Do i need to manually forward non standard ports on the OpenVPN server?

This forum is for general conversation and user-user networking.
Post Reply
postcd
OpenVpn Newbie
Posts: 9
Joined: Sun Jan 24, 2016 9:22 pm

Do i need to manually forward non standard ports on the OpenVPN server?

Post by postcd » Mon Jun 12, 2017 4:32 pm

Hello,

i am having CentOS Linux on which is installed OpenVPN server.

OpenVPN client is on the Windows 10 PC. And a developer of the computer software (PC game) that i am running on the client PC recommends forwarding UDP ports 27000-30000 on my home firewall/router to my PC in order for the SW to work well.

Question is if i need to setup port forwarding on my home router or also on my remote linux openvpn server? Which Linux command should i run on the vpn server?

I am using OpenVPN client on my home PC (Windows based), the PC itself is the client, router is not used to setup the VPN.

Thank you

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2809
Joined: Fri Jun 03, 2016 1:17 pm

Re: Do i need to manually forward non standard ports on the OpenVPN server?

Post by TinCanTech » Mon Jun 12, 2017 4:45 pm

What has this got to do with openvpn ?

postcd
OpenVpn Newbie
Posts: 9
Joined: Sun Jan 24, 2016 9:22 pm

Re: Do i need to manually forward non standard ports on the OpenVPN server?

Post by postcd » Mon Jun 12, 2017 5:03 pm

As a noob i do not know the background of how OpenVPN forwards traffic or handle it.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2809
Joined: Fri Jun 03, 2016 1:17 pm

Re: Do i need to manually forward non standard ports on the OpenVPN server?

Post by TinCanTech » Mon Jun 12, 2017 5:13 pm


postcd
OpenVpn Newbie
Posts: 9
Joined: Sun Jan 24, 2016 9:22 pm

Re: Do i need to manually forward non standard ports on the OpenVPN server?

Post by postcd » Mon Jun 12, 2017 8:27 pm

Thx, here is the server.conf:
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
openvpn --version
OpenVPN 2.3.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 23 2016
library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_pthread=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
tail /var/log/messages
Jun 12 16:21:18 vps openvpn[819]: event_wait : Interrupted system call (code=4)
Jun 12 16:21:18 vps openvpn[819]: OpenVPN CLIENT LIST
Jun 12 16:21:18 vps openvpn[819]: Updated,Mon Jun 12 16:21:18 2017
Jun 12 16:21:18 vps openvpn[819]: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Jun 12 16:21:18 vps openvpn[819]: ROUTING TABLE
Jun 12 16:21:18 vps openvpn[819]: Virtual Address,Common Name,Real Address,Last Ref
Jun 12 16:21:18 vps openvpn[819]: GLOBAL STATS
Jun 12 16:21:18 vps openvpn[819]: Max bcast/mcast queue length,0
Jun 12 16:21:18 vps openvpn[819]: END
The server is CentOS 6.7 Linux x64 OpenVZ (virtual) server, the network interface is venet0, iptables firewall, i hope it helps to understand whether any or which additional configuration is needed to make the VPN server properly "forward/redirect" traffic at the port range i mentioned.

postcd
OpenVpn Newbie
Posts: 9
Joined: Sun Jan 24, 2016 9:22 pm

Re: Do i need to manually forward non standard ports on the OpenVPN server?

Post by postcd » Thu Jul 06, 2017 11:30 am

No solution yet.
By the way, how can i tell openvpn server not to proxy/forward traffic from ceretain host (or in another words block it)?
i tried to add "ALL: hostname.com" inside /etc/hosts but not luck, 1.2.3.4.hostname.com can still connect thru the openvpn

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2809
Joined: Fri Jun 03, 2016 1:17 pm

Re: Do i need to manually forward non standard ports on the OpenVPN server?

Post by TinCanTech » Thu Jul 06, 2017 12:07 pm

You need to use iptables to filter packets and forward ports.

Post Reply