Avoid CGNAT using OpenVPN and Azure

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
simzik
OpenVpn Newbie
Posts: 1
Joined: Tue Apr 20, 2021 6:08 am

Avoid CGNAT using OpenVPN and Azure

Post by simzik » Tue Apr 20, 2021 6:09 am

i am working on a Problem and got really stuck. My ISP is using CGNAT, therefore all my Devices are not accessible from WAN via Port Forwarding. I want to build a small box (RPI) that automatically connects to my VPN and tunnels all traffic through it. Like this i can avoid CGNAT everywhere i go. My Idea is to use a OpenVPN Server on Azure and Tunnel all my Devices to this VPN Server through the Box. I use the following Setup: I used portforwarding in the Azure GUI Destination IP (LAN Device) Destination Port (2223 ssh)

Image

i sucesfully can establish a connection to the openvpn server from the gateway The Lan Device also has the public WAN-IP of the Azure Server afterwards. Hence VPN is working fine.

I can ping the Lan Device from the Azure Server (ping 192.168.1.129) But i can not establish a connection when i use the public ip "ssh root@20.52.XXX.XXX -p 2223"

How can i forward the traffic from the WAN IP into the VPN Tunnel in Azure? I tried all combinations of source ip and destination ip and port and none is working. From my Understanding Destination IP should be the LAN IP Home and Destination Port should be 22 Source IP should be any and source port should be 2223.

Any help is highly aprreciated

Thank you

300000
OpenVPN Expert
Posts: 510
Joined: Tue May 01, 2012 9:30 pm

Re: Avoid CGNAT using OpenVPN and Azure

Post by 300000 » Tue Apr 20, 2021 12:57 pm

If you want to do that you need to configure site to site so from outside you can access to your lan . let change some from server and make ip forward and NAT on client so it will work for you.

what is OS you install client at home and pucbic all config in here . remove certificate and personal info so we can look at it and offer you a help.

Post Reply