Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client port forwarding magic

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jimsw
      last edited by

      i set up a client by creating an interface called VPNclient on ovpnc2 without rules and enabling manual outbound nat.
      vpn provider forwarded port 3333 on their side, when i forward a VPNclient:3333 to pfsense:22 (ssh is enabled) external port checkers say 3333 is closed.

      things i tried:

      • "tcpdump -i ovpnc2" confirms traffic comes in on 3333 when external port checkers runs on the VPNclient ip
        -  a manual pass rule with logging on VPNclient records nothing, however the same rule on OpenVPN interface shows traffic does come through 3333

      what am i missing here?

      1 Reply Last reply Reply Quote 0
      • J
        jimsw
        last edited by

        out of ideas. similar problem here https://forum.pfsense.org/index.php/topic=59158.0
        jimp suggested

        Interfaces > (assign), assign the OpenVPN interface (ovpncX) as a new OPT
        Interfaces > OPTx (whatever you just made)
        Enable, set IP type to 'none', save.
        VPN > OpenVPN, edit/save the VPN once to make sure it's reinitialized (needed just this one time right after interface assignment)

        Then just add a port forward as you would on any other WAN.

        this is exactly what i have and it doesnt work

        **i further simplified my testing>>
        pass rule for all traffic on VPNclient and OpenVPN firewall tabs.
        /usr/pbi/iperf-amd64/bin/iperf -s -p 3333 -B VPNclient
        then iperf -c vpn_address -p 3333 using an different external WAN

        tcpdump | grep 3333 shows the traffic does come in on VPNclient but iperf doesn't connect**

        this just boggles my mind, what am i doing wrong here? i would appreciate any suggestion

        1 Reply Last reply Reply Quote 0
        • J
          jimsw
          last edited by

          anyone?

          1 Reply Last reply Reply Quote 0
          • J
            jimsw
            last edited by

            so.. outbound routing is the problem
            forwarding only works when VPNclient is pfsense's default gateway,
            doesn't work when WAN is default gateway, or when VPNclient is set as the gateway (via firewall rule )for the network where the port is being forwarded

            what can i do to fix this?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.