English Forums > General Discussion

Issue port forwarding and VPN

(1/1)

KALRONG:
Hello,

I have recently migrated from OpenWRT to Opnsense and have everything working except for the port forwarding from connections comming throw the VPN.

Basically I have a openVPN server in a VPS that I use to connect remotely to my services at home (lets leave using the home internet aside for the moment), this was easily done in OpenWRT just forwarding connections to the VPN IP on the router to the different servers. In Opnsense I managed to reach the servers but the replies are getting lost somewhere.

VPNServer -> Opnsense (vpn interface) -> Internal Server

I have done tcpdump captures in the Opnsense and the Internal Server and I can see all packets except the reply going from the Opnsense towards the VPNServer.

After much searching on Google I found that the culprit may be the Outbound NAT rules, I tried creating one and testing several options without luck.

Here some picks of the Outbound rule and the port forwarding im testing:


I have attached them too just in case.

Im at a lost of whats going on, I have done other port forwards from the WAN that work like a charm but nothing seems to work on this case.

Any suggestions will be much appreciated, thanks in advance!

zan:
The "reply-to" of your pass rule on your VPN interface must be set to your VPN gateway.

KALRONG:
Sorry, Im quite new on Opnsense and don't understand what you mean:

- Couldnt find a reply-to option
- By pass rule you mean the port fw one?
- By VPN gateway, you mean the vpn address the opnsense has or the ip of the server?

Sorry again and thanks for your response

zan:
On the firewall rule of your kvpn that pass the traffic from your VPS, click on "Advanced features" to set the "reply-to.
The gateway should be your kvpn gateway address (the tunnel IP of your VPN serverl) that you setup previously.

Please post your gateway list (Gateways>configuration), NAT Port forward and kvpn rules.


KALRONG:
Found it, at it seems to do the trick!!!

Couldn't find any reference to that option anywhere before you mentioned it :(

Funny enough it only works with one port forward enabled, if I create another similar rule for another port both stop working.

Thanks for the quick replies!

Navigation

[0] Message Index

Go to full version