Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Another wierd routing issue. Adding an OpenVPN Server breaks port forwarding on another WAN Link.

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 214 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JustConfused
      last edited by

      First the obliagtory diagram
      54437f55-cfb0-4798-8cc7-5d1717c2a780-image.png
      I use PBR to push some hosts down the VPN link, whilst other traffic uses the LAN.
      On the WAN link I set a port forward from 10258 to 31 to a test PC that is off the encrypted_machine group. I have a telnet server on port 31 set up on this machine. The external host can see this server.

      I am using AirVPN, which support port forwarding. So I forward Port 10258 on AirVPN to port 31. On the firewall I then forward port 31 though to host TestVPC2 which is on the encrypted group. The external server can get access via "telnet airvpn.org IP 10258" - this works

      However, if I add a VPN server (Open VPN, Port 1194 on WAN). I use a completely unused IP range for the tunnel with access to 192.168.38.0

      And this stops the port forwarding on the AirVPN Interface!!
      Removing the rule on the OpenVPN returns the port forward to success

      Now the question is can I repeat this. Yes. I created a new VPN Server (using old certs) and the port forward now fails again.
      I know that removing the server and rules fixes things - but what happens if I split that down

      Disable OpenVPN Server - Telnet does not work - re-enable
      Disable OpenVPN rule (incoming on OpenVPN Interface) - telnet works - re-enable (and does not work)
      Disable OpenVPN rule (oncoming on WAN Interface) - telnet fails - re-enable

      Looking at the rule (incoming on OpenVPN) its kinda all encompassing - but there is nothing wrong with it that I can see
      cb5e7274-c866-4734-8769-2443a169e207-image.png
      44b93446-5276-4a07-aee4-e4ba622abda3-image.png

      Have I found a bug?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.