pfSense Support Subscription

Author Topic: [SOLVED] Port Forwarding with OpenVPN Client (FW Rule Issue)  (Read 111 times)

0 Members and 1 Guest are viewing this topic.

Offline glego

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
[SOLVED] Port Forwarding with OpenVPN Client (FW Rule Issue)
« on: December 04, 2017, 08:06:28 pm »
So I'm trying to set up some services behind an OpenVPN Client Host.

So far I can see in Wireshark that the packages are reaching the receiver but can't complete.


https://prnt.sc/hj6q9w

My Configuration
* Interfaces
   WAN
   LAN
   VLAN1
   OVPN (none/none)

* NAT Port FWD
  Interface: OVPN
  Protocol: TCP/UDP   
  Destination: OVPN Addresses
  Port Range: 27687
  Redirect IP: MyHostOnVlan1
  Redirect Port: 27687

* NAT Outbound
 Interface: OVPN
 Protocol: Any
 Source: MyHostsOnVlan1 Subnet
 
* Firewall Rules VLAN 1
  Source: MyHostsOnVlan1 Subnet
  Dest: Any
  Gateway: OVPN

* Firewall Rules OVPN
   Source: Any
   Destination: MyHostOnVlan1
   Port: 27687

* Firewall OpenVPN
 Source: Any
 Destination: Any

When I check the states I get

Interface: OVPN / TCP external:54270 -> MyHostOnVlan1:27687 (MyOpenVPNIP:27687) SYN_SENT:ESTABLISHED
Interface: VLAN 1 / TCP external:54270 -> MyHostOnVlan1:27687 ESTABLISHED:SYN_SENT   

Thanks for your time!


« Last Edit: December 05, 2017, 05:32:08 am by glego »

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9221
  • Karma: +1048/-308
    • View Profile
Re: Port Forwarding with OpenVPN Client (NAT Issue?)
« Reply #1 on: December 04, 2017, 08:57:05 pm »
Make sure the inbound traffic is NOT matched by rules on the OpenVPN tab (disable all rules there) and IS matched by rules on the OVPN tab. That will get reply-to functioning.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline glego

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Port Forwarding with OpenVPN Client (NAT Issue?)
« Reply #2 on: December 05, 2017, 05:32:47 am »
Make sure the inbound traffic is NOT matched by rules on the OpenVPN tab (disable all rules there) and IS matched by rules on the OVPN tab. That will get reply-to functioning.

Removing the rules from the OpenVPN tab resolved the issue. Thanks!