 5 IP public addresses this server has. The NAt is static and done with very basic ipnat rules like :
map bge0 10.100.101.0/24 -> XXX.XXX.XXX.XXX/32
map bge0 10.100.102.0/24 -> XXX.XXX.XXX.XXX/32
Basically natting one class C into one external IP address.
So far so god, it's working well.
Now, the more difficult stuff :
Some of these users want to have an incoming open port (to do P2P) while they are connected to the platform.
I can do some kind of static mapping, assigning such or such fixed port to such internal IP address and dump a bunch of static rules into my ipnat.rules file.
I've tried that, and yes, it works, but it's anything but practical for several reasons.
First of, since the IP allocation is dynamic on connect, the same user is nothing but guaranteed to get the same internal address of course, which entails calculating the incoming port number with a pretty complicated formula, and most users are not that interested
Is there a way do do some kind of dynamic port allocation using some kind of uPnP like thing ? Keeping in mind it has to work with the VPN thing.
Thanks for your insights.
