VPN Passthrough is a feature of routers which allows computers on a private network to establish outbound VPNs unhindered. VPN passthrough has nothing to do with inbound VPNs, only outbound ones. The term comes from allowing the VPN traffic to “passthrough” the router. NO ports need opening to enable VPN passthrough, it will automatically work. There are different types of VPNs but the most dominant ones are PPTP VPNs and IPsec VPNs. When a router states it supports VPN passthrough it actually means it supports both these types of VPNs. To be exact VPN passthrough is just the combination of PPTP passthrough and IPsec passthrough. This is important as you will see next because PPTP passthrough is handled differently to IPsec Passthrough.
This article continues on from where Types of NAT left off. A symmetric NAT applies restrictions exactly the same way as a port restricted cone NAT but handles the NAT translation differently. All types of NAT discussed so far don’t change the source port when NATing connections. For example when a client accesses the Internet using IP 192.168.0.1 and source port 56723 NAT changes the source IP to say 126.96.36.199 but keeps the port number the same; this is known as port preservation.
All types of NAT fall into two categories; Static NAT and Dynamic NAT. Static NAT is where administrators manually create and maintain the NAT mappings and is usually associated with inbound types of NAT. Dynamic NAT is where the router creates and maintains mappings automatically on demand and is usually associated with outbound types of NAT.
This article assumes you have an understanding of computer networking basics. Network Address Translation has several advantages but its primary goal is to allow a single Internet IP address to be shared on a network by multiple devices. Your home router has built in NAT capabilities and does all this automatically. It works by your ISP assigning you ONE IP address to your router, NAT then allows multiple computers to access the Internet through this shared IP address.
In a previous article I explained what PPTP passthrough is and how it works. In this article I will explain why multiple VPN connections fail with certain routers. This issue only affects PPTP connections and it is directly related to PPTP passthrough. Here is a brief comparison of how NAT handles PPTP VPN connections differently to normal connections. Read the PPTP passthrough link above for more details: When computers make normal outbound connections the source IP address is NATed to the public IP. Source ports are used to uniquely identify the multiple connections. When PPTP clients make outbound connections the same thing happens but the call ID AND destination IP is used instead of source ports to uniquely identify the VPN connections.
Most computers connect to the Internet through a NAT device (usually a router). PPTP natively doesn’t work with NAT. Since most VPN connections start from behind a router this is a very common problem. PPTP passthrough addresses this by allowing VPN connections to traverse a NAT with ease. NAT (or more specifically PAT) can’t function without the use of ports. It is important you understand how NAT functions and it’s reliance on ports. If unsure I would advise reading up on network address translation first. NOTE: With some routers multiple VPN connections is not supported.
To get open NAT on your xbox 360 or PS3 you need to open the ports on your router/NAT and forward them to your console. This can be achieved several ways.
The Problem When making audio calls using SIP the phone rings but when it is answered there is only one way audio or no way audio. What Cause One Way Audio The cause of one way audio is a combination of NAT and STUN (which we’ll come onto later). Let’s talk about NAT first. NAT by default blocks ALL incoming connections from the Internet. This is well known and isn’t normally a problem; if you want a server accessible through the Internet you just port forward the relevent ports to it. The issue here is that SIP uses a large range of ports and it will choose one at random for each SIP call. We can’t just open our network up to a massive range of ports, it is bad security practice. More to the point how does it even work if you are not port forwarding any ports? All inbound traffic should be blocked by the NAT because there is no port forwarding going on. So how does it work? It works by using a technique known as UDP Hole punching.