4. OpenVPN, NAT redirect WAN site how ?

OpenVPN, NAT redirect WAN site how ?

  • S

    Hi all,
    ist this possible on pfsense ?

    example on linux:
    iptables -t nat -A PREROUTING -p udp –dport 53 -j REDIRECT --to-ports 1194
    iptables -t nat -A PREROUTING -p udp --dport 21 -j REDIRECT --to-ports 1194

    incoming WAN udp ports redirect to the internal openvpn Server, should this work on pfsense (with pf rules) ?

    thx for any help here.

    0
  • M

    Yes, can be done with NAT, and does work.

    Setup regular openvpn connection, in your choice of flavour.

    Additional changes…
    client - change port to alternate chosen 53, 21 etc, ie not 1194

    server - if 53, set DNS Resolver/Forwarder to not listen on WAN, by selecting only LAN, OPT, localhost etc

    server - firewall / NAT / Port forward
      interface WAN, protocol UDP, destination WAN address, destination port 53 (or 21 etc), redirect target IP x.x.x.x (WAN actual address, or an alias of it,  but not localhost), target port 1194

    vpn then connects., or at least in my lab it does. YMMV.

    Not sure how it would work with dynamic public IP on server side.

    Now you can vpn from places that block most outbound ports, but allow common ports like 53 , 80 etc, or to make it less obvious you are using vpn.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy