Testing for nat-traversal support – equinux VPN Tracker 8.1.1 User Manual

Testing for NAT-Traversal Support

As you can see from the diagram, there are a several points where the local
router could interfere with the VPN.

VPN Tracker can detect such problems

and in most cases work around them by selecting the most suitable NAT-
Traversal method for any given situation – whether it’s a hotel, an Inter-
net cafe or your home Wi-Fi network.

VPN Tracker runs a test the first time it encounters a new local router (that's
the progress bar you see before the VPN connection is established).

Even though it may take a short moment, it's very important to run the test! It
only needs to run a single time at any given location.

What does the test do?

The test connects to a VPN gateway at equinux using all possible NAT-
Traversal methods: IPsec Passthrough, NAT-Traversal (early drafts), and NAT-
Traversal (RFC). VPN Tracker tests and remembers which methods worked,
and from then on it will only use the working methods.

Should VPN Tracker ever encounter a situation where the local router blocks
all VPN traffic, or where the properties of the local Internet connection would
require a form of NAT-Traversal that is not supported by your VPN gateway, it
will specifically tell you so.

In what situations is the automatic test not sufficient?

The automatic test will work in almost all situations. It will help you to get
hassle-free VPN connectivity at Internet cafes, hotels, airports – basically in all
those places where you have little time and encounter routers that may not
support all NAT-Traversal methods.

There is one specific situations in which the availability test may not give ac-
curate results: If communication to your VPN gateway goes through a differ-
ent router than Internet traffic, or is treated differently (firewall rules etc.).

Since the test VPN gateway is located on the Internet, the test results reflect
the connectivity from your location to VPN gateways on the Internet, but may
not be accurate for your VPN gateway if it is handled differently.

In that case, you can open the VPN Availability Test (Tools > Test VPN Availabil-
ity) and tell VPN Tracker to ignore the test results for this specific location.

To disable testing entirely, go to

→ VPN Tracker Preferences.

What if my local router changes? What if a firmware up-
grade changes its capabilities?

If you exchange the router for a different device, VPN Tracker will notice
automatically (it uses the router's hardware address (MAC) to remember
which routers it already tested).

If only the firmware is updated, or you are using an Internet connection where
NAT-Traversal happens off-site at your Internet Service Provider (ISP), VPN
Tracker cannot detect a change automatically. In that case, please open the
VPN Availability Test (Tools > Test VPN Availability) and repeat the test.

73