pfSense Support Subscription

Author Topic: Port Forward through OpenVPN  (Read 175 times)

0 Members and 1 Guest are viewing this topic.

Offline m1001101

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Port Forward through OpenVPN
« on: December 31, 2017, 07:05:49 am »
Hi guys, I've a problem with port forard on pfsense.
See my network in attached scheme.

I have 2 LAN, Home (192.168.10.x) and Museum (192.168.11.x);

In Home LAN I have pfsense box configured as OpenVPN Server (works perfectly);

In Museum LAN there is a server that connect via OpenVPN (client) to Home LAN through net 10.10.0.x/24(works perfectly), i can connect via ssh and all services from Home LAN to Museum LAN Server (Static OpenVPN IP 10.10.0.204), and reverse situation works great.

Now I need to forward 1 service from Museum LAN server to Internet on port 24356 TCP, so I've setup a port forward and relative firewall rule in my Home LAN pfsense to forward all traffic inbound from port 24356 to same port at ip 10.10.0.204 (Museum LAN Server OpenVPN IP).

But not work.

I've flag the option "Force all client generated traffic through the tunnel" in client specific overrides, and check with traceroute: full working, packets originated from Museum LAN Server go though VPN tunnel, to Home LAN Gateway and on Inernet without problems.

I can't understand why the port forward rule don't work like other rules for Home LAN services.

Suggestions?

Thanks
« Last Edit: December 31, 2017, 08:51:57 am by m1001101 »

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2622
  • Karma: +276/-1
    • View Profile
Re: Pot Forward through OpenVPN
« Reply #1 on: December 31, 2017, 08:29:51 am »
Have you already set an outbound NAT rule on the home firewall for packet coming from the server?

Offline m1001101

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Pot Forward through OpenVPN
« Reply #2 on: December 31, 2017, 08:51:39 am »
No, because Museum Server reach Internet through VPN without problems.

Now I tryed with outbound nat rule:

interface: oVPN
protocol: TCP
source: 10.10.0.0/24 24356 (oVPN Net)
destination: Any 24356

Translation
Address: interface address
port range: static port flagged

But doesn't work

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9609
  • Karma: +1090/-309
    • View Profile
Re: Port Forward through OpenVPN
« Reply #3 on: December 31, 2017, 11:28:51 am »
You shouldn't need a port forward since there is no NAT.

Just tell the Museum host to connect to 10.10.0.204:24356
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline m1001101

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Port Forward through OpenVPN
« Reply #4 on: January 03, 2018, 03:57:15 am »
OK Solved!

I've flag the option "Force all client generated traffic through the tunnel" in client specific overrides, this time worked perfectly!

Thanks to all!!