Joined: 16 Apr 2018 Posts: 107 Location: Milwaukee, WI
Posted: Sat Jul 17, 2021 6:08 Post subject: Port Forwarding OpenVPN Access Server Instance to VPN client
I am running an Amazon EC2 OpenVPN Access Server instance, that is successfully serving as a VPN provider to my DDWRT Router. I am also running a web server behind my DDWRT Router. I have sucessfully forwarded ports 443 and 80 on my openvpn access server instance, to any vpn client that connects to it. I have tested the Access server VPN by sucessfully installing openvpn client on my server, and tunneling the webserver through it, so I can access my webserver on my Amazon IP address (the vpn servers ip address). THIS SCENARIO WORKS!
For the sake of vpn speed, and using less resources on my web server, I would like to instead use my ddwrt router to connect to the OpenVNP-AS instance as a client, and then push its IP address to my web server. AGAIN, THIS HAS BEEN ACCOMPLISHED!
When I plug my web server into my ddwrt router, it successfully connects to the Amazon OpenVPN-AS and uses it's IP address and DNS address. NOW, The only thing left to do, is to forward ports 443 and 80 from the tunnel on the ddwrt router, to the web server client behind the ddwrt router. THIS configuration would essentially be the exact same if using port forwarding from a corporate VPN Server or any other VPN server such as Mullvad VPN, or IPVanish, etc. etc. The only problem I am having is forwarding ports from the tunnel on the DDWRT Router, to the client web server plugged into the DDWRT Router. So the question is,
How can I forward ports 443 and 80 from the vpn tunnel, onto the vpn client connected to the ddwrt router? _________________ DanRanRocks - Tech Tutorials by Dan Ran
Basically a port forward is a FORWARD rule and a DNAT rule, supposing your client is 192.168.1.89 and the VPN client is using tun1 it should be something like:
If you do not enable (tick) the "Inbound firewall on TUN" you do not need the FORWARD rule
In your case as it is a trusted VPN server you do not need the firewall and can even consider to do a site-to-site setup in that case you do no need the port forward at all you just forward the port on your server to the attached ddwrt router.
See the paragraph about site-to-site setup in the OpenVPN server setup guide, link in my signature.
As @egc suggests, since YOU control the remote OpenVPN server (unlike the case of a commercial service provider), you technically don't need to be port forwarding from that server into your home network. Just configure the OpenVPN connection as site-to-site, making the home network known to the server. Now any port forward on the VPS side is routed directly into the home network.