Problem port forwarding OpenVPN
-
I'm trying to set up an openvpn client and server. I have two LANs with separate WAN connections. The client is in one LAN and the server is in the other. I set up a rule to port forward the incoming connection to the pc running the server. It's not working, because the incoming port number is a random number. It keeps getting blocked by the firewall. I have the client configured with lport 1194 and bind. I verified using netstat -anon udp on the the client that it's using port 1194. Despite this, the incoming port is a random number which changes each time the client restarts after failing to connect. I don't understand why this is happening. Is pfsense on the client network re-mapping the port? If so why and how can I stop this from happening so the port forwarding rule will work?
-
Anyone? I'm really stumped by this.
-
I don't get why you are messing about with the local port on the client. Do you have a source port set on your NAT rule on the server side or something?
That is almost never correct. Source port should be left blank.
-
I'm trying to set up a port forwarding rule so the client will reach the server. It's getting blocked, presumably because the port number keeps changing.
-
That's why the source port on your port forward needs to be any.
Specify the source port or port range for this rule. This is usually random and almost never equal to the destination port range (and should usually be 'any'). The 'to' field may be left empty if only filtering a single port.
https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
That's why the source port on your port forward needs to be any.
Specify the source port or port range for this rule. This is usually random and almost never equal to the destination port range (and should usually be 'any'). The 'to' field may be left empty if only filtering a single port.
https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
Okay, I have not set the source port. The rule is configured similarly to other port forwarding rules which are working. The destination is WAN with the destination port range being "openvpn" The redirect target ip and port is the ip address of the particular host and "openvpn. As I said, I have other port forwarding rules configured and they are working. In the case of this rule, it's being blocked by the firewall.
-
I noticed another thread called Source port rewriting, https://forum.pfsense.org/index.php?topic=118458.0. This sounds like the cause of the problem.
-
The source port of an OpenVPN client connection does not matter! (Unless the rule on the server says it matters, which is not the default and not the way it should be configured.)
Post the firewall rule, the port forward, and the logs showing it being blocked.
-
Here are some screen captures.
The incoming port number changes every time the client restarts after failing to connect.
 -
Dude, your firewall rule is disabled. That's why it's grayed out / translucent. Uncheck the Disable this rule checkbox.
-
Dude, your firewall rule is disabled. That's why it's grayed out / translucent. Uncheck the Disable this rule checkbox.
ARRRGGGGHHH! That was the problem. I thought it was grayed out because it was automatically created.
Thanks!
