Forwarding a port to an OpenVPN client
I have a pfsense firewall with Internet connection (WAN: 103.53.x.x) acting a firewall (LAN: 192.168.1.1) and an OpenVPN server (10.1.1.1) . One remote OpenVPN client (10.1.1.2) is connecting to it. OpenVPN clients (such as 10.1.1.2) are able to communicate with LAN clients (such as 192.168.1.100) with the setting "IPv4 Local network" in OpenVPN's setttings page.
What I want to do is to forward a port (say, 22) to 10.1.1.2 as if I forward it to 192.168.1.100. What I want to achieve is that I can access ssh at remote client (10.1.1.2) by using pfsense's WAN address (103.53.x.x). The problem is that it just doesn't work...
Is this possible? Are there any special rules that are needed to achieve this?
Are there any special rules that are needed to achieve this?
Not really. Are you sure the target host is listening on 22, that its firewall will pass the traffic, and it is configured to send the reply traffic back out the VPN? To this last point it will almost certainly not work with split tunneling on the client. You will need to enable Force all client-generated IPv4 traffic through the tunnel. and the client will need to honor it.
@Derelict Hi, yes your reply is correct. Basically no extra configurations are needed.
However, there is a caveat: If I enable Force all client-generated IPv4 traffic through the tunnel option and clients rely on DNS service to find the IP of the OpenVPN server, after rebooting my pfsense firewall, all the OpenVPN clients could permanently lose their connections (both VPN and Internet connections).
I end up calling colleagues to reboot all clients physically to re-establish the connection.