Port forward to other site over OpenVPN Client
-
Hi Guys,
I'm struggling with correctly setting up a port forward from site A to a server in site B.
Some info about my config:
Site A :
WAN : 4 public IP's & 1 PPPoE
A.A.A.A, B.B.B.B, C.C.C.C and D.D.D.D
Open VPN Server
Set up of portforward from C.C.C.C to local ip (site B) : 192.168.10.22
Tunnel network : 192.168.123.1Site B :
WAN : 1 PPPoE dynamic IP
OpenVPN Client
Tunnel network : 192.168.123.2
Local subnet : 192.168.10.0/24I need a port forward from site A (C.C.C.C) to site B on IP 192.168.10.22 on port 25.
The server in site B already has a working connection over the VPN, and is already showing as wan ip the address C.C.C.C.
From site A to B telnet on port 25 no problem.
From Any to C.C.C.C:25 is not working, no connection.So i has to do something with the the port translation, can someone help me in the right direction?
With kind regards,
John
-
On site B you have to:
- Assign an interface to the OpenVPN instance
- Ensure the traffic passing the incoming connections to the server does not match the firewall rules on the OpenVPN tab and does match the rules on the assigned interface tab.
In this situation it just makes sense to disable/delete the rules on the OpenVPN tab and put them on the assigned interface tab unless you have multiple OpenVPN instances on that site.
-
@derelict Thanks for the quick response.
I already have on site B an interface for the OpenVPN.
It's not quite clear what you mean about your second sentence. (Not matching of the traffic, because there is already an OpenVPN instance for connecting to site A from anywhere for the mobile clients.With kind regards,
John
-
Right. When the incoming traffic matches that you do not get the benefit of reply-to which will direct replies from the server back out OpenVPN instead of according to the routing table.
So the traffic being port forwarded over the tunnel cannot match those pass rules. It has to be matched by rules on the assigned interface tab instead.
-
@derelict said in Port forward to other site over OpenVPN Client:
Right. When the incoming traffic matches that you do not get the benefit of reply-to which will direct replies from the server back out OpenVPN instead of according to the routing table.
So the traffic being port forwarded over the tunnel cannot match those pass rules. It has to be matched by rules on the assigned interface tab instead.Trying to analyse you response.
You mean the matching rules in site B?
In site A i don't have an interface for that, only on the OpenVPN client.With kind regards,
John
-
Please post the rules on Site B's OpenVPN tab and the assigned interface tab. And please include the private IP address and port of the server at that site that is being forwarded to.
-
@derelict said in Port forward to other site over OpenVPN Client:
And please include the private IP address and port of the server at that site that is being
Hi,
MILIN INTERFACE
Firewall Rules MILIN (site to site VPN)
States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions 1 /52 KiB IPv4 TCP * * * * * noneFirewall Rules OpenVPN (Mobile VPN)
Currently empty (for testing with my site to site vpn, no production at the moment)Port forwarding:
Firewall NATPort Forward
Interface Protocol Source Address Source Ports Dest. Address Dest. Ports NAT IP NAT Ports Description Actions WAN TCP * * C.C.C.C 443 (HTTPS) 192.168.10.22 443 (HTTPS) Toegang tot Mailserver Digiplay WAN TCP * * C.C.C.C 80 (HTTP) 192.168.10.25 80 (HTTP) WAN TCP * * C.C.C.C 25 (SMTP) 192.168.10.22 25 (SMTP) Mailserver Digiplay -
How about screen shots including the tabs. Hard to make sense of that. Reference site A or site B based on your prior description.
It's looking more like a firewall on the server but based on that it's hard to tell.
-
@derelict I got it working.
Idd the Interface needed to have the traffic defined on which the gateway was defined.Thx for the response.
