Port forwarding using OpenVPN client
The issue was related with the iptables rules. By adding the following rules, everything works as expected:
iptables -t nat -I PREROUTING 1 -d {SERVER_LOCAL_IP_ADDRESS} -p tcp --dport {CLIENT_PORT} -j DNAT --to-dest {CLIENT_LOCAL_IP_ADDRESS}:{CLIENT_PORT}
iptables -t nat -I POSTROUTING 1 -d {CLIENT_LOCAL_IP_ADDRESS} -p tcp --dport {CLIENT_PORT} -j SNAT --to-source {VPN_GATEWAY_IP}
iptables -I FORWARD 1 -d {CLIENT_LOCAL_IP_ADDRESS} -p tcp --dport {CLIENT_PORT} -j ACCEPT
Related videos on Youtube
kym8886
Updated on September 18, 2022Comments
-
kym8886 over 1 year
I ran into the same problem described Port forwarding using VPN client, but unsuccessfully.
I have a OpenVPN access server version 2.5 and a client configured with a site-to-site routing. Both client and server can communicate with each other by using the private IP addresses. On the client, there is an Apache server which listen on port 8081.
The goal is to be able to connect to the OpenVPN server public IP, and have it forward the connection to the client, so that the user can access the Apache server behind
My current setup is:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 8081 -j DNAT --to-dest 192.168.2.86:8081
iptables -t nat -A POSTROUTING -d 192.168.2.86 -p tcp --dport 8081 -j SNAT --to-source 10.0.2.42
Is there something simple I'm doing incorrectly? Thank you.
-
kym8886 almost 6 yearsThanks @timothy-baldwin for the reply. Actually, I copied the wrong port . The correct one is 8081, as you pointed out.
-
Keith almost 6 yearsDoes this encrypt the traffic through the vpn tunnel?
-
kym8886 almost 6 yearsYes, the traffic between the OpenVPN server and the clients is encrypted.