OpenVPN client port forwarding magic



  • i set up a client by creating an interface called VPNclient on ovpnc2 without rules and enabling manual outbound nat.
    vpn provider forwarded port 3333 on their side, when i forward a VPNclient:3333 to pfsense:22 (ssh is enabled) external port checkers say 3333 is closed.

    things i tried:

    • "tcpdump -i ovpnc2" confirms traffic comes in on 3333 when external port checkers runs on the VPNclient ip
      -  a manual pass rule with logging on VPNclient records nothing, however the same rule on OpenVPN interface shows traffic does come through 3333

    what am i missing here?



  • out of ideas. similar problem here https://forum.pfsense.org/index.php/topic=59158.0
    jimp suggested

    Interfaces > (assign), assign the OpenVPN interface (ovpncX) as a new OPT
    Interfaces > OPTx (whatever you just made)
    Enable, set IP type to 'none', save.
    VPN > OpenVPN, edit/save the VPN once to make sure it's reinitialized (needed just this one time right after interface assignment)

    Then just add a port forward as you would on any other WAN.

    this is exactly what i have and it doesnt work

    **i further simplified my testing>>
    pass rule for all traffic on VPNclient and OpenVPN firewall tabs.
    /usr/pbi/iperf-amd64/bin/iperf -s -p 3333 -B VPNclient
    then iperf -c vpn_address -p 3333 using an different external WAN

    tcpdump | grep 3333 shows the traffic does come in on VPNclient but iperf doesn't connect**

    this just boggles my mind, what am i doing wrong here? i would appreciate any suggestion



  • anyone?



  • so.. outbound routing is the problem
    forwarding only works when VPNclient is pfsense's default gateway,
    doesn't work when WAN is default gateway, or when VPNclient is set as the gateway (via firewall rule )for the network where the port is being forwarded

    what can i do to fix this?