Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AirVPN (OpenVPN) port forward working externally but not internally

    Scheduled Pinned Locked Moved
    NAT
    1
    2
    417
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zageyiff
      last edited by zageyiff

      Hello,

      I have configured port forwarding with AirVPN, when test from outside the network (via cellphone network) it works.
      But when tested from inside the network, it times out.

      I'm attaching some screenshots, and the packet capture for when it works and when it doesn't plus the /tmp/rules.debug

      I'm using pfSense 2.5.2-RELEASE, knowing there was a port forward bug in 2.5.1.
      I already went through the https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat-port-forwards.html, which actually help me to have it working (at least externally). And many posts in this forum, and other places in reddit, and server fault questions.

      My setup is based on these guides
      https://nguvu.org/pfsense/pfsense-baseline-setup/
      https://nguvu.org/pfsense/pfsense-port-forward/

      Explaining some IPs

      ISP                         104.163.184.210
VPN external IP:port        139.28.218.235:8107
VPN internal IP             10.35.38.107
External IP (phone)         67.69.76.131
VLAN 10 Local IP            192.168.10.103
Port forward destination    192.168.20.103:8107

      I have a docker running nginx, just showing the welcome nginx page to test the port forward.

      Locally I use curl -v 139.28.218.235:8107, and get a timeout
      When testing from an external network, on the phone, I open http://139.28.218.235:8107

      When it doesn't work, this is the packet capture file opened in wireshark, so there are retransmissions
      timeout.wireshark.png

      I can see on the firewall logs, that the NAT port forward rule is being logged, so it's working
      timeout.firewall.png

      On the states this is what I see for the port 8107
      timeout.states.png

      And just in case this is the CAP file during the small test
      timeout.cap

      Now when it works, using the phone with the phone network (no home wifi)

      The packet capture file opened in wireshark, so we can even see the HTTP protocol request and response
      working.wireshark.png

      The firewall rule get logged
      working.firewall.png

      The states look different when working
      working.states.png

      And the capture file when working
      working.cap

      Here are my /tmp/rules.debug
      rules.debug.txt

      I thought some local firewall rules might be affecting, so tried adding some allow rules from any to any at the top of vlan 10 and 20, it didn't help.
      I have assigned an interface WAN_VPN to the ovpnc1, and the port forward is on the WAN_VPN
      I have NAT reflection set as Pure NAT in System Advance
      I don't have any firewall rules in the OpenVPN tab

      Any help is appreciated

      Z 1 Reply Last reply Reply Quote 0
      • Z
        zageyiff @zageyiff
        last edited by zageyiff

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.