Menu
What's new
By:
Filters Better Search

Port forwarding into OpenVPN client LAN address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Mikael Johansson

New Around Here
I've now finally managed to setup a bidirectional site-to-site OpenVPN using two RT-AC66U routers running Merlin.

Some info
Router 1 (OpenVPN server)
Local range: 10.55.55.0/24
(tun: 10.8.8.1)

Router 2 (OpenVPN client)
Local range 10.22.22.0/24?
(tun: 10.8.8.2)

Connectivity is working fine now - The 10.55.55.x network can access the 10.22.22.x network and vice versa.

What I would like to do now
Unfortunately, router 2 is behind NAT, and I would like to forward a port on the external address of router 1 into the LAN of router 2 (e.g. <Router1Ext>:10022 -> 10.22.22.200:22)

However, adding such a port forwarding rule in the GUI on router 1 doesn't seem to work - No connection is established. I suspect this is due to the router NAT:ing only into the interface of its own local network instead of through the tunnel, even though the routing table works well from the 10.55.55 network into the 10.22.22 network otherwise. Is that true? Is it possible to fix through some iptables magic? How?

Thanks,
Mikael
 
It took quite a bit of research and failed attempts to solve this, so I'm posting the solution here for reference:

iptables -t nat -A PREROUTING -p tcp --dport 10022 -j DNAT --to-dest 10.22.22.200:10022
iptables -t nat -A POSTROUTING -d 10.22.22.200 -p tcp --dport 10022 -j SNAT --to-source 10.8.8.1

The key here is the SNAT entry, which usually isn't required for port forwarding, but is required in this case for the return path to go through the VPN rather than through the normal gateway on the 10.22.22 network. So unfortunately this kind of forwarding can't be done through the normal GUI.

Credits go to this post:
https://unix.stackexchange.com/ques...lient?newreg=402a5635c65145a8bb731bf73f740488
 
You must log in or register to reply here.

Similar threads

C
Connection to router by ip fails while remote over OpenVPN
Replies
17
Views
472
elorimer
E
Z
Port forwarding for client connected to OpenVPN server
Replies
0
Views
774
zakazak
Z
H
Can no longer get OpenVPN Server to work
Replies
4
Views
530
hvoorend
H
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
606
MNBob
M
R
RT-AX86U Pro LAN Port on Guest Network
Replies
9
Views
920
Jherb
J
Similar threads
Thread starter Title Forum Replies Date
adri Firewall, Port Forwarding, and DoS Question Asuswrt-Merlin 6
C Can port forwarding do failover to an alternative server? Asuswrt-Merlin 2
A DSL-AX82U HTTP/HTTPS Port Forwarding Asuswrt-Merlin 7
waldo43 Solved Port Forwarding Issue Asuswrt-Merlin 6
docta_v Is there any VPN provider with easy setup for port forwarding on Merlin? Asuswrt-Merlin 5
GShlomi Sharing my DualWan with port forwarding and DDNS experience Asuswrt-Merlin 0
GShlomi Two WANs but not dual-WAN, with port-forwarding Asuswrt-Merlin 7
Mr Solis Enabling NAT Acceleration (CTF) breaks Port Forwarding? (RT-AC68U w/ 386.12_4) Asuswrt-Merlin 17
A PS5 port forwarding and VPN rules Asuswrt-Merlin 4
SA_booley Port forwarding only works on LAN Asuswrt-Merlin 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 850 (members: 28, guests: 822)
Top