Forward port to computer behind Pfsense OpenVPN client.

JCFL · Sep 21, 2014, 10:34 PM

Hello!

I have been trying to set up a VPN tunnel to my VPN provider, and everything seem to work fine except that I can't forward any ports to my workstation.
The problem I am trying to solve by opening a port is to get Spotify to connect to the internet. When I used a OpenVPN client on my computer, everything worked fine and I didn't have to open any ports for Spotify, or any other programme, in Pfsense.

So I have been trying to set up a NAT port forward with "OpenVPN" as my interface and pointing it to my internal IP. Spotify uses port 4070 on 78.31.8.0/21 and 193.182.8.0/21 so I have tried to specify those IP ranges under Destination and choosing network as type.

I have also tried to follow this guide (scroll down) but it didn't work:
http://www.retropixels.org/blog/use-pfsense-to-selectively-route-through-a-vpn

I have attached screenshots showing my firewall outbound NAT, NAT config and OpenVPN rule.

What am I doing wrong? I don't use any other firewall.
Any help would be greatly appreciated. :)

Thanks,
JCFL
![Spotify NAT.png](/public/imported_attachments/1/Spotify NAT.png)
![Spotify NAT.png_thumb](/public/imported_attachments/1/Spotify NAT.png_thumb)
![Spotify OpenVPN.png](/public/imported_attachments/1/Spotify OpenVPN.png)
![Spotify OpenVPN.png_thumb](/public/imported_attachments/1/Spotify OpenVPN.png_thumb)
![firewall NAT.png](/public/imported_attachments/1/firewall NAT.png)
![firewall NAT.png_thumb](/public/imported_attachments/1/firewall NAT.png_thumb)

viragomann · Oct 7, 2014, 9:24 PM

Hello!

Your pfSense will direct the traffic to Spootify networks over VPN if it is established which will not work. You should route this traffic over your WAN gateway.

To do so set an alias for the Spootify networks and set up a pass rule for LAN interface with this alias as destination, go down to advanced settings, click Gateway and choose your WAN gateway to be used by this rule.