Openvpn Port Forwarding

[Denisha Cerniglia]

Weuse and recommend NordVPN because not only is it the fastest VPN, it includes a new feature called Meshnet that makes forwarding a port no longer necessary for most applications. With NordVPN Meshnet, you can connect to your devices from anywhere in the world, completely secure, over a highly encrypted VPN tunnel.

Once you've set up your NordVPN account on multiple computers and enabled Meshnet, you can seamlessly access all of your devices as if they were on the same network. You don't even have to log in to your router. It's very simple.

A smart way to forward your ports is to use Network Utilities. Since Network Utilities allows you to both forward and un-forward ports easily you can keep your network security maximized, and then forward ports only when you need them.

You might notice that most of our site doesn't have ads on it. This is because we use partnerships with companies like NordVPN to keep the site running. Thank you for supporting us by using our referral links.

When I try to connect to the OpenVPN server from the WAN through the Peplink, it fails. I have tried both NAT mapping and port forwarding (TCP:443, TCP:993, and UDP:1194), but still no success either on the TCP or UDP ports.

I have a mumble server open for my friends to connect to, which I would like to stay outside of the VPN. I configure the VPN, and it works fine, connects and all the devices I select adopt the VPN's IP address as I would expect.

However, when I do this, I can no longer connect to the mumble server publically. The server still has the same IP adress, both locally, and publically, however it cannot accept connections. The very instant I disable the VPN on the router, I can connect, and everything works flawlessly, despite nothing changing from the server's point of view.

It feels like theres a bug where port forwarding is disabled with the VPN. Does anyone know how run the VPN for the non server's while keeping port forwarding for the servers?

Thanks in Advance

Haugene/transmission-openvpn port forwarding. I am trying to forward the 9091 & 51413 ports. I did the setup in the router but I couldn't set up in the haugene/transmission-openvpn docker.

I enabled the port forwarding in the config but it doesn't work. I don't see the "CONFIGURING PORT FORWARDING" in my log.

I attached my config and the screenshot of my router settings. My OMV is on 192.168.88.249 address. The port forwarding works on ftp server on port 21.

I got all "AEAD Decrypt error: bad packet ID (may be a replay):" on all hungarian NORDVPN servers.

I tested the port with forwarding on my PC (installed qbittorrent) everything is working fine (canyouseeme sees the opened port). But when I am using vpn docker the port seems to be closed. I tried to forward the Cloud commander on port 8000. No luck, I got the same message. The port unreachable for outside. I attached my cofigs and log files.

For example, say you want to run a web server but you do not want to hand out your real WAN IP address. You want to hand out your public VPN address instead and have the traffic go thru the tunnel to your server. This will require that your VPN provider open a port on their end of the connection and forward it thru the tunnel to you. This is not supported by NordVPN and others.

I am trying to forward a transmission port for example 51413 to the outside world. Without the opened peer port the torrent client is useless no upload and lack of peers.

The haugene version + Nordvpn service combination doesn't work for me. The peer and the service port (9091) unable to reach from outside.

I contacted the Nordvpn support they told that we don't support port forwarding (because the illegal uploading on a shared servers.).

And voila the port is open (I checked via canyouseeme.com) I got zero peers for the upload/seed. But In the torrent site stats I got a true seed flag instead of the haugene vpn which gives me a torrent stopped flag because the closed port). PIA supports port forwarding. Unfortunately I have a 3 years subscription on nordvpn

You shouldn't need any port forwarding set in your router. I use Deluge docker with Socks5 proxy and don't have any ports forwarded. One thing you may notice is that you have a red no incoming connections icon showing but this is not a problem.

Based on @SmallClanger's comments I realized I didn't need to do any port forwarding or NAT. LOCAL-CLIENT is able to connect to REMOTE-SERVER through its VPN's IP. For this, since my VPN Gateway is not the default gateway, I had to add this static route on LOCAL-CLIENT:

However, I question whether you actually need NAT at all. Routing alone should handle this, with the appropriate FORWARD rule. That routing can be established manually or through the VPN server config, it depends on your requirements. If you want to look at this option, can you add your openvpn server configuration and the output of route -n to your post?

If it works, it's better to add this to your VPN client config:route 192.168.1.0/24 (This will automatically create the route on connection, regardless of the tunnel interface or the PPP endpoint addresses being used)

A useful debugging tip:tcpdump -i tun0 -qtln port 3306 on the server will show you the mysql traffic going through the VPN adaptors (client or server). You should be able to see where the connection handshaking is going awry.

I had a problem when I opened a port with this iptables -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to 10.8.0.2 I could not connect to other minecraft servers which were running on port 25565 . So the ChatGPT finally solved problem with these two commands :

Now I am trying to forward some ports through the VPN tunnel, like RDP for instance. I tried it before with openvpn client installed directly on windows VM. I was able to forward rdp directly to the VPN IP of the windows VM. Trying the same with forwarding the port to openvpn client on openwrt in order to forward this port further already on this device and that fails.

What is interesting that I have full communication working between vpn server and vpn client: ping etc. I can also telnet the ports that I have opened on the vpn client IP from the vpn server, but port forwarding doesnt work.

I've run into a bit of a puzzle and haven't had much luck finding a solution. Right now I am (sadly) connected to the net via Verizon 3G. They filter all incoming traffic so it is impossible for me to open ports to accept connections.

I currently have a Linux virtual machine at linode.com, and the thought crossed my mind to install pptpd and attempt to do some iptables port forwarding. I have pptpd installed and my home machine connects happily. That said, here's some general info:

I have tried at least 20 different Googled up iptables configs and none have worked yet. Does anyone have any ideas, or perhaps even a totally different approach I might not be aware of? The goal here is to listen through a horribly firewalled connection, preferably both TCP and UDP traffic.

The reason you need the SNAT is because otherwise your VPN client will send its return packets straight to the host which initiated the connection (z.z.z.z) via its default gateway (i.e. Verizon 3G), and not via the VPN. Thus the source IP address on the return packets will be your Verizon 3G address, and not x.x.x.x. This causes all sorts of problems, since z.z.z.z really initiated the connection to x.x.x.x.

For each client you have to create a file. The filename must match the common name attribute that was specified at the certificate of the client. This command gets the CN from the computers certificate:

What you want to achieve is (probably) very possible with pptpd or OpenVPN and iptables, however, you might find tinc a better candidate for this use case. I just read this which describes how to setup tinc for exactly this use case. It's a (potentially simpler) alternative to the pptdp or OpenVPN part. Then you'd need exactly the same rules for iptables.

I have a single client on my Isolated network running NextCloud. I have setup port forwarding rules under NAT to port 443 to that particular client and this works fine when trying to access it externally.

However as soon as I enable my Express VPN client in pfSense I am no longer able to access my NextCloud instance. I have setup some policy based routing on my IoT network (there are some clients I want to route through ExpressVPN) but I have no rules on my Isolated network to make use of that VPN.

I freshely installed an OpenVpn on my machine which runs ubuntu server 18.04 LTS. I scanned my ports with nmap it seems to be my ISP filtered all ports so i'm unable to do port forwarding. Is there any way to access OpenVpn outside my LAN without port forwarding.

You need to have a port forward from your public ip address. There is no other way how to connect from outside. Talk to your ISP regarding the port forwarding. Some ISP provide port forwarding free of charge, whereas an extra public IP address costs something.

I don't trust the method you used to determine your ISP "filters all ports so you're unable to do port forwarding". If you haven't set up port forwarding, no ports are going to be open on your IP address, which doesn't necessarily mean your ISP is doing anything.

What port(s) you forward to your Ubuntu 18.04 server to access OpenVPN will depend on how you set up OpenVPN. If you used the default OpenVPN server configuration, you'll have to forward UDP port 1994 to the IP address of your Ubuntu 18.04 server.

Note:

It might be something that happens at times, but I have never seen it, and can't imagine an ISP blocking all ports to their clients. They may block some ports such as port 25 to protect their clients from virus vulnerabilities. Some also block ports that are commonly used for heavy traffic file sharing (often used for pirating software). They often block port 80 to prevent their customers from running heavy traffic web servers. I kind of gave you the wrong port to test in the comments.

3a8082e126