When the first UDP packet sent by the MR reaches the MX, the stateful nature of upstream firewall drops it because the NAT table doesn't contain a session that allows inbound traffic from the MR firewall's outside IP.ĥ. When the MR receives connection information about the MX, it attempts to punch a hole in its local upstream firewall by sending packets to the outside IP address of the NAT firewall that the MX concentrator sits behind with the following parameters: Informs the MX that the MR can be reached at IP address 76.126.47.131 and UDP port 39199.ģ.Informs the MR that the MX can be reached at IP address 128.107.241.175 and UDP port 49069.The Register-Response packets do the following: The VPN Registry servers reply back with Register-Response message. The MX then sends a Registry-Request packet to the VPN registries. The source IP of the packet gets rewritten to the upstream NAT firewall's outside IP which is 128.107.241.175.Ģ. Similarly, the MX dynamically chooses UDP source port 49069 with source IP 192.168.10.17. The source IP gets of packet gets rewritten to the upstream NAT firewall's outside IP which is 76.126.47.131.
MR then sends a Registry-Request packet to the VPN registries. In an example, MR dynamically chooses UDP source port 39199 with source IP 192.168.2.3. Request IP address of peer node's uplink and port the peer is using to form tunnels. Provides the contact information of node's source IP and UDP port the node can be reached at to form tunnels, so this information can be shared with other registered peers.Registry-Request packets do the following:
Port ranges used to contact VPN registry:Ī Register-Request message is always a packet sent from node to the VPN Registry server.
0 kommentar(er)
