Jump to content
Not connected, Your IP:
Sign in to follow this  

ANSWERED Port Forwarding not working (FreeBSD OpenVPN)

Recommended Posts

I have installed OpenVPN client on my FreeBSD file server at home.  I've used 'other' config file and it's working fine, I can ssh out to my work servers, browse the web and all that good stuff, my external IP is obviously the open AirVPN assigned to my vpn connection.

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        inet6 fe80::214:d1ff:fe1d:3bbb%tun0 prefixlen 64 scopeid 0x6
        inet --> netmask 0xffff0000
I've forwarded two ports, one for torrents, and one for ssh.  Neither port is working.  For example, I've setup 56602 for torrents.  I've started transmission, and it's listening on the port in question:

# netstat -an | grep 56602
tcp6       0      0 *.56602                *.*                    LISTEN
tcp4       0      0       *.*                    LISTEN
udp4       0      0       *.*

# lsof -p 52166 | grep 56602
transmiss 52166 transmission    9u    IPv4 0xfffff8001e4e8c00       0t0      TCP (LISTEN)
transmiss 52166 transmission   10u    IPv6 0xfffff8003f3fe000       0t0      TCP *:56602 (LISTEN)
transmiss 52166 transmission   11u    IPv4 0xfffff8000e44d580       0t0      UDP
I do see incoming packets on tun0:
# tcpdump -i tun0 port 56602

18:06:06.853682 IP ********.56966 > Flags , seq 644910569, win 8192, options [mss 1352,nop,wscale 2,nop,nop,sackOK], length 0
18:06:07.132328 IP ********.53676 > Flags , seq 2949838881, win 8192, options [mss 1352,nop,nop,sackOK], length 0
18:06:06.759788 IP ********.18848 > UDP, length 20
18:06:06.820983 IP ********.58101 > UDP, length 20

But nothing going back from my host (I've replaced actual ips with '********').

My firewall is open:


# ipfstat -i | grep 56602
pass in quick on tun0 inet from any to port = 56602
Any ideas on what I am doing wrong?

Share this post

Link to post


18:06:06.853682 IP ********.56966 > Flags , seq 644910569, win 8192, options [mss 1352,nop,wscale 2,nop,nop,sackOK], length 0
this *** IP is WAN or...? They should be either of the port-forwarding page checker, or from random Torrent clients in the world.
There is no really point in replacing them, AirVPN's servers IPs are public anyway.
I suggest you to check with SSH anyway, because then you can control the traffic, unlike with torrents in most cases.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

Never mind, I figured it out.  My problem was that some time in the past I switched from using 'ipf' to 'pf' firewall (probably for fail2ban purposes).  However I completely forgot about it since I rarely mess with my FreeBSD file server.  So I needed to edit /etc/pf.conf and allow some connections on tun0 interface.


Btw, I didn't know this but in case anyone finds this useful to watch pf log in real time do this:


#   tcpdump -n -tttt -e -i pflog0

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

  • Create New...