@dennis-westhuis said in Port forward through site-to-site VPN: @edofede how did you solve this problem exactly? He solved it like how he said he did, by using OpenVPN. With OpenVPN, all these IPsec issues are non-existent. I should know because I came from using OpenVPN to trying out IPsec.

@ash-0 You don't map the OpenVPN subnet to your LAN, you have to map a fictitious network or IP. As I mentioned, for instance you map 172.29.136.15 to 192.168.0.15. So the client has to call 172.29.136.15 when he want to access the .15 in your LAN. I think, it may work without adding virtual IPs to the VPN interface, cause the client directs the packets to your VPN servers IP. Never done it with port forwarding, but should work with 1:1 at all. If it doesn't you have to add a virtual IP for each single LAN address the client should be able to access.

@tigs redirect to proxy although this thread is very old,basics still stand the gui i guess has changed so you might need to figure out where exactly the settings apply.

@derelict Yep, we discovered that the hard way. I had to remove the P2 with 0.0.0.0/0.

@wilfrid thank you , its work

Ok, I figured it out. The issue was not with my configuration, that was all good. But my hoster (Hetzner) is routing additional IP addresses by default through my main IP. This was not wrong for my scenario. I got a separate /29 subnet instead a single IP which can be routed through my second IP that I use for pfSense. Virtual IPs of that subnet work perfectly. Thanks anyway!

@samto I found a root cause of the problem. It is well described here: https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-tunnel-options/ So, the combination ssh -f -T -N -R works fine

@georgecz58 Not clear, what you really try to achieve. Maybe you can provide a drawing?

@rajesh-0 Use sftp if you can, it only uses a single port. Better still set up a VPN on your router.

Well your outbound nat if set to automatic should auto do natting for your 3 different wans. You could pick which one is use for what via policy routing. https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

@n3xus_x3 said in Multicast: I use multicast for IPTV reception there are still 2 - 3 pieces of SG300-10 in our (AoIP system + multicast) system,... yet how can I help? describe it exactly BTW: IPTV in this regard, is deadly, ISP dependent...

As I did a quick visit the last weekend with our youngest in D2 I can't find any problem even when not having pure NAT. We've played with two PS4s with both NAT Type 2 (not strict/3 but not pure/1 either) without a hitch. Got together, got into PvE/PvP - don't see problems.

If your going to create a port forward to rdp. The destination would be your wan address on port 3390 The redirect IP would be the IP you want to send it to, and the port 3389 (rdp). Keep in mind that rdp can and wants to use UDP as well. Also - the windows firewall out of the box would block all access to rdp from anything other than its local network. you would have to allow for this. And again I will warn against opening rdp to the public - it is a HORRIBLE idea, Horrible. Even if you change the port. If you did need to do it for some sort of remote help.. Lock down the source to the known IP, or atleast the known network IP range that will be using it. The secure method of rdp to stuff on your network from remote is vpn.

@adb Glad it worked for you :)

I would highly recommend you do not forward RDP, even if using a different port like 3390.. If you want to RDP to your stuff while your remote - secure method is VPN..

@sumenair Yes, you can do that. That will work if you set the local and remote network correctly in the OpenVPN settings.

@viragomann Okay I think im getting somewhere with this using a vlan. Iv set it up. Havent assigned anything to that vlan yet but I still have internet so that's a good sign. I might try again with a single LAN just to see.