Need help with port forwarding from VPN connection
-
You can skip the whole back story and just go to the end if you want.
I've tried my best to search around but I can't quite figure out if I'm choosing the wrong wording or if this is even possible. After making the switch from m0n0wall to pfsense 2.0 I have enjoyed the many new features that come with it. Lately I have been messing around with VPN tunneling into my VPS out in Texas. I know, well I think I know that I have everything set up right on the VPS (OpenVPN Server) because I can connect to it from windows OpenVPN Client and it does the routing that I desire. My scenario is I have a VPS with a public IP. This box runs many applications: "teamSpeak3, web server, mysql, and openvpn." Due to cost constraints I can't afford upgrading the VPS with more memory (currently 512MB). I need to host an application that uses 1024MB of memory minimum but does not require too much bandwidth so I have set up a box hosting the application inside my home network. I want my setup as transparent as possible to my clients (friends). When they connect to vps_public_ip:port my VPS will route that port on to a VPN tunnel to my pfsense at home. So far I have completed this task and even had it work with directly connecting as stated above. What I'm having trouble with is configuring pfsense as a VPN client and having it route that port to the proper internal IP address within my home network.
I have configure an OpenVPN client on the pfsense box and it connects to the OpenVPN server and is given an IP address. This is about where I get lost. What I need help with is configuring pfsense to connect to an OpenVPN server then forward a port coming from that connection to an internal IP in the network.
Any help would be greatly appreciated!
|--WAN1--public_ip--( ) (high_mem_server 192.168.89.6) ---LAN--- (pfsense 192.168.88.3)--| ( Internet )---vps_public_ip----(VPS) |--WAN2--public_ip--( )
Here is some screen shots of some of my settings.
-
you just need a port forward on the OpenVPN interface. Probably easier if you have proper routing on your VPS to the internal host on your network so it can just route it in, no need for additional NAT in between.