OpenVPN Support Forum

I am running Access Server in AWS, and I have a web server running at port 5000 in my VPN client.
I would like to forward all port 5000 traffic to my client.
Tried using IpTables but unfortunately does not reflect my commands from the command line. Currently trying the configuration with NFtables but still not forwarding traffic to my client's web service.


nft 'add chain nat POSTROUTING { type nat hook postrouting priority 100 ; }'
nft 'add chain nat PREROUTING { type nat hook prerouting priority -100; }'

nft 'add rule nat PREROUTING ip daddr 172.31.29.25 tcp dport {5000} dnat 192.168.10.66:5000'

nft add rule nat POSTROUTING masquerade

----------------------------------------------

EC2 private IP: 172.31.29.25
VPN client IP: 192.168.10.66

I am setting this up since my home network is under CGNAT. I hope someone can help me out.

To forward traffic from port 5000 to your VPN client's web server, you can try the following steps:

1: Make sure you have the necessary administrative privileges to configure the network settings.

2: Check if IP forwarding is enabled on your Access Server instance. Run the following command to verify:
sysctl net.ipv4.ip_forward
If the output is net.ipv4.ip_forward = 1, then IP forwarding is already enabled. If not, you can enable it by running:
sysctl -w net.ipv4.ip_forward=1

3: Set up port forwarding using iptables. Run the following command:
css
iptables -t nat -A PREROUTING -p tcp --dport 5000 -j DNAT --to-destination 192.168.10.66:5000
This command forwards incoming traffic on port 5000 to your VPN client's IP address and port.

4: Enable IP masquerading to allow the response packets to be routed back to the source. Run the following command:
css
iptables -t nat -A POSTROUTING -j MASQUERADE
Make sure to save the iptables rules so they persist across reboots.

Please note that the above steps assume you're using iptables. If you prefer using NFtables, the syntax may vary slightly, but the general concept remains the same.

After applying the necessary configuration, you should be able to access your web server running on your VPN client from outside the network using the EC2 instance's public IP address and port 5000.

If you continue to experience issues, it may be helpful to consult the documentation for your specific VPN server software or seek assistance from their support channels.

Hi,

You can setup DMZ in Access Server. Please check the below guide if that is what you are trying to achieve.
https://openvpn.net/vpn-server-resource ... ss-server/

Regards,
.\kionci

Just a gratitude post for @tieumyxinhdep. With those 3 commands I was able to configure my public cloud server to accept traffic on a port of my choice and pass it through the OpenVPN layer to a client machine in another location running a web server and it works flawlessly.