Hello,
I follow some tutorial :
https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
https://protonvpn.com/support/port-forwarding-manual-setup/#wireguard
my tunnel is UP and my test linux machine is connected through tunnel.
a "what my ip test" is my VPN IP.
But Port Forwarding is not working, i use natpmpc to get a port mapping, i add it to opnsense like a classic NAT rule.
I can see connection in log when i try a "remote port check" but it's always closed or timeout.
What did i miss ?
Thanks
Guldil
Are you expecting Proton to handle inbound traffic for you over their link? That is not likely to happen.
What you can set up is a cloudflared tunnel from Linux, for which there are legion blog posts and YT vids.
Quote from: bartjsmit on January 16, 2025, 10:26:59 AMThat is not likely to happen
Proton does allow opening a randomized port but it is very difficult to set up and the port can change any time.
Quote from: Bob.Dig on January 16, 2025, 10:32:31 AMQuote from: bartjsmit on January 16, 2025, 10:26:59 AMThat is not likely to happen
Proton does allow opening a randomized port but it is very difficult to set up and the port can change any time.
I have a tool that will manage the port from Proton and sync it to OPNsense. It will optionally manage the forwarded port in qBittorrent, too. I've been running various iterations of it for two years without issue. https://github.com/clajiness/qbop
As explained, I used a ProtonVPN server that allows Port Forwarding and I followed this guide https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html and https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
Browsing from a server configured in the WG_VPN_Hosts alias has access to the Internet through the ProtonVPN tunnel.
From then it's the port forwarding that doesn't work, i see traffic coming on the port but it stay closed.
BondiblueBalls, I've seen your tool but I don't want to use it at the moment, firt i want to understand what i missed here...
I had a quick look at the code, the port redirection rule is supposed to be already present in OpenSENSE.
Does UDP port forwarding work? OPNsense is stateful, so if you port forward TCP, the packet state will not match anymore since you are changing the destination port, and it will be silently dropped. The next rule you match the packet on will have to have "state type: none" and "TCP flags: any" to allow it to match the packet. You will need to do this for incoming and outgoing. I made a guide in the Tutorials and FAQ's that may help you, but I didn't explain many things since it was so long already.
Quote from: _Dave_ on January 22, 2025, 04:38:02 PMDoes UDP port forwarding work? OPNsense is stateful, so if you port forward TCP, the packet state will not match anymore since you are changing the destination port, and it will be silently dropped. The next rule you match the packet on will have to have "state type: none" and "TCP flags: any" to allow it to match the packet. You will need to do this for incoming and outgoing. I made a guide in the Tutorials and FAQ's that may help you, but I didn't explain many things since it was so long already.
Hello Dave,
Thanks a lot it's working now :)
Looks like i had some trouble with my testing tools, i used netcat in listem mode behing my opnsense and a putty client direclty on VPN IP + Port :)
Now i'll check in your your guide the Part 6 https://forum.opnsense.org/index.php?topic=45163.0