Netgate SG-1000 microFirewall

Author Topic: xboxone / strict nat and VPN  (Read 243 times)

0 Members and 1 Guest are viewing this topic.

Offline repomanz

  • Jr. Member
  • **
  • Posts: 38
  • Karma: +0/-0
    • View Profile
xboxone / strict nat and VPN
« on: November 10, 2017, 04:02:03 pm »
Hey everyone.

I'm beating my head against the wall here as I don't understand why xboxone NAT is not working when i try to VPN some clients (not the xbox). 

Key point here:  I have a fully functional xbox one with open NAT based on the guide linked in this forum.  XboxOne is working, works well.   However the moment I attempt to VPN any traffic to my internal clients I complete break the NAT for xbox one.

Outbound rules (in order):

1) xbox static outbound rule is #1 in the list and is bound to WAN
2) LAN 1 subnet
3) LAN 2 subnet
4) openvpn interface #1
5) openvpn interface #2
6) openvpn interface #3
7) openvpn interface #4
8) openvpn interface #5

LAN 1 network is routed out through vpn client gateway group (openvpn interface #1 - #5)
LAN 2 network (where xbox lives) is routed out through WAN

All clients perform as they should.  I get a VPN address for clients in LAN 1.  Clients in LAN 2 get my WAN IP.   However with this configuration the NAT type is now broken. 

What can i check for here to see if additional configurations are required?  It's clear i'm missing a configuration with the VPN, interfaces or not fully understand how VPN and NAT work together.


Offline repomanz

  • Jr. Member
  • **
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Re: xboxone / strict nat and VPN
« Reply #1 on: November 11, 2017, 03:41:58 pm »
Hi everyone. I've solved this on my own and so i figured I'd inform others of the solution.

Under the vpn client configuration details for each openvpn client , check the box "don't pull routes".  This resolved the issue I was having.

** edit - i now have a dns leak so i'll have to figure that out.

« Last Edit: November 11, 2017, 04:16:18 pm by repomanz »