TorGuard / Port Forward / Adding VPN



  • So I'm trying to figure out why my port forwarding stops working on my TorGuard VPN once I create a OpenVPN Server.

    My config is as follows:

    • TorGuard Client configured on pfSense
    • Interface configured called TGINT that's my OpenVPN client
    • Port forward setup on 49234 on the TGINT interface routing to a single machine on port 49234
      0_1534258030161_4de02728-f815-4ab7-8eb4-006a9a6fa55b-image.png
    • Outbound NAT setup:
      0_1534257986588_da06d9fe-8b59-4726-b6a7-469411acd1d4-image.png

    I have a test Google compute VM that I test from and everything works great:

    felix@test:~$ telnet someip 49234
    Trying somipe...
    Connected to someip.
    Escape character is '^]'.

    I can see the connections and all works superb.

    I made a back of my working config. I went through and then configured a OpenVPN server, but as soon as I do that, my port forward stops working. I can see the traffic in the rules going through, but I get no connections established.

    I can recreate it each time yet I'm not sure what I'm missing as I would like to have the OpenVPN Server setup as well so I can connect remotely in rather than using SSH.

    Anyone hit similar issues or have suggestions of things to try?


  • Netgate

    I would be sure the traffic on the OpenVPN tab does not match the port forward traffic on the TGINT tab.

    In fact, when you start using assigned interfaces on OpenVPN it is often a good practice to just delete/disable all the rules on the OpenVPN tab and assign interfaces to every OpenVPN instance and put the rules on those interfaces. If all you have is two instances, that is what I would suggest.

    Else you need to avoid pass any/any/any on the OpenVPN tab so you don't match traffic that should be matched by the assigned interface rules.



  • Hmm. I will try to do some testing.

    The only rule on my TGINT firewall is the port forward and nothing else.

    For my LAN rules, I take an IP and instead of using the default gateway, I'm forwarding that over the TGGW. All my traffic goes out perfectly if I add or remove items.

    The port forward breaks specifically when I create the Server VPN and only the 1194 WAN rule and the Outbound NAT portion.

    I have no rules configured on the OpenVPN tab.

    I'll try to assign an interface to the ServerVPN and go from there and see what that does.

    I can see items coming in properly, but the going back out the right spot seems to be the problem but my routing seems to be ok from what I can tell:

    Internet:
    Destination        Gateway            Flags     Netif Expire
    default            100.20.56.1        UGS        igb0
    1.0.0.1            10.37.0.86         UGHS     ovpnc1
    10.37.0.85         link#9             UHS         lo0
    10.37.0.86         link#9             UH       ovpnc1
    100.20.56.0/24     link#1             U          igb0
    100.20.56.128      link#1             UHS         lo0
    127.0.0.1          link#6             UH          lo0
    192.168.1.0/24     link#2             U          igb1
    192.168.1.1        link#2             UHS         lo0
    [2.4.3-RELEASE][admin@phoenix.animosity.us]/root: netstat -rnfinet
    Routing tables
    
    
    After VPN Setup
    
    Internet:
    Destination        Gateway            Flags     Netif Expire
    default            100.20.56.1        UGS        igb0
    1.0.0.1            10.37.0.86         UGHS     ovpnc1
    10.37.0.85         link#9             UHS         lo0
    10.37.0.86         link#9             UH       ovpnc1
    100.20.56.0/24     link#1             U          igb0
    100.20.56.128      link#1             UHS         lo0
    127.0.0.1          link#6             UH          lo0
    192.168.1.0/24     link#2             U          igb1
    192.168.1.1        link#2             UHS         lo0
    192.168.2.0/24     192.168.2.2        UGS      ovpns2
    192.168.2.1        link#10            UHS         lo0
    192.168.2.2        link#10            UH       ovpns2
    


  • So I sent item by item and didn't allow the auto rules to be generated and recreated everything by hand taking your advice and making an interface for the HomeVPN.

    Everything seems to be working now and I kept my port forward so I think somewhere along the way, the auto rules probably did something. I'm afraid to test as it's all working now.

    Thanks for your help and the suggestion as it worked.



  • So one more oddity in the whole process.

    If I reboot, the port forward stops working.

    To get it working again, I simply just re-apply the firewall rules with no changes to them and it works again.

    Is there a way to capture a before / after that would assist in figuring out why it isn't working on the reboot?


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy