Port Forward to OpenVPN Road Warrior [SOLVED]



  • Hi Guys

    I have a pfSense 2.02 setup with a Roadwarrior OpenVPN server. I have staff members at home connecting to the pf router via OpenVPN GUI.

    What I would like to do is port forward some traffic coming in on the WAN interface of my pf router to my staff members OpenVPN ip address they get when they log in.

    I've setup a NAT Port forward Rule like this

    WAN TCP * * WAN address 5509 192.168.2.9 5509

    Where 192.168.2.9 is the IP given to the staff member at home when they connect to the VPN.

    I also have a rule on the WAN interface like this.

    TCP * * 192.168.2.9 5509 * none

    I was hoping it was going to be as simple as adding these two rules but it appears not to be working. Can some one tell me if this is even possible?

    Thanks

    Wasca



  • I suspect that the replying will be a problem. The service listening at 192.168.2.9:5509 will receive packets with a translated destination address (192.168.2.9 - itself, of course), but the source address will be the real public IP that the packet came from. When the service replies, it will be routed back out the staff members local LAN/WAN/internet connection, not back across the OpenVPN and through your pfSense. The pfSense state table won't see the packets in the reply direction, and the thing that receives the reply will not be expecting it to come from the staff member's local IP.
    To test, you could turn on "Redirect Gateway-Force all client generated traffic through the tunnel." That should make everything go in/out of pfSense.
    Then work out how to just send back the reply traffic from your port-forwarded connection across the VPN :)



  • Hi Phil

    Just wanted to say thanks for your reply. I set the VPN connection to force all traffic over the VPN and the Port Forward worked.

    Thanks again for your advice.

    Wasca


Log in to reply