Newbie: Forward a Single Port Over Tunnel, Linux Host on the Other Side
-
I've got my own client/server TCP application. It's not clear to me how I set up an encrypted tunnel for a single port within PFSense. My goal is to be able to have a port on the firewall that forwards tcp traffic over an encrypted tunnel. All other traffic should stay off the tunnel. Per the title, the other end is a Linux host.
I've done this in the past with stunnel between two hosts, but I'm getting some political pressure to "use a vpn." ::)
There are a few too many options under VPN. I need help picking the right tool for the job. I can figure it out from there.
Thanks in advance.
-
Hi,
With IPsec the easiest solution is filter by port in transport mode. A Linux host with Strongswan or Libreswan supports it. However I think the Pfsense GUI doesn't support that setting yet (I would need it also).
So you could create a GRE tunnel over an IPsec tunnel and forward that port to/from the GRE tunnel interface. For example with a rule in your LAN which that remote port would translated (NAT) to the GRE tunnel IP.