Jump to content
TorGuard
  • 0
Spetke

Torguard, Pfsense and port forwards

Rate this question

Question

Spetke

Has anyone here been able to successfully forward ports to a client behind a PFsense router?

I have spent hours researching this to no avail.

 

Any pointers to a suitable guide?

 

br,

 

spetke

Share this post


Link to post
Share on other sites

12 answers to this question

Recommended Posts

  • 0
Morpheus

If this is going to be an issue, then it is a definite problem as I'm thinking about moving to pfSense.

First of all, have you contacted support?

I thought I could just convert my existing iptables to work with pfSense?

Below are my iptables for opening a port, but it also requires things to be done on Torguards part to make it happen.

iptables -I FORWARD -i tun1 -p udp -d 1.1.1.1 --dport 1234 -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d 1.1.1.1 --dport 1234 -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 1234 -j DNAT --to-destination 1.1.1.1
iptables -t nat -I PREROUTING -i tun1 -p udp --dport 1234 -j DNAT --to-destination 1.1.1.1

Share this post


Link to post
Share on other sites
  • 0
mrsudo

Bump.. I've forwarded ports 51413, and 6881 here on torguard, but I'm confused why i'd forward them to 1912 (or the other 7 options). Then if I check the status of a port (https://www.yougetsignal.com/tools/open-ports/) it still says 51413 and 6881 are closed, but 1912 is open.. that's the opposite of what I want no?

Share this post


Link to post
Share on other sites
  • 0
19807409
26 minutes ago, mrsudo said:

Bump.. I've forwarded ports 51413, and 6881 here on torguard, but I'm confused why i'd forward them to 1912 (or the other 7 options). Then if I check the status of a port (https://www.yougetsignal.com/tools/open-ports/) it still says 51413 and 6881 are closed, but 1912 is open.. that's the opposite of what I want no?

 

No it is not, each time you load that page it will show you default suggestion and not your current setting (probably has to do with security or missing code part, just assumption).

You can check torguard's specifications page and you will see which ports are used for which encryption etc.

I experienced some issues with portforwarding openvpn, openconnect works perfectly, make sure you choose openconnect on your forward request if you want to use openconnect.

Back to your question, if you are unsure which port you have choosen, simply edit your request and change it to whatever you wish, it is immediately available then (if your client is connected, reconnect after it).

@Spetke

I am not using Pfsense, but you have to 1. open port, 2. allow port forward, I guess it would work similar/same way as openwrt does and there are plenty of users using pfsense, maybe somebody who uses will reply with exact commands.

Share this post


Link to post
Share on other sites
  • 0
19807409
9 minutes ago, mrsudo said:

So, I have these ports forwarded to my torguard IP (see image below). yet, if I test with this website: https://www.yougetsignal.com/tools/open-ports/ I see those ports are closed.. How is this correct?

Screen Shot 2020-06-15 at 7.45.25 PM.png

 

First of all, you need to connect with a protocol settings that you forward to. According to your question about the port 1912 I am not sure if I do not understand you or that you do not know why there are those numbers, thats why I posted specifications for openvpn. To make it less complicated, I will make example with torguard client.

1. Port forward your ports as in picture you posted. Assumed request is done for openvpn connected over port 1912 and tcp protocol

2. In your torguard client, choose openvpn as protocol, 1912 tcp as port.

3. Connect

4. Test now if your port is open (make sure your soft is also listening on that port)

 

If that works, then you know that port forwarding works and you can go on with setting it on your pfsense.

Share this post


Link to post
Share on other sites
  • 0
mrsudo

Yeah sorry if I'm not understanding. My example is basically following your steps:

1. I've forwarded those ports in torguard. as shown in the image. I used port 1912 because that is what I'm connecting to with my client. 

2. In pfsense, I have successfully connected using UDP to torguard's vpn server on port 1912. 

3. Connected.

4. My software is telling me that ports 51413 and 6881 are still closed. 

 

It's ok, thanks for the help, I'll keep playing around and come back here and update when I find something. It just seems as though I've done everything right. But Idk.

Share this post


Link to post
Share on other sites
  • 0
19807409
14 minutes ago, mrsudo said:

Yeah sorry if I'm not understanding. My example is basically following your steps:

1. I've forwarded those ports in torguard. as shown in the image. I used port 1912 because that is what I'm connecting to with my client. 

2. In pfsense, I have successfully connected using UDP to torguard's vpn server on port 1912. 

3. Connected.

4. My software is telling me that ports 51413 and 6881 are still closed. 

 

It's ok, thanks for the help, I'll keep playing around and come back here and update when I find something. It just seems as though I've done everything right. But Idk.

 

I can only help as far as you allow it and try it exactly the way suggested. You did not connect in the way which I suggested, I specifically wrote to use official TorGuard Client on your local pc, as that is working 100% which would simply assure you that port forwarding works and you can restrict your research on your local network.

By that, I would still suggest you to actually follow it exactly. I am port forwarding since years and never had issue, port request page maybe could be with more instructions, but in general it is self explaining.

Back to your pfsense, you do not need to open any ports on your WAN side unless you have wan zone to which you added your vpn connection, if your vpn is in same zone as your lan interface, then you simply need to port forward the port from local device (vpn interface) to your lan, thats all.

 

EDIT: You say "UDP to torguard's vpn server on port 1912. ", for that, you must ensure that port porward request is for port 1912 UDP, not TCP. If you portforward 1912 tcp, it means only on that connection is forwarded, connecting over 1912 UDP is another connection for which you probably did not set port forwarding, however, if your pfsense is misconfigured, you will hardly find out if port forwarding is not working our your iptables have wrong entries.

Share this post


Link to post
Share on other sites
  • 0
mrsudo

I'm not connecting to TorGuard with the local pc.. because my setup is about 12 virtual machines running on servers. I already have torguard configured, connected, and routing certain ips over the torguard gateway. This is so I can control which machines flow traffic over the vpn. 

I will wait for someone else to help, thanks. 

Share this post


Link to post
Share on other sites
  • 0
19807409
3 minutes ago, mrsudo said:

I'm not connecting to TorGuard with the local pc.. because my setup is about 12 virtual machines running on servers. I already have torguard configured, connected, and routing certain ips over the torguard gateway. This is so I can control which machines flow traffic over the vpn. 

I will wait for someone else to help, thanks. 

I hope that you will find then somebody :) else, however, last 20 people who asked for help about port forwarding, it turned out they port forwarded for one specific connection over some port and tcp and connected over different ports and udp. You seem not to be willing to check at all for yourself if your port is working to split if your issue is at all about torguard which is not. However, hope you accomplish your goal or somebody does it for you, in such cases best option is contact support. Wish you a nice evening.

Share this post


Link to post
Share on other sites
  • 0
mrsudo

I mean you have all my info.. I am connected to torguard UDP port 1912.. and above you see my port forward settings are all set to forward to 1912 UDP as well. 

Share this post


Link to post
Share on other sites
  • 0
19807409
12 minutes ago, mrsudo said:

I mean you have all my info.. I am connected to torguard UDP port 1912.. and above you see my port forward settings are all set to forward to 1912 UDP as well. 

You have nowhere in your screenshot or posts any information about if you did request port forward over 1912 TCP or UDP. I can only see which ports you want to forward, and none of them has anything to do with port opening request.

Simply go to your port request page, change there port to 1912 and UDP not TCP, then your connections from your config should work. Anyway, as mentioned many times before, spare you a hassle and time in waiting and check if you get your port forward with official client, then you are sure that your pfsense is wrongly configured if port forward works. I really would suggest you to contact torguard for more help and be aware, support can guarantee only for official client and first question that you will be asked if port forwarding with official client works, regardless if you run 12 vms behind or if it is a gateway for a corporation. Have to go now anyway, hope you resolve your issue soon.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...