OpenVPN client port forwarding magic
-
i set up a client by creating an interface called VPNclient on ovpnc2 without rules and enabling manual outbound nat.
vpn provider forwarded port 3333 on their side, when i forward a VPNclient:3333 to pfsense:22 (ssh is enabled) external port checkers say 3333 is closed.things i tried:
- "tcpdump -i ovpnc2" confirms traffic comes in on 3333 when external port checkers runs on the VPNclient ip
- a manual pass rule with logging on VPNclient records nothing, however the same rule on OpenVPN interface shows traffic does come through 3333
what am i missing here?
- "tcpdump -i ovpnc2" confirms traffic comes in on 3333 when external port checkers runs on the VPNclient ip
-
out of ideas. similar problem here https://forum.pfsense.org/index.php/topic=59158.0
jimp suggestedInterfaces > (assign), assign the OpenVPN interface (ovpncX) as a new OPT
Interfaces > OPTx (whatever you just made)
Enable, set IP type to 'none', save.
VPN > OpenVPN, edit/save the VPN once to make sure it's reinitialized (needed just this one time right after interface assignment)Then just add a port forward as you would on any other WAN.
this is exactly what i have and it doesnt work
**i further simplified my testing>>
pass rule for all traffic on VPNclient and OpenVPN firewall tabs.
/usr/pbi/iperf-amd64/bin/iperf -s -p 3333 -B VPNclient
then iperf -c vpn_address -p 3333 using an different external WANtcpdump | grep 3333 shows the traffic does come in on VPNclient but iperf doesn't connect**
this just boggles my mind, what am i doing wrong here? i would appreciate any suggestion
-
anyone?
-
so.. outbound routing is the problem
forwarding only works when VPNclient is pfsense's default gateway,
doesn't work when WAN is default gateway, or when VPNclient is set as the gateway (via firewall rule )for the network where the port is being forwardedwhat can i do to fix this?