Question

Can I use NAT transversal to bypass AP isolation?

Hi there.
I’m living in an accommodation that only provides free public WiFi with AP isolation enabled.
I want to remote control my PC with my phone, so I installed VPN on a VPS and connected it to my PC.
I can use my phone through mobile data and connect to the VPN and then, control my PC. However, if my phone connects to the WiFi, it cannot ping my PC with its internal IP.
Does the router block the NAT transversal?

Discussion is locked
Answer
Follow
Reply to: Can I use NAT transversal to bypass AP isolation?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Can I use NAT transversal to bypass AP isolation?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
I'm going with no.

The entire idea behind AP isolation and VPN is to block that.

If you want to control your PC you set that up before you leave with the choice or remote access system you like.

- Collapse -
But what about hole punching?

Thanks for reply.

If I connect both my phone and my PC to the VPN server as clients and open the DHCP on the server, they can ping each other, but they don't have internet connection so I skip it. When my phone uses mobile data and connects to the VPN server, it can still control my PC which is connected to the server and enabled SecureNAT and DHCP.
So, I think the hole punching works in my scenario, but if both of the devices are in this same wlan with AP isolation enabled, they cannot ping each other. My phone is allocated the internal IP by my PC as well and have internet connection, and all these settings and VPN sessions are the same as before, but there must be something wrong.

As you said, does AP isolation block the hole punching between the two client devices?

- Collapse -
AP isolation

Is a defined feature. If you were able to punch holes it just means the implementation is defective.

- Collapse -
One thing to confirm

Thanks again.

So, it's normal that I can control my PC through mobile data and VPN, and that is not hole punching and is no reference value. Is that what you mean?

- Collapse -
That does not sound like a hole punch to me.

I've been writing network code since dialup days but there can always be something new to learn. But here I see nothing really amiss. AP isolation as well as ISPs blocking ports can cause issues you thought "hey, this should work." But it doesn't.

- Collapse -
Finally

Thank you for your patience.

I tried a lot today but nothing changed.
As you said, I was thinking that it might be the outbound port for VPN blocked by the local router. But both of my phone and PC can connect the VPN and 'see' each other without internet connection, so this possibility was denied.

Eventually, just now I used another android phone to doing the same thing, it worked! Then I tried it on my friend's laptop and it also made it.

So, finally, it must be something in my iPhone that I used at first, but I'm not really care now.
Thank you again for the answers.

CNET Forums