On 19/04/15 01:55, Gert Doering wrote: > OTOH, you'll see the behaviour in many mobile networks today: if there > is no traffic inside OpenVPN for a given time, like "60 seconds" (yes, > that short), it will time out the NAT entry and on the next packet, you > end up with a new source port or source IP address Doesn't "--ping" take care of that? Keepalive packets should mean the TCP/UDP NAT session sees enough traffic to stop any NAT firewall from timing it out (assuming ping is <30sec). That in turn should stop the firewall needing to change port numbers
-- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
