redirect external port to openvpn IP client device

frank451 · Jul 27, 2018, 11:12 AM

still struggling with this.

can anyone give me an example?

I had already assigned the VPN Connection to a new interface. Tried doing a NAT rule to the VPN address. Do i use the source address as WAN still? Tried different variants and creating just rules and not NAT to no avail.

Cant understand why it aint working, as i had it working on an old installation.

I have allow all on the VPN interface rules

Hope some one can help as going on honeymoon soon in our campervan and need to port forward from my Work IP to the VPN in the camper.

Cheers

Derelict · Jul 27, 2018, 11:21 AM

The traffic CANNOT match rules on the OpenVPN tab. It must ONLY match on the assigned interface tab else you won't get reply-to.

When I do this stuff I just delete or disable all the rules on the OpenVPN tab and only use rules on assigned interfaces.

frank451 · Jul 27, 2018, 11:27 AM

@derelict thanks for your prompt response again.

I'm just not getting it :-) :-( Back to basics if you could assist?

I have the following.
Interfaces -
WAN, LAN, OPT1(VPN) all enabled.
Firewall
WAN (Standard + any NAT port forwards listed to my local PFSense LAN)
OPT1(VPN)
Allow All - Does this rule need removing?

Now to the the rule
Do i create a NAT rule, or just put a standard rule in one of the interfaces under the firewall?

My EXT IP ---> ???? ---> 192.168.7.200 (on the VPN)
Internal LAN is 192.168.5.xxx

Hope you can assist

cheers

Derelict · Jul 27, 2018, 11:27 AM

None of that makes any sense to me.

Derelict · Jul 27, 2018, 11:29 AM

Use this diagram to describe your problem. Please be specific.

frank451 · Jul 27, 2018, 11:36 AM

Ta, i'll do my best.

So...
OpenVPN Remote Access (SitetoSite) (In my case 192.168.7.0/24)
WAN IP 88.x.x.x (ISP Address)
PFsenseA (internal LAN 192.168.5.254/24)

What i need to achieve is when i enter http://88.x.x.x:18990 in web browser it wil then direct the incoming traffic request to 192.168.7.200 (device on the sitetosite connection)

I can communicate with all devices across all subnets from and to any VPN and from and to VPN - VPN (other connections), so traffice wise everything is right, i just can get the port 18990 forwarded to a vpn deivce end point from my PfsenseA WAN IP

Hope that helps

Derelict · Jul 27, 2018, 12:02 PM

Please just describe your problem as if the scheme presented is your network. I don't know wtf http://88.x.x.x:18990 is.

frank451 · Jul 27, 2018, 12:17 PM

Device on internet connection be it a PC or mobile device inputs the http request to WANIP port 18990 to pfsenseA
PFsenseA then says ohhhhh that needs to go over the openvpn tunnel to the end device 192.168.7.200:18990

I dont think i can put it any clearer than that.
see image

Derelict · Jul 27, 2018, 12:30 PM

So the 4G LTE router will need to know to send the reply traffic back out the OpenVPN tunnel instead of its default gateway. This is all handled there. Nothing pfSense A can do about it.

You might be able to use Outbound NAT to work around it. But that would involve accurately describing the problem first.

frank451 · Jul 27, 2018, 12:35 PM

@derelict ta, i will have another play. Although i didnt make any changes in the 4G router last time i had it working, although last time it was an Asus router with 4G dongle in. This time its Teltonika 4G router, so things could well be different.

thanks again