Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Portforwarding for openvpn don´t work for pfsense2.0-RC1

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sjheinz
      last edited by

      Hi,

      we use three firewalls for a loadbalancing:

      PFSENSE1.2.3 as the load balancer connected to two firewalls: one of them are a pfsense2.0-RC1

      I followed the guide line:
      http://www.benutzer.de/OpenVPN_Server_installieren_auf_DD-WRT_Router_oder_pfSense_Firewall.html

      at point:
      "OpenVPN hinter einem bestehenden NAT Router betreiben"

      so the first router ist a pfsense2.0-rc1

      i tried to nat port 1195 to the secound router, which is a pfsense1.2.3

      i can´t reach the openvpn server at the pfsense1.2.3 on port 1195.

      all netsettings are correct - no mis match in networks.

      the pfsense1.2.3 is set up as a load balancer. so i have two other routers in front of this box - as i mentioned bevor: one of them is the pfsense2.0.
      when i connect to the openvpn-server on the pfsense1.2.3 from the other router (it is a endian) in front with protforwarding on the router, everything is working fine.
      So in my eyes the firewall rules for accepting incoming traffic, which i set on the pfsense1.2.3, are correct.
      Both rules (for accepting incoming trafic on port 1195)  are identical, without source adress :-)

      can anybody tell me how to set up nat on the pfsense2.0-rc1 that there is a correct forwarding of all WAN-connections on port 1195 to the openvpn-server on the pfsense1.2.3???

      here is my nat-conf a the moment - see attached picture nat.jpg

      Thanks for all hints and tips and helpings
      kindest regards
      Stef

      additional information for nat-pic
      192.168.20.2 ist the ip-address of the pfsense1.2.3 interface
      192.168.20.1 is the ip-address of the pfsense2.0-RC1
      nat.jpg
      nat.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You most likely do not want to specify source ports on there.

        NAT works fine, NAT for OpenVPN works fine (it's just a single UDP port…) so if it doesn't work, something isn't matching your rules.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          sjheinz
          last edited by

          Hi,

          as i said: It doesn´t work in my environment….

          here are my rules, maybe there are mistakes in: so Please tell me, what to change

          on the forwarding box:

          nat195forward.jpg  IP-Adress on the lan-IF: 192.168.20.1 .... connected to pfsenseloadbalancer: 192.168.20.2

          on the loadbalancer

          the working line wan 192.168.3.2  (Endianbox 192.168.3.1):

          wan.jpg and wan_detail.jpg

          the not working line wan2 192.168.20.2  (PFSENSE2-RC1 192.168.20.1):

          wan2.jpg and wan_detail2.jpg

          Please help me

          I´ve got the message, that my jpg´s are to big. Is there any public space available to upoad them? Sorry i haven´t this option.

          Thanks
          kind regards
          Stef

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            As jimp said: Don't specify a source port.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • S
              sjheinz
              last edited by

              hi,

              please explain that… "Don't specify a source port."

              I only want to forward the 1195 vpn port - nothing else....

              And in the manual it is descripted like i set up the rule

              Thank you for your explanation

              Cheers
              Stef

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                This guide is based on 1.2.3
                In 1.2.3 there wasn't an option to specify in NAT rules a source.
                What the guide is refering to, are the "external" and "internal" port.

                In relation to the screenshot you posted:
                The "Dest. ports" and "NAT ports" should be 1195, but the "Src. ports" should be any.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.