Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SimpleNetwork
      last edited by

      Hi Guys,

      I am playing around with openvpn and I noticed something strange.

      When I setup the vpn through port 443 on my pfsense box, on my personal computer I noticed a lot of strange inbound connection attempts in the security logs only on 443. I have auditing turned on for failed connections and there were about 50 attempts on this port only. After I deleted the port forward rules the OpenVPN wizard made, these attempts went away.

      I am going to run this experiment again later this week to confirm these attempts are related to the firewall rule.

      How does this make sense? Wouldn't my pfsense box only need 443 open on it's wan port to authenticate the VPN? Why does it actually pass through to my LAN? I don't mind people scanning and messing with my wan side open port as much as getting through to the LAN and scanning my machines.

      Is there a way to configure this better so that people aren't trying to connect to my pcs?

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        After I deleted the port forward rules the OpenVPN wizard made, these attempts went away.

        The Wizard should not have made (nor do you need) any Port Forward rules to allow OpenVPN working on port 443.

        What you do need is a Firewall rule on the WAN interface allowing in traffic bound for port 443 destined for the WAN address (either TCP or UDP depending on your OpenVPN server).

        If you have a Port Forward rule as well, something is not right.

        -jfp

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          The openvpn wizard does not create a port forward, it does create a rule on your wan for the port you use for that vpn instance.

          How would a port forward to your pfsense lan IP allow for scanning of your "machines"  even if you did create the forward..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.