Trying to port forward to a Hyper-V appliance
Just for fun, I set up an OpenVPN Access Server appliance on Hyper-V. It's on a 24/7 home server I use for miscellaneous things. I tested it locally, LAN to LAN, and it connects. My problem seems to be I can't get to it over the WAN and connect.
(I have 3 perfectly good OpenVPN servers on my pfSense router - 1 tun, 1 tap, and 1 tun passthrough only. They will remain my goto VPN servers. This other thing is a personal project for fun.)
I tried all manner of port forward and/or firewall entries to get to my local device but the connection script fails on hard reset.
I'm pretty sure it's not getting past the router. I modified the connection script to use the local device ip rather than my DDNS entry for the test. It worked fine.
At this point, I decided to ask for help. I assume the fact it's an OpenVPN Access Server is immaterial. I just can't get past the router to a specific LAN device (192.168.23.226) using a specific port (1191).
EDIT a few hours later:
I figured it out. A YouTube video that connected to Remote Desktop over the WAN was a good example. I must have been dancing around the correct configuration above. It's really very easy.
I modified the connection script to use the local device ip rather than my DDNS entry for the test. It worked fine.
Did you try to connect to the OpenVPN using your DDNS address from within your LAN?
I'm pretty sure it's not getting past the router.
You can easily check that with the packet capture tool on pfSense. Sniff on the LAN interface filtering the port you're using for that VPN while you try to connect from outside.
Thank you for the reply.
I connected when the ovpn file went to 192.168.23.226. Changing that to my DDNS caused it to fail.
Thus, the server works, it's getting past the router that I can't make work. As I said, port forwards and/or firewall rules in all manner of combinations did not work. All connection attempts ended in a 'hard reset'.
No, I did not try any sniffers as I don't know how to use them. Besides, there's nothing to sniff.
I'm assuming the objective I want to achieve is no different than someone trying to get through pfSense and into a server for any other purpose. I've done that before on several occasions using simpler routers. A simple port forward worked in those cases.
Also, I forgot to mention, I used my cell phone as a hot spot to simulate trying to get in from out of the home. I used the verizon nework.