Ребят спасибо за советы, временно отложил эту задачу. Как вернусь к ней сразу отпишусь. Мне пипец как интересно реализовать это :)

So your on-prem Webserver is also running as OpenVPN client which is connected to your gcloud pfSense? You are only running this one pfSense? What is your OpenVPN mode? -Rico

Voila (quelques) infos ... On voit qu'il y a 2 machines qui doivent faire du NAT : le Microtik, situé ente 2 réseaux distincts, le pfsense , situé entre 2 réseaux distincts. Donc double NAT à réaliser, ou plutôt, 2 machines avec chacune son réglage de NAT (Port forward). Certains préfèrent un simple 'modem' (ou bridge) devant pfSense, ainsi pfSense a l'ip publique et il n'y a qu'un réglage de NAT à réaliser. Certaines Box ont une définition de 'dmz' : tout trafic internet en renvoyé (=Port forward) vers le WAN du pfSense, il ne reste que le réglage du pfSense.

If you have only a "private" RFC 1918 address, then you're out of luck. To set up a VPN, you need an address that you can reach from elsewhere. Those private address won't work for that.

@gertjan said in Cannot port forward: "not a valid redirect target port. It must be a port alias or integer between 1 and 65535": @freddyh said in Cannot port forward: "not a valid redirect target port. It must be a port alias or integer between 1 and 65535": The selections made under NAT/Port Forward/Edit; the rest left at pfsense default Interface: WAN Protocol: TCP Destination: WAN Destination port range: 443 Redirect target IP: 192.168.2.100 Strange, your are omitting the "Redirect target port" field. It should be Redirect target port : 443 en then pfSense will accept your NAT rules : [image: 1534259823312-dfbacfd7-24b6-425f-a5c5-dfa51fc730d1-image-resized.png] Gertjan Thanks so much. Problem solved. Its the small things that are overlooked. Its been a crap day solving problems that I didnt even see that one. Appreciated!