Port forwarding using OpenVPN client

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.



I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.



The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind



My current setup is:



enter image description here



sysctl -w net.ipv4.ip_forward=1



iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081



iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42



Is there something simple I'm doing incorrectly? Thank you.







share|improve this question

























    up vote
    2
    down vote

    favorite












    I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.



    I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.



    The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind



    My current setup is:



    enter image description here



    sysctl -w net.ipv4.ip_forward=1



    iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081



    iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42



    Is there something simple I'm doing incorrectly? Thank you.







    share|improve this question























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.



      I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.



      The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind



      My current setup is:



      enter image description here



      sysctl -w net.ipv4.ip_forward=1



      iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081



      iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42



      Is there something simple I'm doing incorrectly? Thank you.







      share|improve this question













      I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.



      I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.



      The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind



      My current setup is:



      enter image description here



      sysctl -w net.ipv4.ip_forward=1



      iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081



      iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42



      Is there something simple I'm doing incorrectly? Thank you.









      share|improve this question












      share|improve this question




      share|improve this question








      edited Jun 14 at 20:48
























      asked Jun 14 at 16:39









      kym8886

      113




      113




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          0
          down vote













          Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.



          You should probably replace 32400 with 8081.






          share|improve this answer





















          • Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
            – kym8886
            Jun 14 at 20:56


















          up vote
          0
          down vote



          accepted










          The issue was related with the iptables rules. By adding the following rules, everything works as expected:



          iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT



          iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP



          iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT






          share|improve this answer





















          • Does this encrypt the traffic through the vpn tunnel?
            – Keith
            Jul 30 at 20:00






          • 1




            Yes, the traffic between the OpenVPN server and the clients is encrypted.
            – kym8886
            Aug 1 at 7:39










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f449853%2fport-forwarding-using-openvpn-client%23new-answer', 'question_page');

          );

          Post as a guest






























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.



          You should probably replace 32400 with 8081.






          share|improve this answer





















          • Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
            – kym8886
            Jun 14 at 20:56















          up vote
          0
          down vote













          Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.



          You should probably replace 32400 with 8081.






          share|improve this answer





















          • Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
            – kym8886
            Jun 14 at 20:56













          up vote
          0
          down vote










          up vote
          0
          down vote









          Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.



          You should probably replace 32400 with 8081.






          share|improve this answer













          Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.



          You should probably replace 32400 with 8081.







          share|improve this answer













          share|improve this answer



          share|improve this answer











          answered Jun 14 at 16:56









          Timothy Baldwin

          1662




          1662











          • Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
            – kym8886
            Jun 14 at 20:56

















          • Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
            – kym8886
            Jun 14 at 20:56
















          Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
          – kym8886
          Jun 14 at 20:56





          Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
          – kym8886
          Jun 14 at 20:56













          up vote
          0
          down vote



          accepted










          The issue was related with the iptables rules. By adding the following rules, everything works as expected:



          iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT



          iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP



          iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT






          share|improve this answer





















          • Does this encrypt the traffic through the vpn tunnel?
            – Keith
            Jul 30 at 20:00






          • 1




            Yes, the traffic between the OpenVPN server and the clients is encrypted.
            – kym8886
            Aug 1 at 7:39














          up vote
          0
          down vote



          accepted










          The issue was related with the iptables rules. By adding the following rules, everything works as expected:



          iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT



          iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP



          iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT






          share|improve this answer





















          • Does this encrypt the traffic through the vpn tunnel?
            – Keith
            Jul 30 at 20:00






          • 1




            Yes, the traffic between the OpenVPN server and the clients is encrypted.
            – kym8886
            Aug 1 at 7:39












          up vote
          0
          down vote



          accepted







          up vote
          0
          down vote



          accepted






          The issue was related with the iptables rules. By adding the following rules, everything works as expected:



          iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT



          iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP



          iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT






          share|improve this answer













          The issue was related with the iptables rules. By adding the following rules, everything works as expected:



          iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT



          iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP



          iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT







          share|improve this answer













          share|improve this answer



          share|improve this answer











          answered Jun 20 at 13:16









          kym8886

          113




          113











          • Does this encrypt the traffic through the vpn tunnel?
            – Keith
            Jul 30 at 20:00






          • 1




            Yes, the traffic between the OpenVPN server and the clients is encrypted.
            – kym8886
            Aug 1 at 7:39
















          • Does this encrypt the traffic through the vpn tunnel?
            – Keith
            Jul 30 at 20:00






          • 1




            Yes, the traffic between the OpenVPN server and the clients is encrypted.
            – kym8886
            Aug 1 at 7:39















          Does this encrypt the traffic through the vpn tunnel?
          – Keith
          Jul 30 at 20:00




          Does this encrypt the traffic through the vpn tunnel?
          – Keith
          Jul 30 at 20:00




          1




          1




          Yes, the traffic between the OpenVPN server and the clients is encrypted.
          – kym8886
          Aug 1 at 7:39




          Yes, the traffic between the OpenVPN server and the clients is encrypted.
          – kym8886
          Aug 1 at 7:39












           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f449853%2fport-forwarding-using-openvpn-client%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?