Port Forward OpenVPN Site-to-Site

  • Re: Port forwarding into remote VPN Network

    I would like to achieve the same thing described in the post above, but i am not quite able to follow the "instructions" there.
    I have established a Site-to-Site OpenVPN Server Connection between my two pfSense routers. I have assign an interface to the OpenVPN connection on both sides, but i am not able to setup a port forward from WAN on router1 to an IP address in the network of router2.

    Can somebody tell me how to achieve this in detail?
    Currently I have configured a NAT rule on router1 with a port forward (example port 1777) to the OpenVPN Interface on router2 (the OpenVPN IP address). I have then set up another NAT rule on router2 from the OpenVPN interface to the local IP address, but this is not working.

    I am thankful for any help on this!

    Best regards,

  • If the site-to-site VPN is configured correctly, there is no need for a NAT rule on both sides. You can forward packets directly to the destination host on the other site.
    Ensure that the respective remote network is entered at "Remote network/s" in the OpenVPN settings.

    Anyway, both routers have to be the default gateways in their networks.
    Also ensure that the forwarded traffic is permitted by a firewall rule on the destination routers OpenVPN interface.

  • Hi @viragomann,

    you are absolutely correct. After setting up the Site-to-Site VPN correctly everything works fine and as expected.

    But now I am facing some strange behaviour:
    I am hosting some service on the network of router1 (e.g. websites).
    I am not able to reach those services from within the network of router2 when connected to the VPN. The issues is not connected to DNS issues, as the IP's are resolving normal. Any ideas on how to resolve this?

    Best regards,

  • Are the host names resolved to the internal IPs?

    Do the firewall rules allow the access on both sites?

    Are both pfSense, at site 1 and site 2 the default gateway on the source devices and destination devices respectively?

    Do the servers permit access from outside?

  • Thank you for your quick reply.

    I follow this article to setup the tunnel and configured the firewalls according to it.
    The servers are reachable when i disconnect the VPN connection on router2.

    1. The host names are resolving to the external IP of router1.

    2. I have set up the firewalls according to the above article. The servers are reachable when VPN is disconnected.

    3. Yes, as far as I can tell.

    4. Yes, as far as I can tell.

    UPDATE: I am not able to ping the remote external IP of router1 (ICMP timeout). Maybe that's a hint to something....

Log in to reply