Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwards stop working when VPN is connected

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 517 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geeksquad66
      last edited by

      I'm having an issue where my Port forwards through NAT have been working for several years now. I used to use an openVPN client to protect some internal IP addresses however not all. I just switch VPN providers and as such re-setup my OpenVPN client. I have found that the all my NAT and port forwards stop working when I start my OpenVPN but immediately start working if I stop the VPN. I've been going through the setup for weeks and am getting frustrated and hoping that you may be able to tell me where I'm going wrong. I've also tested to see if maybe the port forwards were working just through the VPN public IP and that doesn't seem to be the case. I'll see if I can show my setup below. Any help you can offer is greatly appreciated.
      0_1540316896006_InboundNAT.PNG
      0_1540316979542_OutboundNAT.PNG
      0_1540317362484_WANRules.PNG
      0_1540317464236_LANRules.PNG
      0_1540319937085_OpenVPN.PNG
      0_1540319828859_OPENVPN2.PNG
      0_1540320075841_BuckeyeGateway.PNG
      0_1540320092301_PIAEast.PNG

      1 Reply Last reply Reply Quote 1
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by Derelict

        You have no upstream gateway on your WAN interface so you are not getting reply-to.

        You do not have Don't pull routes checked in your OpenVPN setup so the VPN provider is pushing you a default route.

        Therefore, connections are coming into WAN, hitting the server after NAT, but replies are going out OpenVPN.

        Adding the gateway to the WAN interface will correct the port forwards because those states will then get flagged with reply-to..

        If I was going to policy route certain hosts out the OpenVPN I would also check Don't pull routes.

        And, in case anyone is wondering, this is how you provide the necessary screen shots.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        G 1 Reply Last reply Reply Quote 0
        • G
          geeksquad66 @Derelict
          last edited by

          @derelict You are a genius dear sire. I couldn't for the life of me find that problem. Thank you.

          1 Reply Last reply Reply Quote 0
          • G
            gtapro151
            last edited by

            I am having an issue similar to this. upnp does not seem to function right with the openvpn. What solved this?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.