Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Port forward on VPN & Wan
« previous
next »
Print
Pages: [
1
]
Author
Topic: Port forward on VPN & Wan (Read 4314 times)
mow4cash
Newbie
Posts: 37
Karma: 2
Port forward on VPN & Wan
«
on:
February 17, 2017, 04:56:03 pm »
I use OpenVpn to connect to PIA vpn provider. If I pull routes from PIA it then pushes all traffic through the VPN and disregards the firewall rules I use for selective routing on either the PIA gateway or Wan gateway. If I don't pull routes from PIA everything works correctly but then my ports won't forward on the Wan Interface but work on the PIA Interface. When I pull routes the opposite happens. How can I get this to work so I can port forward on both interfaces at the same time? I'm thinking I need to add in custom policy routing?
Logged
mow4cash
Newbie
Posts: 37
Karma: 2
Re: Port forward on VPN & Wan
«
Reply #1 on:
February 20, 2017, 04:30:00 pm »
I found a PFsense thread of someone with the exact same issue. Hopefully this helps better expalin my issue. I have posted the main points in this post but here is the link for the full thread.
https://forum.pfsense.org/index.php?topic=65094.msg552331#msg552331
PFsense post:
I have an issue with the port forwarding from VPN. Everything works correctly (have the port forwarded from the OpenVPN interface to my local station) If I use the routes added automatically with the OpenVPN connection, the port forwarding is great, but it adds a few routes including 0.0.0.0/1 that go out the vpn interface which takes over my default gateway. When I add route-nopull and just copy all the routes that it adds except for 0.0.0.0/1, the VPN works fine except the port doesn't forward anymore. If I had that route, it starts working again.
Pfsense Reply:
From what I can understand, the reason is that the reply-to address for some reason isn't used for the return packets for the associated firewall rule for the port forwarding NAT rule. I've managed to get it to work by:
On the NAT port forwarding rule, select "none" under "Filter rule association". Create the rule manually instead, under floating rules. The rule is basicly a "copy" of the one automaticly created by NAT:
Pass, Quick, in, IPv4, <protocol>, source: any, Destination: port forwarding destination host, Destination port range: forwarded port
Make sure it's high up/on top in the floating rules, and make sure it's a quick rule. When I look in rules.debug, the effect of this is simply that the rule (it's the firewall rule that contains the reply-to address) ends up much higher in the resulting ruleset, and that seems to make all the difference. I haven't quite figured out why yet.
Me:
I have tried this fix with no luck. I am so lost trying to get this to work. Any help would be greatly appreciated.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Port forward on VPN & Wan