Attempting to port forward with an OpenVPN client [SOLVED]
-
Done and done. I've already made a backup and a full set of screenshots just in case the backup fails somehow I can recreate it manually.
-
http://doc.pfsense.org/Create-OpenVPN-client-to-TUVPNcom.pdf
Start at page 9. Might be some helpful hints…
Im noting that routing seems to work different between using certs and using shared key. I use shared key and it just works. If I try to do the same using certs, I connect fine but can't seem to route.
Im doing some crash coarse stuff right now myself I guess.
-
It's working correctly, following ericab's tutorial. ;D
I want to route internet from address 192.168.1.123 through to the VPN so that if I connect via VPN_IP_Address:Forwarded_port, I am connecting to my home LAN IP 192.168.1.123. I'm just not sure on how to.. exactly..
-
Cool! :)
For your port forward go to Firewall/NAT
create a new Port Forward rule.
Allow any
Allow any port.
Heres one I use for my HTTPS webpage- If you follow my settings (obviously enter your ports and ip) it will build a firewall rules automatically when you click save then apply. :)
-
I'm trying to create a port forward in NAT like you have in your screenshot but I'm not seeing "Rule NAT" under Filter Rule Association.
 -
Use "Create New Associated Filter Rule".
After that if you come back to edit that Rule NAT will be there.
-
Added the rule, using your screenshot as a guide. I'm trying to connect to port 8462 from open internet and it appears closed still.
 -
On your firewall rules page /WAN can you provide a screenshot of that rule? Also on that rule turn on logging. That way if the attempts make it to the firewall they will show up in the system logs.
-
Added the rule, using your screenshot as a guide. I'm trying to connect to port 8462 from open internet and it appears closed still.
Does the server on port 8462 need to be configured to allow connects from the open internet?
-
I did not see an option to enable logging for this specific rule.
Also, wallabybob, yes the server is configured to listen on 8462. I just changed the default RDP port, when I am able to see an open port I can connect via RDP no problem. The port is just not showing as open for the VPN IP:Forwarded Port. :-\
Just to clarify on the last sentence, if I take out the pfSense router and replace it with my old dd-wrt router with 8462 forwarded through the VPN with iptables, the port will show open and I can connect via RDP. So the workstation/server (whatever term you prefer) that I'm trying to connect to is properly configured to accept connections. It seems the problem is definitely in the routing on the pfSense box.
 -
I suspect your firewall rule for port 8462 is wrong but I don't know enough about your configuration. If you re really doing port forwarding (rather than routing) then the destination IP address in an incoming (on the WAN interface) connection to your server won't have a destination IP address = the server address, the destination IP address will probably be the WAN interface IP address.
Further, the destination address in the rule is a private IP address so it will match the first rule and hence will be blocked.
-
I did not see an option to enable logging for this specific rule.
Look at my example above. The arrow points to the logging which is found on the firewall rule.
I suspect your firewall rule for port 8462 is wrong but I don't know enough about your configuration. If you re really doing port forwarding (rather than routing) then the destination IP address in an incoming (on the WAN interface) connection to your server won't have a destination IP address = the server address, the destination IP address will probably be the WAN interface IP address.
Further, the destination address in the rule is a private IP address so it will match the first rule and hence will be blocked.
When you do a port forward- that is the way the associated rule is written by the box. Works here.
-
Ive got a feeling that on your WAN rule that the Gateway needs to be associated with the VPN but logging will help to see if anything is making it.
-
When you do a port forward- that is the way the associated rule is written by the box. Works here.
Yes, you are correct. My mistake
But then, won't first firewall rule on the WAN interface block the (attempted) port forward?
-
When you do a port forward- that is the way the associated rule is written by the box. Works here.
Yes, you are correct. My mistake
But then, won't first firewall rule on the WAN interface block the (attempted) port forward?
I see what your saying.. Doesn't affect me here. I think that means initiated from a private network…
-
Don't do the Port Forward on the WAN, place it on the StrongVPN interface as incoming traffic on the public vpn IP address will 'appear' on your strong VPN interface which is where you also need to place an allow rule.
-
Don't do the Port Forward on the WAN, place it on the StrongVPN interface as incoming traffic on the public vpn IP address will 'appear' on your strong VPN interface which is where you also need to place an allow rule.
Thank you sir, for your time and help!!! The port is now forwarded!!! ;D ;D ;D
Also, thank you to chpalmer and and wallabybob!!!
-
Don't do the Port Forward on the WAN, place it on the StrongVPN interface as incoming traffic on the public vpn IP address will 'appear' on your strong VPN interface which is where you also need to place an allow rule.
Of coarse! ::) (hanging head in shame)
Awsome- glad you got it going! And thanks Thermo! :)
-
Don't do the Port Forward on the WAN, place it on the StrongVPN interface as incoming traffic on the public vpn IP address will 'appear' on your strong VPN interface which is where you also need to place an allow rule.
Of coarse! ::) (hanging head in shame)
You weren't the only one. I thought since the port forward was on the WAN it must be a new problem. Details!
-
The actual interface is the VPN so the rule applies there.
Even though its a WAN connection the VPN passes through it and is therefore encrypted.
