Hello - I’m trying to find a solution to a problem I’m having with my Xbox + Asus Router + Verizon Fios + VPN. I’ve been trying to solve issues with very slow Upload speeds on my Xbox. I has a suspicion it was Fios throttling UP speeds. So someone recommended putting my Xbox behind a VPN. Well I finally got VPN setup on my Asus Router - but now I’m getting Double NAT and NAT set to strict. I put the Internal IP assigned to Xbox to fixed - and set to DMZ - still a problem. I think everyone here is smart - so I hope you can help me (I put this on the Xbox forum hoping someone has similar experience as well).
So my IP assigned by ISP is different than the IP I get from whatismyip. So this is the issue for double NAT? I have a Fios ONT downstairs - it takes the fiber form outside - converts it - and sends it to my Asus Router. Is this the issue - ONT assigns a NAT, and now my VPN is another NAT? Sorry I’m not networking savvy.
So I read - besides DMZ fro Xbox that didn’t work - that I need to set one Nat into bridge mode. Do I do this on the ONT - or Asus side? I read somewhere here that I need to reach out to my ISP and get a static IP. How does this help? One reason for doing this is I believe my ISP is throttling my UP speeds. I believe I confirmed this with these results:
Fios + port forwarding + DMZ - wired or Wifi → 250 d - 2 u
5G Hotspot → 45 d - 7 u
behind VPN - wired + DMZ → 35 d - 11 u
The issues, again, I’m having is with double NAT and Nat set to strict on my Xbox.
Can some - CLEARLY - explain what I need to do to resolve Double NAT - NAT set to strict? I’m kind of liking the thought of VPN on my router. I tried a long time ago - but I truly think it’s time to commit.
BTW my speeds wired or wifi for a number of devices is great (without VPN). I get 250/250 most of the time (phone/tablet/computer and even the Xbox browser using Speedtest). It’s just the gaming/Xbox where I get terrible UP speeds. Any help would be appreciated. Thanks
You need to reach out to your ISP to get a real IPv4 Address, not a static IP…
At the Moment your ISP puts you behind a CG NAT, talk to them and this will solve your problem.
First, what is the upload / download speed your ISP is providing you? What is the speed you are getting? Use a speed test on your PC and your xbox might have one built into to the network settings. Check both.
If those speeds are significantly different, check the ethernet cables to both the PC and Xbox. (If both are using wireless, make sure that they are relatively close during the speed test.
What are the times you are using as a speed in your post? What is it trying to do in that time?
To explain double Nat, you’ll need to have some understanding of how networks work. Your router has a single connection to the internet. It acts as a gateway to every device connected to it. As far as the “internet” is concerned, your xbox and your PC are the same device. The “internet” is just talking to your router, which relays the message back to the right device.
Your ISP may do the same thing to help with the shortage of ipv4 addresses (another topic…) So a group of customers will have the same IP address as far as the “internet” is concerned. This is called a double Nat or a CGNAT (carrier grade NAT). Not an issue for the vast majority of internet use. It becomes a problem when trying to port forward as you don’t have access to your ISP’s router to set up port forwarding.
Getting a “real” IP from your ISP will set you outside of their group of customers with a single IP and give your own direct connection to the internet.
Did you have double Nat issues before setting up the VPN? If not then it is not your ISP but your VPN that is the issue.
Edit: sorry didn’t see your last paragraph… Disregard my first couple paragraphs.
No response but I’ll report some results/tests:
- I unchecked “Enable NAT” on my router behind an VPN - still got double NAT warning.
- I stopped VPN service - and still had “Enable NAT” off - couldn’t get a NAT - no internet
- Stopped VPN - enabled NAT - and everything is fine again - Dl speeds amazing - Upload terrible.
So I know I can get better Upload speeds with 5G Hotspot and even VPN than regular internet. Port forwarding/DMZ does not seem to help with upload speeds. I get Double Nat once VPN started.
I keep poking around. This is from my router regarding NAT:
Note: For some voice and video concurrent services or games, there might be some connection issue with symmetric NAT. You might switch to full-cone NAT for a better connection. However, with full-cone all external host can send packets to intranet, but its less secure. It is suggested to switch back to symmetric NAT after using the services and games.
HAHAHAAHA called Verizon - the online chat dude was like - man your a home user no custom IP address for you! But…call this advanced Fios phone number, and they’ll help you for the CG-NAT and VPN issues. I’m like “Oh man that’s great - yeah I’ll do that.” I call - go through all the mumbo jumbo - tell the person my issues - she like “yeah I understand, but…I need payment.” I’m like what? I thought this was a free service for Verizon users - she like “No.” "I need payment to get access to my tools on my end - and since you are not a paying subscription member - no resolution for you. Then she went on about if she can’t resolve my issue they would send a tech out to my house to probe around my wifi. I’m like "sorry I deny your request for payment - goodbye!
Now that I know about CG-NAT I will look online for a resolution. The one reason I wanted VPN s due to Verizon throttling my upload speeds for just Xbox Live - that’s all. The dude in chat was trying to up sell me on my internet speeds. I guess Verizon is all about the Mo$
So I think I figured out my double NAT issue with Asus+XBox+VPN. So I couldn’t get anywhere with Verizon. So I decided to mess around in Asus settings. I’m a tinkerer. So I tried DMZ - no go. then started looking at settings and decided to Nat Type from Symmetric to Full Cone. Per Asus info:
ASUS router use Symmetric NAT by default. Note: For some voice and video concurrent services or games, there might be some connection issue with symmetric NAT. You might switch to full-cone NAT for a better connection. However, with full-cone all external host can send packets to intranet, but its less secure.
Once I did this my warning about Double NAT went away.
My speeds are great as well:
-VPN-DMZ-Ful-Cone → 62d/38u.
-wired- no vpn - DMZ → 258d/2u
So I compromised on download to get upload. And I guess security. My next task is to improve VPN speeds.
The only issues is the NAT type is still Strict. Xbox recommends Open or Moderate - but only for connecting to external gaming options. I guess I’m okay with this. I haven’t tested game play yet.
It’s a work in process.
If there still is anyone input on resolving Double Nat without having to switch Nat Type in router please give it to me.
This is the reality, we’re running out of IPv4 addresses so ISPs increasingly put multiple users behind one address: CG-NAT aka double NAT. Two options:
check with your ISP if they offer a dedicated IPv4 address (usually costs extra money)
Are you saying that having a dynamic IP sent to me by ISP is the cause for Double NAT? If I receive a status IP from ISP - and entering this into my router settings - the solves Double NAT? What about anything else I can request from ISP - like setting ONT into Bridge Mode? I heard this used to work with ISP Modem/Routers, but won’t work for Fiber ONT. I’m dumb with this stuff - but I’m willing to learn. Thanks
Verizon Fios - no IPv6 offered. I checked with Verizon support - they say they are rolling our dual IPv4/IPv6 support - but no timeline or locations. So up in the air. Yes once IPv6 is available I will set it up.
I will check with static IP address.
Understand this I NEVER had any issues with my Xbox with Double NAT up and until I setup VPN on router.
Someone stated the reason for double NAT is due to there are two IPs once you setup OpenVPN on router. One from ISP, and another external assigned by VPN server (the one external people can see - thus the reason for VPN).
Under VPN: I unchecked assign NAT in my router settings - still got Double NAT. I put Xbox in DMZ - still double NAT. I deactivated VPN - all issues resolved, but Upload speeds suck.
Are you saying that having a dynamic IP sent to me by ISP is the cause for Double NAT?
No, this has nothing to do with static/dynamic IPs.
If I receive a status IP from ISP - and entering this into my router settings - the solves Double NAT?
You can’t enter a external IP into your router settings.
You want to set your Router into Bridge mode? Then you have a “dumb” modem and still need a router.
I don’t think you want that.
You will resolve your NAT Problem by speaking to your ISP and explain the situation to them.
Just ask for a real IPv4 Adress and they will know what’s going on.