Port forwarding using OpenVPN client
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.
I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.
The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind
My current setup is:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081
iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42
Is there something simple I'm doing incorrectly? Thank you.
linux openvpn port-forwarding
add a comment |Â
up vote
2
down vote
favorite
I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.
I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.
The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind
My current setup is:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081
iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42
Is there something simple I'm doing incorrectly? Thank you.
linux openvpn port-forwarding
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.
I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.
The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind
My current setup is:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081
iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42
Is there something simple I'm doing incorrectly? Thank you.
linux openvpn port-forwarding
I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.
I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.
The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind
My current setup is:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081
iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42
Is there something simple I'm doing incorrectly? Thank you.
linux openvpn port-forwarding
edited Jun 14 at 20:48
asked Jun 14 at 16:39
kym8886
113
113
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
0
down vote
Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.
You should probably replace 32400 with 8081.
Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
â kym8886
Jun 14 at 20:56
add a comment |Â
up vote
0
down vote
accepted
The issue was related with the iptables rules. By adding the following rules, everything works as expected:
iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT
iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP
iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT
Does this encrypt the traffic through the vpn tunnel?
â Keith
Jul 30 at 20:00
1
Yes, the traffic between the OpenVPN server and the clients is encrypted.
â kym8886
Aug 1 at 7:39
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.
You should probably replace 32400 with 8081.
Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
â kym8886
Jun 14 at 20:56
add a comment |Â
up vote
0
down vote
Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.
You should probably replace 32400 with 8081.
Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
â kym8886
Jun 14 at 20:56
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.
You should probably replace 32400 with 8081.
Your SNAT matches a different port number DNAT will and a diagram so this setup will only work if the OpenVPN client as a router back to the internet via the OpenVPN server.
You should probably replace 32400 with 8081.
answered Jun 14 at 16:56
Timothy Baldwin
1662
1662
Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
â kym8886
Jun 14 at 20:56
add a comment |Â
Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
â kym8886
Jun 14 at 20:56
Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
â kym8886
Jun 14 at 20:56
Thanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
â kym8886
Jun 14 at 20:56
add a comment |Â
up vote
0
down vote
accepted
The issue was related with the iptables rules. By adding the following rules, everything works as expected:
iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT
iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP
iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT
Does this encrypt the traffic through the vpn tunnel?
â Keith
Jul 30 at 20:00
1
Yes, the traffic between the OpenVPN server and the clients is encrypted.
â kym8886
Aug 1 at 7:39
add a comment |Â
up vote
0
down vote
accepted
The issue was related with the iptables rules. By adding the following rules, everything works as expected:
iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT
iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP
iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT
Does this encrypt the traffic through the vpn tunnel?
â Keith
Jul 30 at 20:00
1
Yes, the traffic between the OpenVPN server and the clients is encrypted.
â kym8886
Aug 1 at 7:39
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
The issue was related with the iptables rules. By adding the following rules, everything works as expected:
iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT
iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP
iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT
The issue was related with the iptables rules. By adding the following rules, everything works as expected:
iptables -t nat -I PREROUTING 1 -d SERVER_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j DNAT --to-dest CLIENT_LOCAL_IP_ADDRESS:CLIENT_PORT
iptables -t nat -I POSTROUTING 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j SNAT --to-source VPN_GATEWAY_IP
iptables -I FORWARD 1 -d CLIENT_LOCAL_IP_ADDRESS -p tcp --dport CLIENT_PORT -j ACCEPT
answered Jun 20 at 13:16
kym8886
113
113
Does this encrypt the traffic through the vpn tunnel?
â Keith
Jul 30 at 20:00
1
Yes, the traffic between the OpenVPN server and the clients is encrypted.
â kym8886
Aug 1 at 7:39
add a comment |Â
Does this encrypt the traffic through the vpn tunnel?
â Keith
Jul 30 at 20:00
1
Yes, the traffic between the OpenVPN server and the clients is encrypted.
â kym8886
Aug 1 at 7:39
Does this encrypt the traffic through the vpn tunnel?
â Keith
Jul 30 at 20:00
Does this encrypt the traffic through the vpn tunnel?
â Keith
Jul 30 at 20:00
1
1
Yes, the traffic between the OpenVPN server and the clients is encrypted.
â kym8886
Aug 1 at 7:39
Yes, the traffic between the OpenVPN server and the clients is encrypted.
â kym8886
Aug 1 at 7:39
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f449853%2fport-forwarding-using-openvpn-client%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password