OpenVPN: Log and port forward question
-
http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F
I suppose you setup your FritzBox to allow all ports to pfsense (DMZ Host" or "Unrestricted host":
pfsense:
firewall –> NAT --> PortForward
Protocol: UDP (or whatever)
Interface: WAN
Source IP: any (this is the IP of any computer on the internet - almost always any)
Source-Port: any (this is the Port of a computer on the internet - almost always any)
Destination-IP: WAN address (this is your pfsense WAN address because the FritzBox forwarded this traffic already)
Destination-Port: 12345 (the port your media server listen to)
Redirect-IP: 192.168.100.20 (the LAN IP address of your media server on your LAN)
Redirect-Port: 12345 (the port your media server listen to)This NAT rule can automatically create a firewall rule for this portforwarding what I would suggest.
Then check that this firewall rule is placed on top of all other rules on your pfsense WAN interface.Remember:
Outgoing traffic - from your LAN to www - will be done by your LAN firewall rules. You pointed it to your VPNGW. That is ok.
Incoming traffic will probably come from somewhere on the www and connects to your WAN interface - your original IP. So you must set Firewall rules on the WAN interface.So even if you blocked outgoing traffic to user your original WAN connection it is possible to get incoming connections through this IP.
But make sure that the connection to your media server on the web is encrypted and password protected. In such cases I would suggest to install an OpenVPN Server on pfsense and then connect from the www to your LAN/media server through this VPN tunnel. OpenVPN clients are available for Windows, Linux, Unis, Android, iOS, MacOS X -
Hi,
this is my current workaround, and it seems to work fine, but I want to route all traffic trough the tunnel. In and Out.
Sadly, with this setup, the traffic is not routed trough the VPN.
-
Then you probably have to do PortForwarding on the OpenVPN interface.
Anf of course the client on the internet which should connect to the media server needs to connect to the VPNs IP address.So it is the same as on WAN but you need to use the VPNs interface and IP address and so on.
-
Like this ?
Does not seem to work. Need to check it a bit later from home to see if the IP has changed, but I can't access the Server trough the Tunnel.
-
I never configured such a scenarion but in general it looks ok.
When copnnecting to the media server. Did you use the VPNs public IP?
And perhaps configured on the "wrong" VPN interface. Not sure which tab is the correct one. -
This did not do it, and yes I'm using the VPN's public IP.
I did one port forward for every Interface, so this should work now. -
I think I got it together. Will need to check tomorrow.
Issue was that the VPN server I was connected to did not had Port Forwarding enabled. Seems I had the wrong IP :(
-
@Satras:
I think I got it together. Will need to check tomorrow.
Issue was that the VPN server I was connected to did not had Port Forwarding enabled. Seems I had the wrong IP :(
So did you need to enable portforwarduing on OpenVPN interface on pfsense or just on the foreign VPN?
-
This is how I did it now.
I might be able to remove the forward on the OpenVPN Adapter I guess, just need to do some more tests with this.
Thank you very much for helping me with this.
Edit:
I did some cleanup. Only the 3rd rule was needed. -
Thank you for your feedback :)