I’m far from a network guru, I’m a hardware guy and having trouble figuring this out. Watched a ton of the videos from Lawrence Systems on just about everything I use (also in Detroit too).
I am using Pfsense to replace my Ubiquiti Edgerouter X as I want to run a VPN 24/7 for one of my VLANs. Basically I have a teen who keeps getting DDOSed while paying xbox games. Apparently it’s a thing now and pretty easy to do.
My network consists of…
-Gigabit Comcast (1Gbps down/40Mbps up).
-Netgear CM1000 modem connected to WAN.
-Pfsense Box with WAN in and one trunked LAN out.
-Mikrotik 10G switch where everything else connects.
-Two TP Link Omada WAPs/3 unmanaged switches.
Primary network LAN 192.168.2.0
VLAN 10 192.168.1.0
VLAN 20 192.168.4.0
When I set up my pfsense and add a rule to allow all traffic on VLANs, all current devices appear to connect and work as they should on their respective networks… When I start to mix UPNP and openVPN is where the issues start.
So after playing around for about 4 hours tonight I found some more details and specifics of what’s causing it. If I keep the my client openVPN through private internet access off, I can enable UPNP and with the rules in my NAT outbound settings, and my gaming Alias with multiple IPs it works perfect.
If I turn openvpn on with the associated rules and UPNP off, I get a normal but strict NAT type.
If I run openvpn with UPNP both on, I get a report of a double NAT that is strict and I can’t solve it.
TL:DR
OpenVPN off, UPNP on = Open NAT yayyy!
OpenVPN on, UPNP off = Strict NAT
OpenVPN on, UPNP on = Double NAT, strict