4. Portforwarding for openvpn don´t work for pfsense2.0-RC1

Portforwarding for openvpn don´t work for pfsense2.0-RC1

  • S

    Hi,

    we use three firewalls for a loadbalancing:

    PFSENSE1.2.3 as the load balancer connected to two firewalls: one of them are a pfsense2.0-RC1

    I followed the guide line:
    http://www.benutzer.de/OpenVPN_Server_installieren_auf_DD-WRT_Router_oder_pfSense_Firewall.html

    at point:
    "OpenVPN hinter einem bestehenden NAT Router betreiben"

    so the first router ist a pfsense2.0-rc1

    i tried to nat port 1195 to the secound router, which is a pfsense1.2.3

    i can´t reach the openvpn server at the pfsense1.2.3 on port 1195.

    all netsettings are correct - no mis match in networks.

    the pfsense1.2.3 is set up as a load balancer. so i have two other routers in front of this box - as i mentioned bevor: one of them is the pfsense2.0.
    when i connect to the openvpn-server on the pfsense1.2.3 from the other router (it is a endian) in front with protforwarding on the router, everything is working fine.
    So in my eyes the firewall rules for accepting incoming traffic, which i set on the pfsense1.2.3, are correct.
    Both rules (for accepting incoming trafic on port 1195)  are identical, without source adress :-)

    can anybody tell me how to set up nat on the pfsense2.0-rc1 that there is a correct forwarding of all WAN-connections on port 1195 to the openvpn-server on the pfsense1.2.3???

    here is my nat-conf a the moment - see attached picture nat.jpg

    Thanks for all hints and tips and helpings
    kindest regards
    Stef

    additional information for nat-pic
    192.168.20.2 ist the ip-address of the pfsense1.2.3 interface
    192.168.20.1 is the ip-address of the pfsense2.0-RC1

    0
  • Rebel Alliance Developer Netgate

    You most likely do not want to specify source ports on there.

    NAT works fine, NAT for OpenVPN works fine (it's just a single UDP port…) so if it doesn't work, something isn't matching your rules.

    0
  • S

    Hi,

    as i said: It doesn´t work in my environment….

    here are my rules, maybe there are mistakes in: so Please tell me, what to change

    on the forwarding box:

    nat195forward.jpg  IP-Adress on the lan-IF: 192.168.20.1 .... connected to pfsenseloadbalancer: 192.168.20.2

    on the loadbalancer

    the working line wan 192.168.3.2  (Endianbox 192.168.3.1):

    wan.jpg and wan_detail.jpg

    the not working line wan2 192.168.20.2  (PFSENSE2-RC1 192.168.20.1):

    wan2.jpg and wan_detail2.jpg

    Please help me

    I´ve got the message, that my jpg´s are to big. Is there any public space available to upoad them? Sorry i haven´t this option.

    Thanks
    kind regards
    Stef

    0

  • As jimp said: Don't specify a source port.

    0
  • S

    hi,

    please explain that… "Don't specify a source port."

    I only want to forward the 1195 vpn port - nothing else....

    And in the manual it is descripted like i set up the rule

    Thank you for your explanation

    Cheers
    Stef

    0

  • This guide is based on 1.2.3
    In 1.2.3 there wasn't an option to specify in NAT rules a source.
    What the guide is refering to, are the "external" and "internal" port.

    In relation to the screenshot you posted:
    The "Dest. ports" and "NAT ports" should be 1195, but the "Src. ports" should be any.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy