Hi, On Sun, Apr 19, 2015 at 11:54:10AM +1200, Jason Haar wrote: > On 19/04/15 01:55, Gert Doering wrote: > > OTOH, you'll see the behaviour in many mobile networks today: if there > > is no traffic inside OpenVPN for a given time, like "60 seconds" (yes, > > that short), it will time out the NAT entry and on the next packet, you > > end up with a new source port or source IP address > Doesn't "--ping" take care of that? Keepalive packets should mean the > TCP/UDP NAT session sees enough traffic to stop any NAT firewall from > timing it out (assuming ping is <30sec). That in turn should stop the > firewall needing to change port numbers
It does, but at the cost of battery life (having to wake up frequently, send radio, etc.) - so you can have a much lower --ping frequency with --peer-id. Also, there's roaming between wifi and 3G, which will inevitably give you a new IP address on the outside - nicely handled with --peer-id :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpcVRAqGHcuK.pgp
Description: PGP signature
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users