Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forward through OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      m1001101
      last edited by

      Hi guys, I've a problem with port forard on pfsense.
      See my network in attached scheme.

      I have 2 LAN, Home (192.168.10.x) and Museum (192.168.11.x);

      In Home LAN I have pfsense box configured as OpenVPN Server (works perfectly);

      In Museum LAN there is a server that connect via OpenVPN (client) to Home LAN through net 10.10.0.x/24(works perfectly), i can connect via ssh and all services from Home LAN to Museum LAN Server (Static OpenVPN IP 10.10.0.204), and reverse situation works great.

      Now I need to forward 1 service from Museum LAN server to Internet on port 24356 TCP, so I've setup a port forward and relative firewall rule in my Home LAN pfsense to forward all traffic inbound from port 24356 to same port at ip 10.10.0.204 (Museum LAN Server OpenVPN IP).

      But not work.

      I've flag the option "Force all client generated traffic through the tunnel" in client specific overrides, and check with traceroute: full working, packets originated from Museum LAN Server go though VPN tunnel, to Home LAN Gateway and on Inernet without problems.

      I can't understand why the port forward rule don't work like other rules for Home LAN services.

      Suggestions?

      Thanks

      ![MCS - Page 1.png](/public/imported_attachments/1/MCS - Page 1.png)
      ![MCS - Page 1.png_thumb](/public/imported_attachments/1/MCS - Page 1.png_thumb)

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Have you already set an outbound NAT rule on the home firewall for packet coming from the server?

        1 Reply Last reply Reply Quote 0
        • M
          m1001101
          last edited by

          No, because Museum Server reach Internet through VPN without problems.

          Now I tryed with outbound nat rule:

          interface: oVPN
          protocol: TCP
          source: 10.10.0.0/24 24356 (oVPN Net)
          destination: Any 24356

          Translation
          Address: interface address
          port range: static port flagged

          But doesn't work

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You shouldn't need a port forward since there is no NAT.

            Just tell the Museum host to connect to 10.10.0.204:24356

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              m1001101
              last edited by

              OK Solved!

              I've flag the option "Force all client generated traffic through the tunnel" in client specific overrides, this time worked perfectly!

              Thanks to all!!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.