Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bypassing OpenVPN - Port Forwarding

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jtoler5
      last edited by

      I have OpenVPN client set up and working using PIA. I also have created an alias of IPs and added a LAN rule to send those IPs to the "default" gateway WAN instead of OPENVPN_CLIENT gateway. This works and the public IP for those alias changes to after applying that rule. My issue, however, is with port forwarding for those clients that bypass the VPN. I have added a port forwarding rule for port 9090 but it will not work if I have OpenVPN client enabled at all. If I disable OpenVPN to PIA connection, I am successfully able to connect to that port outside of my network. It is only after re-enabling OpenVPN, that it stops working again.

      What am I missing? I have played around with every setting I can think of, including NAT Outbound even though I would think it should not change anything in this case.

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        most likely, your openvpn-client forces a new default gateway (the vpn-connection).
        when portforwarding, your reply might go out, through the vpn instead of the WAN.

        try adding  "route-nopull' to your openvpn-client config. assign an interface to your openvpn, create the correct firewall rules. (now you have a proper gateway).

        1 Reply Last reply Reply Quote 0
        • J Offline
          Justin9825
          last edited by

          I added that option correctly I believe but still no luck.

          1.png
          1.png_thumb
          2.png
          2.png_thumb
          3.png
          3.png_thumb

          1 Reply Last reply Reply Quote 0
          • J Offline
            jtoler5
            last edited by

            @heper:

            most likely, your openvpn-client forces a new default gateway (the vpn-connection).
            when portforwarding, your reply might go out, through the vpn instead of the WAN.

            try adding  "route-nopull' to your openvpn-client config. assign an interface to your openvpn, create the correct firewall rules. (now you have a proper gateway).

            Actually it worked but only because now nothing is going through the VPN like before.

            1 Reply Last reply Reply Quote 0
            • J Offline
              jtoler5
              last edited by

              Sorry for the third message. It would not let me edit the second message. I seemed to have fixed my issue completely with adding the noroute option like you said. I fixed the issue I had after adding that option by adding a LAN Rule to OpenVPN.

              Is this the best way to do this? (See attached)

              "Justin9825" is also me. Sorry, I guess the computer I used to reply that time was logged into the account I didn't know I had

              NewRule.png_thumb
              NewRule.png

              1 Reply Last reply Reply Quote 0
              • H Offline
                heper
                last edited by

                that could/should work.

                the rule at the bottom of the list, will only be triggered when you are trying to send stuff that IS NOT tcp/udp (pings and stuff). If tthat is what you intended, then all is well i guess.

                1 Reply Last reply Reply Quote 0
                • J Offline
                  jtoler5
                  last edited by

                  @heper:

                  that could/should work.

                  the rule at the bottom of the list, will only be triggered when you are trying to send stuff that IS NOT tcp/udp (pings and stuff). If tthat is what you intended, then all is well i guess.

                  How would I do this so all traffic is sent through the VPN then?
                  Thanks for your help btw.

                  NATRules.JPG
                  NATRules.JPG_thumb

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.