Hi,

On Sun, Apr 19, 2015 at 11:54:10AM +1200, Jason Haar wrote:
> On 19/04/15 01:55, Gert Doering wrote:
> > OTOH, you'll see the behaviour in many mobile networks today: if there
> > is no traffic inside OpenVPN for a given time, like "60 seconds" (yes,
> > that short), it will time out the NAT entry and on the next packet, you
> > end up with a new source port or source IP address
> Doesn't "--ping" take care of that? Keepalive packets should mean the
> TCP/UDP NAT session sees enough traffic to stop any NAT firewall from
> timing it out (assuming ping is <30sec). That in turn should stop the
> firewall needing to change port numbers

It does, but at the cost of battery life (having to wake up frequently,
send radio, etc.) - so you can have a much lower --ping frequency with
--peer-id.

Also, there's roaming between wifi and 3G, which will inevitably give
you a new IP address on the outside - nicely handled with --peer-id :-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: pgpcVRAqGHcuK.pgp
Description: PGP signature

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to