Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forwarding a port to an OpenVPN client

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 465 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mamsds
      last edited by mamsds

      Hi everyone!

      I have a pfsense firewall with Internet connection (WAN: 103.53.x.x) acting a firewall (LAN: 192.168.1.1) and an OpenVPN server (10.1.1.1) . One remote OpenVPN client (10.1.1.2) is connecting to it. OpenVPN clients (such as 10.1.1.2) are able to communicate with LAN clients (such as 192.168.1.100) with the setting "IPv4 Local network" in OpenVPN's setttings page.

      What I want to do is to forward a port (say, 22) to 10.1.1.2 as if I forward it to 192.168.1.100. What I want to achieve is that I can access ssh at remote client (10.1.1.2) by using pfsense's WAN address (103.53.x.x). The problem is that it just doesn't work...

      Is this possible? Are there any special rules that are needed to achieve this?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by Derelict

        @mamsds said in Port forward to an OpenVPN client:

        Are there any special rules that are needed to achieve this?

        Not really. Are you sure the target host is listening on 22, that its firewall will pass the traffic, and it is configured to send the reply traffic back out the VPN? To this last point it will almost certainly not work with split tunneling on the client. You will need to enable Force all client-generated IPv4 traffic through the tunnel. and the client will need to honor it.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        M 1 Reply Last reply Reply Quote 0
        • M
          mamsds @Derelict
          last edited by

          @Derelict Hi, yes your reply is correct. Basically no extra configurations are needed.

          However, there is a caveat: If I enable Force all client-generated IPv4 traffic through the tunnel option and clients rely on DNS service to find the IP of the OpenVPN server, after rebooting my pfsense firewall, all the OpenVPN clients could permanently lose their connections (both VPN and Internet connections).

          I end up calling colleagues to reboot all clients physically to re-establish the connection.😂

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.