Portforwarding for openvpn don´t work for pfsense2.0-RC1
-
Hi,
we use three firewalls for a loadbalancing:
PFSENSE1.2.3 as the load balancer connected to two firewalls: one of them are a pfsense2.0-RC1
I followed the guide line:
http://www.benutzer.de/OpenVPN_Server_installieren_auf_DD-WRT_Router_oder_pfSense_Firewall.htmlat point:
"OpenVPN hinter einem bestehenden NAT Router betreiben"so the first router ist a pfsense2.0-rc1
i tried to nat port 1195 to the secound router, which is a pfsense1.2.3
i can´t reach the openvpn server at the pfsense1.2.3 on port 1195.
all netsettings are correct - no mis match in networks.
the pfsense1.2.3 is set up as a load balancer. so i have two other routers in front of this box - as i mentioned bevor: one of them is the pfsense2.0.
when i connect to the openvpn-server on the pfsense1.2.3 from the other router (it is a endian) in front with protforwarding on the router, everything is working fine.
So in my eyes the firewall rules for accepting incoming traffic, which i set on the pfsense1.2.3, are correct.
Both rules (for accepting incoming trafic on port 1195) are identical, without source adress :-)can anybody tell me how to set up nat on the pfsense2.0-rc1 that there is a correct forwarding of all WAN-connections on port 1195 to the openvpn-server on the pfsense1.2.3???
here is my nat-conf a the moment - see attached picture nat.jpg
Thanks for all hints and tips and helpings
kindest regards
Stefadditional information for nat-pic
192.168.20.2 ist the ip-address of the pfsense1.2.3 interface
192.168.20.1 is the ip-address of the pfsense2.0-RC1
-
You most likely do not want to specify source ports on there.
NAT works fine, NAT for OpenVPN works fine (it's just a single UDP port…) so if it doesn't work, something isn't matching your rules.
-
Hi,
as i said: It doesn´t work in my environment….
here are my rules, maybe there are mistakes in: so Please tell me, what to change
on the forwarding box:
nat195forward.jpg IP-Adress on the lan-IF: 192.168.20.1 .... connected to pfsenseloadbalancer: 192.168.20.2
on the loadbalancer
the working line wan 192.168.3.2 (Endianbox 192.168.3.1):
wan.jpg and wan_detail.jpg
the not working line wan2 192.168.20.2 (PFSENSE2-RC1 192.168.20.1):
wan2.jpg and wan_detail2.jpg
Please help me
I´ve got the message, that my jpg´s are to big. Is there any public space available to upoad them? Sorry i haven´t this option.
Thanks
kind regards
Stef -
As jimp said: Don't specify a source port.
-
hi,
please explain that… "Don't specify a source port."
I only want to forward the 1195 vpn port - nothing else....
And in the manual it is descripted like i set up the rule
Thank you for your explanation
Cheers
Stef -
This guide is based on 1.2.3
In 1.2.3 there wasn't an option to specify in NAT rules a source.
What the guide is refering to, are the "external" and "internal" port.In relation to the screenshot you posted:
The "Dest. ports" and "NAT ports" should be 1195, but the "Src. ports" should be any.