Wireguard, Port Forwarding and Proton VPN

Started by Guldil, January 16, 2025, 08:57:33 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 16, 2025, 08:57:33 AM
Hello,

I follow some tutorial :

https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
https://protonvpn.com/support/port-forwarding-manual-setup/#wireguard

my tunnel is UP and my test linux machine is connected through tunnel.

a "what my ip test" is my VPN IP.

But Port Forwarding is not working, i use natpmpc to get a port mapping, i add it to opnsense like a classic NAT rule.

I can see connection in log when i try a "remote port check" but it's always closed or timeout.

What did i miss ?

Thanks

Guldil
January 16, 2025, 10:26:59 AM #1
Are you expecting Proton to handle inbound traffic for you over their link? That is not likely to happen.

What you can set up is a cloudflared tunnel from Linux, for which there are legion blog posts and YT vids.
January 16, 2025, 10:32:31 AM #2
Quote from: bartjsmit on January 16, 2025, 10:26:59 AMThat is not likely to happen
Proton does allow opening a randomized port but it is very difficult to set up and the port can change any time. 
January 16, 2025, 06:59:31 PM #3
Quote from: Bob.Dig on January 16, 2025, 10:32:31 AM
Quote from: bartjsmit on January 16, 2025, 10:26:59 AMThat is not likely to happen
Proton does allow opening a randomized port but it is very difficult to set up and the port can change any time. 

I have a tool that will manage the port from Proton and sync it to OPNsense. It will optionally manage the forwarded port in qBittorrent, too. I've been running various iterations of it for two years without issue. https://github.com/clajiness/qbop
January 17, 2025, 06:56:14 AM #4
As explained, I used a ProtonVPN server that allows Port Forwarding and I followed this guide https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html and https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

Browsing from a server configured in the WG_VPN_Hosts alias has access to the Internet through the ProtonVPN tunnel.
From then it's the port forwarding that doesn't work, i see traffic coming on the port but it stay closed.


BondiblueBalls, I've seen your tool but I don't want to use it at the moment, firt i want to understand what i missed here...
I had a quick look at the code, the port redirection rule is supposed to be already present in OpenSENSE.
January 22, 2025, 04:38:02 PM #5
Does UDP port forwarding work? OPNsense is stateful, so if you port forward TCP, the packet state will not match anymore since you are changing the destination port, and it will be silently dropped. The next rule you match the packet on will have to have "state type: none" and "TCP flags: any" to allow it to match the packet. You will need to do this for incoming and outgoing. I made a guide in the Tutorials and FAQ's that may help you, but I didn't explain many things since it was so long already.
January 25, 2025, 12:44:45 PM #6
Quote from: _Dave_ on January 22, 2025, 04:38:02 PMDoes UDP port forwarding work? OPNsense is stateful, so if you port forward TCP, the packet state will not match anymore since you are changing the destination port, and it will be silently dropped. The next rule you match the packet on will have to have "state type: none" and "TCP flags: any" to allow it to match the packet. You will need to do this for incoming and outgoing. I made a guide in the Tutorials and FAQ's that may help you, but I didn't explain many things since it was so long already.

Hello Dave,

Thanks a lot it's working now :)

Looks like i had some trouble with my testing tools, i used netcat in listem mode behing my opnsense and a putty client direclty on VPN IP + Port :)

Now i'll check in your your guide the Part 6 https://forum.opnsense.org/index.php?topic=45163.0

Print
Go Up Pages1
User actions