Portforwarding for openvpn don´t work for pfsense2.0-RC1

  • Hi,

    we use three firewalls for a loadbalancing:

    PFSENSE1.2.3 as the load balancer connected to two firewalls: one of them are a pfsense2.0-RC1

    I followed the guide line:

    at point:
    "OpenVPN hinter einem bestehenden NAT Router betreiben"

    so the first router ist a pfsense2.0-rc1

    i tried to nat port 1195 to the secound router, which is a pfsense1.2.3

    i can´t reach the openvpn server at the pfsense1.2.3 on port 1195.

    all netsettings are correct - no mis match in networks.

    the pfsense1.2.3 is set up as a load balancer. so i have two other routers in front of this box - as i mentioned bevor: one of them is the pfsense2.0.
    when i connect to the openvpn-server on the pfsense1.2.3 from the other router (it is a endian) in front with protforwarding on the router, everything is working fine.
    So in my eyes the firewall rules for accepting incoming traffic, which i set on the pfsense1.2.3, are correct.
    Both rules (for accepting incoming trafic on port 1195)  are identical, without source adress :-)

    can anybody tell me how to set up nat on the pfsense2.0-rc1 that there is a correct forwarding of all WAN-connections on port 1195 to the openvpn-server on the pfsense1.2.3???

    here is my nat-conf a the moment - see attached picture nat.jpg

    Thanks for all hints and tips and helpings
    kindest regards

    additional information for nat-pic ist the ip-address of the pfsense1.2.3 interface is the ip-address of the pfsense2.0-RC1

  • Rebel Alliance Developer Netgate

    You most likely do not want to specify source ports on there.

    NAT works fine, NAT for OpenVPN works fine (it's just a single UDP port…) so if it doesn't work, something isn't matching your rules.

  • Hi,

    as i said: It doesn´t work in my environment….

    here are my rules, maybe there are mistakes in: so Please tell me, what to change

    on the forwarding box:

    nat195forward.jpg  IP-Adress on the lan-IF: .... connected to pfsenseloadbalancer:

    on the loadbalancer

    the working line wan  (Endianbox

    wan.jpg and wan_detail.jpg

    the not working line wan2  (PFSENSE2-RC1

    wan2.jpg and wan_detail2.jpg

    Please help me

    I´ve got the message, that my jpg´s are to big. Is there any public space available to upoad them? Sorry i haven´t this option.

    kind regards

  • As jimp said: Don't specify a source port.

  • hi,

    please explain that… "Don't specify a source port."

    I only want to forward the 1195 vpn port - nothing else....

    And in the manual it is descripted like i set up the rule

    Thank you for your explanation


  • This guide is based on 1.2.3
    In 1.2.3 there wasn't an option to specify in NAT rules a source.
    What the guide is refering to, are the "external" and "internal" port.

    In relation to the screenshot you posted:
    The "Dest. ports" and "NAT ports" should be 1195, but the "Src. ports" should be any.

Log in to reply