Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: ligand on June 27, 2024, 05:45:56 AM

Title: [Solved] - Port Forwarding on VPN Interface
Post by: ligand on June 27, 2024, 05:45:56 AM
Hi Everyone!
I'm banging my head on this problem and am hoping that someone can help me.  I setup a VPN to a VPN provider and enabled policy based routing and NATing.  I am able to run curl ifconfig.me and my VM shows the public IP of the VPN address.  I want to port forward a port from the public IP of the VPN tunnel to the VM participating in the policy based routing. 

Using tcpdump, I see traffic coming into the VPN tunnel
23:19:28.717855 IP 45.33.50.110.50954 > 10.2.20.23.51413:

I see traffic hitting the VM and I see the VM responding
23:19:29.653702 IP 45.33.50.110.50954 > 192.168.25.11.51413:
23:19:29.653745 IP 192.168.25.11.51413 > 45.33.50.110.50954:

But I don't see response traffic leaving leaving the VPN tunnel.

I see the response traffic hitting the LAN interface so I know its making it back to the firewall
23:19:44.042532 IP 192.168.25.11.51413 > 45.33.50.110.50954:

I'm frankly at a loss and am hoping someone can help me figure out what I'm doing wrong.  Also let me know if additional information would be helpful.

Here's what I see with the live view

lan      2024-06-26T23:44:26-04:00   45.33.50.110:56016   192.168.25.11:51413   tcp   let out anything from firewall host itself
   
VyperVPN      2024-06-26T23:44:26-04:00   45.33.50.110:56016   10.2.20.23:51413   tcp   rdr rule
Title: Re: Port Forwarding on VPN Interface
Post by: Monviech (Cedrik) on June 27, 2024, 05:53:34 AM
Did you enable reply_to and selected the VPN interface in the Firewall Rule that allows the traffic of the port forward?
Title: Re: Port Forwarding on VPN Interface
Post by: ligand on June 27, 2024, 12:58:35 PM
Quote from: Monviech on June 27, 2024, 05:53:34 AM
Did you enable reply_to and selected the VPN interface in the Firewall Rule that allows the traffic of the port forward?
Hi!  Thank you for the response.  You're right!  I needed to enable reply_to and set it to the VPN interface.  It works like a champ now!  :-). I now see the firewall rule being used in live view. :-)

lan      2024-06-27T06:55:59-04:00   45.33.50.110:40140   192.168.25.11:51413   tcp   let out anything from firewall host itself   

VyperVPN      2024-06-27T06:55:59-04:00   45.33.50.110:40140   192.168.25.11:51413   tcp   Allows inbound to Transmission   

VyperVPN      2024-06-27T06:55:59-04:00   45.33.50.110:40140   10.2.20.23:51413   tcp   rdr rule

Thanks again!   :D
Text only | Text with Images