Port forwarding help needed from Wolf666
-
You're right. It shound be that simple. If AIRVPN gives me an account and I can mock it up here, then maybe you can file a bug report if you do the same thing and it doesn't work in 2.2.
-
AIRVPN just sent a 3-day coupon to me. I don't want to start the clock until I know you still need help with this. Do you?
-
AIRVPN just sent a 3-day coupon to me. I don't want to start the clock until I know you still need help with this. Do you?
Hi Derelict,
yes I am still not able to make it work, I have started also packet capture and reading output in wireshark.
Again, I confirm you that port forwarding on clear net side (WAN) is working pretty well.
-
"My VPN provider (AIRVPN) offers port forwarding (also a DDNS service), basically offering their public ip and port to redirecting traffic to AIRVPN servers internal address and then go via tunnel to my clients."
so - 1 public IP at the VPN service provider and many potential clients to possibly NAT that 1 port to?
So what if in the highly unlikely (very likely) event that 10 customers all want port 25? or 80? or 443?
Then what?
-
Each customer of AirVPN has 20 port assigned on random basis, it is impossible that 2 customers share the same port.
Ref.: https://airvpn.org/faq/port_forwarding/
BTW that solution has been working for 1 year with my WNDR37000 (openWRT) and R7000 (DD-WRT).
Now, I think my setup in pfSense is conflicting with the bug still open in 2.2Beta, I am using 2 subnets, one dedicated to VPN only, with its dedicated Gateway.
-
That would do it. I was just wondering if there would be some sort of first come first served policy for the ports.
-
Are you using manual outbound NAT?
-
Are you using manual outbound NAT?
Yes.
2 rule:
1 to route LAN to WAN
2 to route VPN (OPT1) to AIRVPN_WANI have also firewall rules consistent with my setup. Everything is working pretty fine, also port forwarding from WAN (clear internet) is working.
-
Lets say just for instance that you have a specific machine on the LAN and you want ALL of its outbound traffic to go out over the VPN.
You could make that happen with manual outbound NAT.
So, as a for instance, if traffic that was forwarded from your VPN into pfsense and onto a server on you LAN and you want outbound traffic to exit on the same interface it came in on, if manual outbound NAT for that machine IP was set to your AIRVPN_WAN instead of your WAN, all the traffic should go out over the VPN. That rule should be at the top.
I've done this with pfsense before but not with 2.2 so seems like it should work, but not sure 100%
If you wish to try, backup your settings first so its easy to go back if you don't like the results.
-
Lets say just for instance that you have a specific machine on the LAN and you want ALL of its outbound traffic to go out over the VPN.
You could make that happen with manual outbound NAT.
So, as a for instance, if traffic that was forwarded from your VPN into pfsense and onto a server on you LAN and you want outbound traffic to exit on the same interface it came in on, if manual outbound NAT for that machine IP was set to your AIRVPN_WAN instead of your WAN, all the traffic should go out over the VPN. That rule should be at the top.
I've done this with pfsense before but not with 2.2 so seems like it should work, but not sure 100%
If you wish to try, backup your settings first so its easy to go back if you don't like the results.
I use manual outbound NAT and it is working, I know there is a bug in 2.2Beta related to routing with several Gateways.
-
Thats quite a bug…
-
Thats quite a bug…
ref:
https://forum.pfsense.org/index.php?topic=80607.0
https://redmine.pfsense.org/issues/3760
-
Ok, problem fixed.
Port Forwarding is working, the problem was definitely that: https://redmine.pfsense.org/issues/3760.
PS
Please MOD you can put a big SOLVED in the title!
