Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Can I use NAT transversal to bypass AP isolation?

Apr 26, 2019 8:20AM PDT

Hi there.
I’m living in an accommodation that only provides free public WiFi with AP isolation enabled.
I want to remote control my PC with my phone, so I installed VPN on a VPS and connected it to my PC.
I can use my phone through mobile data and connect to the VPN and then, control my PC. However, if my phone connects to the WiFi, it cannot ping my PC with its internal IP.
Does the router block the NAT transversal?

Discussion is locked

- Collapse -
Answer
I'm going with no.
Apr 26, 2019 9:55AM PDT

The entire idea behind AP isolation and VPN is to block that.

If you want to control your PC you set that up before you leave with the choice or remote access system you like.

- Collapse -
But what about hole punching?
Apr 26, 2019 1:09PM PDT

Thanks for reply.

If I connect both my phone and my PC to the VPN server as clients and open the DHCP on the server, they can ping each other, but they don't have internet connection so I skip it. When my phone uses mobile data and connects to the VPN server, it can still control my PC which is connected to the server and enabled SecureNAT and DHCP.
So, I think the hole punching works in my scenario, but if both of the devices are in this same wlan with AP isolation enabled, they cannot ping each other. My phone is allocated the internal IP by my PC as well and have internet connection, and all these settings and VPN sessions are the same as before, but there must be something wrong.

As you said, does AP isolation block the hole punching between the two client devices?

- Collapse -
AP isolation
Apr 26, 2019 1:18PM PDT

Is a defined feature. If you were able to punch holes it just means the implementation is defective.

- Collapse -
One thing to confirm
Apr 26, 2019 2:17PM PDT

Thanks again.

So, it's normal that I can control my PC through mobile data and VPN, and that is not hole punching and is no reference value. Is that what you mean?

- Collapse -
That does not sound like a hole punch to me.
Apr 26, 2019 2:52PM PDT

I've been writing network code since dialup days but there can always be something new to learn. But here I see nothing really amiss. AP isolation as well as ISPs blocking ports can cause issues you thought "hey, this should work." But it doesn't.

- Collapse -
Finally
Apr 27, 2019 10:29AM PDT

Thank you for your patience.

I tried a lot today but nothing changed.
As you said, I was thinking that it might be the outbound port for VPN blocked by the local router. But both of my phone and PC can connect the VPN and 'see' each other without internet connection, so this possibility was denied.

Eventually, just now I used another android phone to doing the same thing, it worked! Then I tried it on my friend's laptop and it also made it.

So, finally, it must be something in my iPhone that I used at first, but I'm not really care now.
Thank you again for the answers.