Recently moved to Starlink without realizing that I would lose port forwarding. I currently have PIA, but they don't support port forwarding outside the app. I found a couple things on Github for FreeBSD, but I'd prefer to keep the config in OPNsense. Does anyone have a recommendation for a VPN provider that offers a dedicated IP with port forwarding that I can add in VPN > OpenVPN > Clients?
The best VPN provider is _you_:
- Do your research and get the smallest VPS on DigitalOcean/Linode/OVH/others
- Set up a VPN between OPNsense and your egress/ingress point in your network
- Configure said VPS as needed, you have full control and public IPv4/IPv6 addresses.
It will be a bit of a learning curve most likely, but worth every minute of your time.
Alternatively, keep searching for a magical VPN provider that has port forwarding.
- The more reputable ones are removing the option from their offering due to abuse so you'll be in uncharted waters there when you find something.
PIA absolutely supports port forwarding outside of the app. https://helpdesk.privateinternetaccess.com/kb/articles/manual-connection-and-port-forwarding-scripts-for-linux
If you want a better alternative (imo), I'm currently using ProtonVPN via WireGuard, and port forwarding works perfectly. I wrote a little script to handle natpmpc, but it's really straightforward otherwise. https://protonvpn.com/support/port-forwarding-manual-setup/
So ya, I used this (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) with the info above, and my proton connection has been rock solid.
Good luck!
... and while doing all of that, don't forget Starlink provides a /56 and allows inbound IPv6 connections.
Cheers
Maurice
@newsense, git gud is always a valid option, but if I'd rather pay for a solution than pay for a service to build my own solution on. I don't need that level of control and, honestly, I'm a bit too lazy for that. If I get extra paranoid I'll take your advice to heart though. Thank you.
@BondiBlueBalls, I did go down that road with PIA. I was using one of the forks that they listed which did get a connection going on tun0, but that interface didn't appear in OPNsense and I would prefer keeping as much config in the webUI as I can. Quickly skimming your suggestion, it looks like ProtonVPN might check all the boxes. Much appreciated!
@Maurice, that's an interesting note. I've largely ignored IPv6 personally and professionally, but perhaps I'll take the chance to dip my toes in. Appreciate the two cents!
Alternatively, for $20/mn more I can now switch to a business priority plan that includes a public IP that I can share my external stuff through and route my regular browsing traffic through a VPN client in OPNsense. I think I'll give that a shot since I still have a bunch of time on my PIA subscription.