Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forward OpenVPN Site-to-Site

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 978 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cneu88
      last edited by

      Re: Port forwarding into remote VPN Network

      I would like to achieve the same thing described in the post above, but i am not quite able to follow the "instructions" there.
      I have established a Site-to-Site OpenVPN Server Connection between my two pfSense routers. I have assign an interface to the OpenVPN connection on both sides, but i am not able to setup a port forward from WAN on router1 to an IP address in the network of router2.

      Can somebody tell me how to achieve this in detail?
      Currently I have configured a NAT rule on router1 with a port forward (example port 1777) to the OpenVPN Interface on router2 (the OpenVPN IP address). I have then set up another NAT rule on router2 from the OpenVPN interface to the local IP address, but this is not working.

      I am thankful for any help on this!

      Best regards,
      Christoph

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        If the site-to-site VPN is configured correctly, there is no need for a NAT rule on both sides. You can forward packets directly to the destination host on the other site.
        Ensure that the respective remote network is entered at "Remote network/s" in the OpenVPN settings.

        Anyway, both routers have to be the default gateways in their networks.
        Also ensure that the forwarded traffic is permitted by a firewall rule on the destination routers OpenVPN interface.

        1 Reply Last reply Reply Quote 1
        • C
          cneu88
          last edited by

          Hi @viragomann,

          you are absolutely correct. After setting up the Site-to-Site VPN correctly everything works fine and as expected.

          But now I am facing some strange behaviour:
          I am hosting some service on the network of router1 (e.g. websites).
          I am not able to reach those services from within the network of router2 when connected to the VPN. The issues is not connected to DNS issues, as the IP's are resolving normal. Any ideas on how to resolve this?

          Best regards,
          Christoph

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            Are the host names resolved to the internal IPs?

            Do the firewall rules allow the access on both sites?

            Are both pfSense, at site 1 and site 2 the default gateway on the source devices and destination devices respectively?

            Do the servers permit access from outside?

            1 Reply Last reply Reply Quote 0
            • C
              cneu88
              last edited by cneu88

              Thank you for your quick reply.

              I follow this article to setup the tunnel and configured the firewalls according to it.
              The servers are reachable when i disconnect the VPN connection on router2.

              1. The host names are resolving to the external IP of router1.

              2. I have set up the firewalls according to the above article. The servers are reachable when VPN is disconnected.

              3. Yes, as far as I can tell.

              4. Yes, as far as I can tell.

              UPDATE: I am not able to ping the remote external IP of router1 (ICMP timeout). Maybe that's a hint to something....

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.