Suggestions for VPN with port forwarding

Started by leghammer, September 18, 2023, 03:10:36 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 18, 2023, 03:10:36 AM
Recently moved to Starlink without realizing that I would lose port forwarding. I currently have PIA, but they don't support port forwarding outside the app. I found a couple things on Github for FreeBSD, but I'd prefer to keep the config in OPNsense. Does anyone have a recommendation for a VPN provider that offers a dedicated IP with port forwarding that I can add in VPN > OpenVPN > Clients?
September 18, 2023, 03:30:06 AM #1
The best VPN provider is _you_:

- Do your research and get the smallest VPS on DigitalOcean/Linode/OVH/others

- Set up a VPN between OPNsense and your egress/ingress point in your network

- Configure said VPS as needed, you have full control and public IPv4/IPv6 addresses.


It will be a bit of a learning curve most likely, but worth every minute of your time.



Alternatively, keep searching for a magical VPN provider that has port forwarding.
- The more reputable ones are removing the option from their offering due to abuse so you'll be in uncharted waters there when you find something.
September 18, 2023, 05:15:44 AM #2
PIA absolutely supports port forwarding outside of the app. https://helpdesk.privateinternetaccess.com/kb/articles/manual-connection-and-port-forwarding-scripts-for-linux

If you want a better alternative (imo), I'm currently using ProtonVPN via WireGuard, and port forwarding works perfectly. I wrote a little script to handle natpmpc, but it's really straightforward otherwise. https://protonvpn.com/support/port-forwarding-manual-setup/

So ya, I used this (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) with the info above, and my proton connection has been rock solid.

Good luck!
September 18, 2023, 02:19:10 PM #3
... and while doing all of that, don't forget Starlink provides a /56 and allows inbound IPv6 connections.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
September 19, 2023, 12:02:15 AM #4
@newsense, git gud is always a valid option, but if I'd rather pay for a solution than pay for a service to build my own solution on. I don't need that level of control and, honestly, I'm a bit too lazy for that. If I get extra paranoid I'll take your advice to heart though. Thank you.

@BondiBlueBalls, I did go down that road with PIA. I was using one of the forks that they listed which did get a connection going on tun0, but that interface didn't appear in OPNsense and I would prefer keeping as much config in the webUI as I can. Quickly skimming your suggestion, it looks like ProtonVPN might check all the boxes. Much appreciated!

@Maurice, that's an interesting note. I've largely ignored IPv6 personally and professionally, but perhaps I'll take the chance to dip my toes in. Appreciate the two cents!
September 24, 2023, 03:45:10 AM #5
Alternatively, for $20/mn more I can now switch to a business priority plan that includes a public IP that I can share my external stuff through and route my regular browsing traffic through a VPN client in OPNsense. I think I'll give that a shot since I still have a bunch of time on my PIA subscription.
Print
Go Up Pages1
User actions