Menu
What's new
By:
Filters Better Search

Port forwarding into OpenVPN client LAN address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Mikael Johansson

New Around Here
I've now finally managed to setup a bidirectional site-to-site OpenVPN using two RT-AC66U routers running Merlin.

Some info
Router 1 (OpenVPN server)
Local range: 10.55.55.0/24
(tun: 10.8.8.1)

Router 2 (OpenVPN client)
Local range 10.22.22.0/24?
(tun: 10.8.8.2)

Connectivity is working fine now - The 10.55.55.x network can access the 10.22.22.x network and vice versa.

What I would like to do now
Unfortunately, router 2 is behind NAT, and I would like to forward a port on the external address of router 1 into the LAN of router 2 (e.g. <Router1Ext>:10022 -> 10.22.22.200:22)

However, adding such a port forwarding rule in the GUI on router 1 doesn't seem to work - No connection is established. I suspect this is due to the router NAT:ing only into the interface of its own local network instead of through the tunnel, even though the routing table works well from the 10.55.55 network into the 10.22.22 network otherwise. Is that true? Is it possible to fix through some iptables magic? How?

Thanks,
Mikael
 
It took quite a bit of research and failed attempts to solve this, so I'm posting the solution here for reference:

iptables -t nat -A PREROUTING -p tcp --dport 10022 -j DNAT --to-dest 10.22.22.200:10022
iptables -t nat -A POSTROUTING -d 10.22.22.200 -p tcp --dport 10022 -j SNAT --to-source 10.8.8.1

The key here is the SNAT entry, which usually isn't required for port forwarding, but is required in this case for the return path to go through the VPN rather than through the normal gateway on the 10.22.22 network. So unfortunately this kind of forwarding can't be done through the normal GUI.

Credits go to this post:
https://unix.stackexchange.com/ques...lient?newreg=402a5635c65145a8bb731bf73f740488
 
You must log in or register to reply here.

Similar threads

waldo43
Solved Port Forwarding Issue
Replies
6
Views
669
waldo43
waldo43
Z
Port forwarding for client connected to OpenVPN server
Replies
0
Views
747
zakazak
Z
eibgrad
OpenVPN Client: mishandled route directives
Replies
7
Views
759
eibgrad
eibgrad
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
573
MNBob
M
H
Can no longer get OpenVPN Server to work
Replies
4
Views
504
hvoorend
H
Similar threads
Thread starter Title Forum Replies Date
Z Port forwarding for client connected to OpenVPN server Asuswrt-Merlin 0
C Can port forwarding do failover to an alternative server? Asuswrt-Merlin 2
A DSL-AX82U HTTP/HTTPS Port Forwarding Asuswrt-Merlin 7
waldo43 Solved Port Forwarding Issue Asuswrt-Merlin 6
docta_v Is there any VPN provider with easy setup for port forwarding on Merlin? Asuswrt-Merlin 5
GShlomi Sharing my DualWan with port forwarding and DDNS experience Asuswrt-Merlin 0
GShlomi Two WANs but not dual-WAN, with port-forwarding Asuswrt-Merlin 7
Mr Solis Enabling NAT Acceleration (CTF) breaks Port Forwarding? (RT-AC68U w/ 386.12_4) Asuswrt-Merlin 17
A PS5 port forwarding and VPN rules Asuswrt-Merlin 4
SA_booley Port forwarding only works on LAN Asuswrt-Merlin 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 607 (members: 21, guests: 586)
Top