Port Forwarding

  • Hi, I'm having trouble opening a port with openvpn, is that something you'd like to help me?

    Should have it work until tomorrow, try now several times, start giving up soon, someone who wants to check what I've done wrong.

    2_1538071752072_Rules.PNG 1_1538071752072_port forward.PNG 0_1538071752072_outbound.PNG

  • Not clear what you're trying to achieve with that.
    What vpn connection, a client or a server?

    Obviously you've multiple vpn instances running?
    Provide some more details.

  • @viragomann

    Thanks for your reply.

    I'm trying to open up a couple of ports so I can get dc ++ to work and utorrnet but I can not open the port on vpn.

    I have several vpn but they are turned off.

    That's the client.

  • LAYER 8 Rebel Alliance

    For a OpenVPN Client connection you do not have to open any Ports.


  • Open up ports to what?? To clients which are connected to pfSense or to a server which pfSense connect as a client?

  • LAYER 8 Rebel Alliance

    Okay, so you get traffic routed from your VPN Provider?
    You need to assign your OpenVPN Interface and get your Firewall Rules in place there, I am not sure because your Screenshots are cut on the top, but I think you have the Rules on your WAN Interface which is not the right way to do it.
    And make sure to clear out all Rules in your OpenVPN Group Tab, because this Tab is processed before the Assigned OpenVPN Interfaces. To have Any-Any there could be a very bad idea. 🙃

    Maybe this great Hangout will clear some things up for you: https://www.youtube.com/watch?v=lp3mtR4j3Lw


  • @rico

    Yes, there is little traffic from VPN provider that will go to my dc ++ and utorrent.

    I have looked at that clip, but does he open ports because I could not see it?

    Tell me where you want to see and I send pictures?

  • LAYER 8 Rebel Alliance

    From my memory he is not showing exactly how Port Forwarding from any VPN Provider works, but giving an idea how this stuff generally works (assign/configure VPN Interface, Firewall Rules, and so on).


  • @sweden_cool said in Port Forwarding:

    Yes, there is little traffic from VPN provider that will go to my dc ++ and utorrent.

    If your VPN provider forwards the ports to you it should work with a port forwarding rule on the interface you've assigned to the vpn appropriate client instance.

    But I'm in doubt, you get these ports really forwarded. Just use packet capture from the pfSense Diagnostic menu on the OpenVPN interface group to check that out.

  • @viragomann

    Got this when I tested this with port 60722.


    16:43:50.836144 IP hidden.38.210.36996 > hidden.106.182.60722: tcp 0
    16:43:50.836197 IP hidden.38.210.8440 > hidden.106.166.60722: tcp 0
    16:43:55.057344 IP hidden.98.246.60232 > hidden.38.210.60722: tcp 0
    16:43:56.055547 IP hidden.98.246.60232 > hidden.38.210.60722: tcp 0
    16:43:56.062655 IP hidden.98.246.60236 > hidden.38.210.60722: tcp 0
    16:43:57.058936 IP hidden.98.246.60243 > hidden.38.210.60722: tcp 0
    16:43:57.059579 IP hidden.98.246.60236 > hidden.38.210.60722: tcp 0
    16:43:58.058874 IP hidden.98.246.60243 > hidden.38.210.60722: tcp 0

  • On the OpenVPN interface, not on WAN?
    Which devices to that IPs belong to? Hidden....

    Have your already assigned an interface to the vpn client instance and activated it?

  • @viragomann

    Interface: OVPN_VPN

    18:52:16.939183 IP > tcp 0
    18:52:17.965667 IP > tcp 0
    18:52:18.658740 IP > tcp 0
    18:52:18.964428 IP > tcp 0
    18:52:19.523353 IP > tcp 0
    18:52:19.701724 IP > tcp 0
    18:52:19.946048 IP > tcp 0
    18:52:20.554269 IP > tcp 0
    18:52:20.918101 IP > tcp 0
    18:52:20.967947 IP > tcp 0
    18:52:21.214450 IP > tcp 0
    18:52:21.581429 IP > tcp 0
    18:52:21.654341 IP > tcp 0
    18:52:21.925520 IP > tcp 0
    18:52:22.567468 IP > tcp 0
    18:52:23.597319 IP > tcp 0
    18:52:23.848450 IP > tcp 0
    18:52:23.941114 IP > tcp 0
    18:52:24.341094 IP > tcp 0
    18:52:24.839786 IP > tcp 0
    18:52:24.846481 IP > tcp 0
    18:52:24.972598 IP > tcp 0
    18:52:25.836596 IP > tcp 0
    18:52:25.841382 IP > tcp 0
    18:52:25.946941 IP > tcp 0
    18:52:26.841404 IP > tcp 0
    18:52:27.351544 IP > tcp 0
    18:52:27.660667 IP > tcp 0
    18:52:27.693316 IP > tcp 0
    18:52:28.102717 IP > tcp 0
    18:52:28.299994 IP > tcp 0
    18:52:28.721840 IP > tcp 0
    18:52:29.329428 IP > tcp 0
    18:52:29.642628 IP > tcp 0
    18:52:31.345281 IP > tcp 0


  • is your virtual vpn address, I guess?
    So you should use this one as destination in the port forwarding rule.

    However, the problem which the screenshot shows is the check at "Block private networks..." in the vpn interface settings. Since your clients IP (here obv. is a private one, you must remove that check, otherwise all incoming connections get blocked.

  • @viragomann said in Port Forwarding:

    Here this is what you mean?

    1_1538157157331_port forward2.PNG 0_1538157157331_interface2.PNG

  • Yeah, exactly.

    Does it work now?

  • @viragomann

    I do not work with this to have a test server.

    iperf3.exe -s -p 60722

  • LAYER 8 Netgate

    Set the destination of the NAT translation to OVPN_VPN address.

    Be sure the rules passing the traffic do not match on the OpenVPN Group tab, but do match on the OVPN_VPN tab. The easiest way to be sure is to not have any rules on the OpenVPN tab. Care will have to be taken if you have other OpenVPN servers or clients defined.

    Be sure the default gateway of the host is pfSense.

    Be sure the firewall on, if any, passes traffic from arbitrary sources.


    If you take more packet captures, please do them on the interface the server is on. If you don't see any traffic there, check all of the above again.

Log in to reply