Openvpn SITE 2 SITE Portforwarding

monster4000

Hello

Where can i find a complete guide on this?, they only thing i can find is a mess.

JKnott

Why do you need port forwarding? That's normally used with NAT, which you wouldn't likely be using with a VPN.

monster4000

Hello

What i need is example

open a port on site A thats points to a server at siteB

wan > siteA > siteB > server

monster4000

Port forward SiteA
0_1536271505052_Portforward siteA.png

Openvpn interface siteA
0_1536271579054_Openvpn interface SITEA.png
Firewall rule siteA

0_1536271658164_Firewall rule siteA.png

Openvpn interface siteB
0_1536271721378_Openvpn interface siteB.png

Firewall rule siteB
0_1536271808295_Firewall rule siteB.png

I hope it helps

monster4000

Okay tested some more, as soon as i enable the interfaces for the wanvpn the tunnel dies cant ping across it

Derelict

You have to bounce the OpenVPN tunnel after you assign the interface. This is said everywhere that talks about assigning interfaces to OpenVPN tunnels.

What rules are on the OpenVPN tab next to WANWPN?

I assume that is the side of the tunnel where the target server is homed and LAN there is 10.0.0.0/24?

monster4000

Hey

there is no rules in the openvpn tab on both sites

Lan at the siteB (client) is 10.0.0.0/24 i want to open port 8006 on 10.0.0.2
Lan at siteA (server) is 10.8.10.0/24

both sites got an ip in the interface tap after i restarted openvpn.

Derelict

Then you probably need to check on the server why it is not responding. Looks like everything is in place that needs to be (assuming there really are no rules on the OpenVPN tab at Site B).

Attempt a connection then do Diagnostics > States on the Site B side and filter on 8006. What do you see?

Packet capture on Site B LAN filtering on address 10.0.0.2 and port 8006 and attempt a connection. What do you see?

What do the server logs on 10.0.0.2 say?

The LAN network at Site A is not a party to this traffic.

monster4000

monster4000

But i should still be able to reach site A from site B aka ping 10.8.10.1 form 10.0.0.1 right?

nevermind that works

Reply from 10.8.10.1: bytes=32 time=23ms TTL=63
Reply from 10.8.10.1: bytes=32 time=22ms TTL=63
Reply from 10.8.10.1: bytes=32 time=23ms TTL=63
Reply from 10.8.10.1: bytes=32 time=23ms TTL=63
Reply from 10.8.10.1: bytes=32 time=22ms TTL=63
Reply from 10.8.10.1: bytes=32 time=22ms TTL=63
Reply from 10.8.10.1: bytes=32 time=23ms TTL=63
Reply from 10.8.10.1: bytes=32 time=22ms TTL=63
Reply from 10.8.10.1: bytes=32 time=24ms TTL=63
Reply from 10.8.10.1: bytes=32 time=22ms TTL=63
Reply from 10.8.10.1: bytes=32 time=23ms TTL=63
Reply from 10.8.10.1: bytes=32 time=23ms TTL=63
Reply from 10.8.10.1: bytes=32 time=22ms TTL=63

monster4000

GOT IT WORKING!!!!

before i was trying from my desktop located at 10.0.0.204 that did not work, then i took my laptop and connected to my phone hotspot and boom there was connection

lets say i setup a mail server port 25, now i know to get incoming stuff but what about outgoing via vpn?

Derelict

You would have to policy route those connections on the local interface out the OpenVPN gateway and the other side would need to perform Outbound NAT for that traffic out its internet connection.

monster4000

Okay

So a firewall rule on siteB?
And outbound nat siteA?

monster4000

From what i can Google
Make firewall rule with source 10.0.0.2 port 25 and under the Advance tap select the VPN GW? Right?

monster4000

Do anyone know how i should do this?

monster4000

Hello

okay i got it working now :)