Bypassing OpenVPN - Port Forwarding



  • I have OpenVPN client set up and working using PIA. I also have created an alias of IPs and added a LAN rule to send those IPs to the "default" gateway WAN instead of OPENVPN_CLIENT gateway. This works and the public IP for those alias changes to after applying that rule. My issue, however, is with port forwarding for those clients that bypass the VPN. I have added a port forwarding rule for port 9090 but it will not work if I have OpenVPN client enabled at all. If I disable OpenVPN to PIA connection, I am successfully able to connect to that port outside of my network. It is only after re-enabling OpenVPN, that it stops working again.

    What am I missing? I have played around with every setting I can think of, including NAT Outbound even though I would think it should not change anything in this case.



  • most likely, your openvpn-client forces a new default gateway (the vpn-connection).
    when portforwarding, your reply might go out, through the vpn instead of the WAN.

    try adding  "route-nopull' to your openvpn-client config. assign an interface to your openvpn, create the correct firewall rules. (now you have a proper gateway).



  • I added that option correctly I believe but still no luck.








  • @heper:

    most likely, your openvpn-client forces a new default gateway (the vpn-connection).
    when portforwarding, your reply might go out, through the vpn instead of the WAN.

    try adding  "route-nopull' to your openvpn-client config. assign an interface to your openvpn, create the correct firewall rules. (now you have a proper gateway).

    Actually it worked but only because now nothing is going through the VPN like before.



  • Sorry for the third message. It would not let me edit the second message. I seemed to have fixed my issue completely with adding the noroute option like you said. I fixed the issue I had after adding that option by adding a LAN Rule to OpenVPN.

    Is this the best way to do this? (See attached)

    "Justin9825" is also me. Sorry, I guess the computer I used to reply that time was logged into the account I didn't know I had




  • that could/should work.

    the rule at the bottom of the list, will only be triggered when you are trying to send stuff that IS NOT tcp/udp (pings and stuff). If tthat is what you intended, then all is well i guess.



  • @heper:

    that could/should work.

    the rule at the bottom of the list, will only be triggered when you are trying to send stuff that IS NOT tcp/udp (pings and stuff). If tthat is what you intended, then all is well i guess.

    How would I do this so all traffic is sent through the VPN then?
    Thanks for your help btw.